What do I need?

• An old laptop with an Ethernet port and a Wireless adapter
• Ubuntu running on the old laptop. Any Linux will do, but this guide will show you with Ubuntu 14.04
• Burp running on any computer on your local network

Here is how it works

Step 1. Configure the laptop as a Wireless Router

Hook the laptop up to the local network using the Ethernet adapter and make sure you can browse the Internet (using the Ethernet adapter).

Follow these steps to configure using Network Manager a new wireless network in infrastructure mode;

1. Untick the enable wifi option to temporarily disable the WIFI
2. Select edit connections
3. Add new wireless network (set ssid and mode to infrastructure)

4. Name the access point (mytestingaccesspoint)
5. In IPv4 change method to "Shared to other computers", this is a quick way to sort out DHCP and NAT for your new wireless network.

6. Set security (set a password)

Edit the file /etc/NetworkManager/system-connections/mytestingaccesspoint

Find the line that has mode=infrastructure and change it to mode=ap. This is required as AP is not an option in Network Manager. Note that not all wireless cards support the AP mode.

Once you have this network (mytestingaccesspoint) enabled, your wireless devices should be able to see it and connect using the password you have set.

If you can browse the network from your mobile device, on your laptop you will see two different IP ranges for your wireless adapter (wlan0) and the ethernet (eth0) adapter. The Ubuntu laptop is forwarding the traffic from the new wireless network onto the Ethernet network and out to the internet.

Try tcpdump -i wlan0 on the laptop. Fire up some apps on your phone or a browser. You should see traffic; this is your mobile device traffic. If your wireless device is not wlan0 you will need to use the correct device in the forward rule below so make sure this works.

That concludes the first part of the guide, getting the mobile device traffic to route through a Linux enabled system.

Step 2. Forward Traffic to Burp for Transparent Proxying

In the second part of the guide we will use an iptables NAT table rule to forward all HTTP port 80 traffic to the Burp Proxy running on another system.

Once we get the HTTP traffic into the Burp proxy server we can view, intercept and even inject on HTTP requests.

It only takes one line, on your Linux based router (the laptop).

iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j DNAT --to 192.168.1.100:8080

Now in Burp you need to set the proxy to listen on all IP addresses and there are two other options that are required for transparent proxying.

1. Select the Proxy Tab | Options | Edit the Running Proxy | Change to Bind All interfaces

2. While you are here select "Request Handling" and tick the option to Support invisible proxying (if you need this). Without it you will likely get an error when you attempt to proxy the HTTP traffic transparently.

3. Still on the Proxy Options Tab, scroll down to the bottom and select the "Allow Requests to web interface using fully qualified DNS hostnames"

dd-wrt as an alternative

If you have a compatible router you might be able to use dd-wrt or other firmware project to install Linux on your SOHO router. With Linux on your router you could use a similar port forward rule to push port 80 traffic to burp. There are lots of options available, one of the advantages of the old laptop method is if you mess up on the Laptop the rest of the household can still use the Internet (unless of course you really mess it up). Have fun...

The post Proxy your Phone to Burp appeared first on HackerTarget.com.

A note on Zed Attack Proxy (or ZAP Proxy) and Burp suite, these are the two intercepting tools with many functions similar to webscarab. Often it comes down to personal preference; so whatever you chose could be plugged into the chain in place of webscarab.

Download the latest version of Webscarab
Download the latest version of Ratproxy

To run webscarab we must make the jar file executable.

chmod +x Downloads/webscarab-one-20120422-001828.jar

Then I simply went to Nautilus and browsed to Downloads, right click on the webscarab file and select open with OpenJDK 7.

To install ratproxy, untar it. Then type "make" in the directory. This will build the ratproxy executable.

The Ratproxy readme file contains good information about the tool and the massive amount of command line configuration options available.

Webscarab is running on 127.0.0.1:8008 and we will run ratrpoxy on the default port of 127.0.0.1:8080

Note the command line we are going to use includes active attacks. The domain we are using is testasp.vulnweb.com a common web application security testing site.

If you are running this ensure you have permission to scan the site / domain you include in the ratproxy command line. The XC option means ratproxy will perform active attacks. If this is immitted the security testing is more passive in nature and will not send attack packets to the target site.

./ratproxy -v vulnweb -w vulnweb.txt -d testasp.vulnweb.com -lfscm -XC -P 127.0.0.1:8008

Note the final parameters, this advised ratproxy to use an upstream proxy that is our webscarab proxy. The -v is the directory where the requests will be logged, the -w is the actual report which needs to be converted with the report script (see below).

Now we browse to the target site using 127.0.0.1:8080 as our browsers proxy.

Browse around and you will see the webscarab console being filled with your web requests. To see the ratproxy report go to the terminal where it is running and hit control-c. This stops the proxy and flushes the results to the report.

./ratproxy-report.sh vulnweb.txt > report.html

This generates the html report, which can be viewed in your browser.

Intercepting proxies are not plug and play, there are hundreds of configuration options and techniques for testing web applications. So go forth and start testing (with permission).

The post Webscarab and Ratproxy installation and chaining appeared first on HackerTarget.com.