Using Burp Suite to exploit OWASP Top 10 + Installation guide (Windows and Android)
Welcome to my series of Burpsuite installation and exploitation of OWASP Top 10 vulnerabilities.
These series will be divided into multiple parts because obviously its a big topic and i want to explain it in detail with examples and not bore you by merging everything in a single article.
We will go through each and every step a n00b needs to follow, starting from downloading it in your laptops, installing the Burp certificate into your mobiles, all the way to exploiting the OWASP Top 10 vulnerabilities using Burp.
Ever wondered why Burp Suite is used by every Pentester? if you are new to Pentesting and are looking for tools to start with which will help you exploit OWASP Top 10 vulnerabilities, this is just the article you need.
We will first start from downloading burp. You can visit their site at: https://portswigger.net/burp/communitydownload to download their latest version.
After you download it, we need to set up our Burp with the browser to direct all the browser traffic through it. Burpsuite’s official site provides all these steps one by one at https://portswigger.net/support/how-to-use-burp-suite.
We are basically using burp as a proxy which shows our client-server traffic which is essential to inspect while performing a Pentest. A browser extension called FoxyProxy can be used or we can use the built in browser proxy settings to direct our browsing traffic through burp. The steps to do this are shown in the above picture.
For more info on the usages of Burp’s features, please refer to their site for a step by step guide: https://portswigger.net/support/getting-started-with-burp-proxy
Installing Burp Certificate in the newer Android API levels
In order to use Burp to intercept the request coming or going through an android mobile application, we need to install a burp certificate in our mobile in order to intercept the traffic. The usual way of doing that is all stated in the Portswigger’s Official site which is :
- On your android device, Open the browser
- Type in
http://burpsuite.com - On the top right, Press on CA Certificate
- Download the certificate
- Go to your file manager and rename
cacer.derto becacer.cer. - Install the certificate by navigating to Settings -> Wi-Fi — More options -> Advanced -> Install certificates
- Select the certificate and give it a name
Once the certificate is installed you can proxy SSL/TLS traffic as expected.
This was a traditional way of doing it, but Android made some changes starting from Nougat in its default behavior of trusting user installed certificates. So doing the traditional way is not possible anymore in the newer API levels.😤
Installing the burp CA as a system-level CA
Installing the burp CA as a system-level CA is one of the ways of installing the burp CA in the newer API levels.
In an Android device, you can see a list of all the trusted CAs by going to the Trusted Credentials options in settings. These CAs are stored in system/etc/security/cacerts and having root privileges means we can write to this location.
First of all, we need to export Burp CA certificate in DER format.
Yesss, i use dark themed Interface 😏
In android, when you need to add the certificate, it should be in PEM format so to do that, we will use Openssl for the conversion.
Use these commands for the conversion:
1) openssl x509 -inform DER -in cacert.der -out cacert.pem
2) openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head
-1
3) mv cacert.pem <"The hash value you will get from the result of second step">.0Note: If you are using an older version of OpenSSL, it is without the _old ex: subject_hash not subject_hash_old.
After this, we need to copy the certificate to our android device and to do that, we can use the famous tool called adb. Since we are copying this file to /system folder, it needs to remount it as writable and doing so is easy as root (adb remount).
1. adb root
2. adb remount
3. adb push <cert>.0 /sdcard/Now we have to move this file to the /system/etc/security/cacerts and change its permissions.
1. mv /sdcard/<cert>.0 /system/etc/security/cacerts/
2. chmod 644 /system/etc/security/cacerts/<cert>.0The last step would be to reboot it and that can be done either by typing adb reboot or by restarting the device directly.
After all this, the certificate should be visible under the Trusted Credentials in the security section in settings.
That’s all folks for this article. The next article will be about what OWASP Top 10 is and then later it will be 1 separate article for each vulnerability, so stay tuned and give this post a 👏 if you liked it.
