Link
Embed
Share
Beginning
This slide
Copy link URL
Copy link URL
Copy iframe embed code
Copy iframe embed code
Copy javascript embed code
Copy javascript embed code
Share
Tweet
Share
Tweet
Slide 1
Slide 1 text
Burp SuiteͷศརͳػೳͰ όάόϯςΟ No1zy
Slide 2
Slide 2 text
ࣗݾհ • twitter: @no1zy_sec • ใܥઐֶੜ • ৽ถόάϋϯλʔ • ڈͷ֫ಘใۚ૯ֹ 612ສԁ
Slide 3
Slide 3 text
όάϋϯλʔBurp Suite͕େ͖ The 2019 Hacker Report
Slide 4
Slide 4 text
Կ͕ศརʁ • Web Penetrationʹඞཁͳػೳ͕ॆ࣮͍ͯ͠Δ • Pro൛Ͱར༻Ͱ͖Δػೳ͕ڧྗ
Slide 5
Slide 5 text
հ͢Δศརػೳ 1. Burp Collaborator client 2. Find Script 3. Analyze target શͯPro൛ͷΈͰར༻Ͱ͖Δ
Slide 6
Slide 6 text
1. Burp Collaborator client
Slide 7
Slide 7 text
Burp Collaborator client • ֎෦ͷͪड͚αʔόʔͱͯ͠ͷׂΛ࣋ͭ ػೳ • Out-of-boundͳ௨৴͕ൃੜ͢Δ߈ܸΛൃݟ͢ Δͱ͖ʹ༗ޮ • DNS, HTTP/HTTPS, STMP/SMTPSʹରԠ
Slide 8
Slide 8 text
͍ํ 1. Burp > Burp Collaborator clientΛΫϦοΫ
Slide 9
Slide 9 text
͍ํ 2. Copy to clipboardΛΫϦοΫ
Slide 10
Slide 10 text
͍ํ $ curl http://fn6i69eh10k070ymmdjzeicppgv6jv.burpcollaborator.net ଓςετ
Slide 11
Slide 11 text
͍ํ • ϦΫΤετΛ֬ೝ͢Δ
Slide 12
Slide 12 text
SSRFͷςετྫ GitLabͷϦϙδτϦΠϯϙʔτػೳ
Slide 13
Slide 13 text
SSRFͷςετྫ ίϯςϯπΛऔಘ͢ΔΑ͏ͳϦΫΤετ͕ ൃੜ͢ΔػೳɺSSRF͕Մೳͳ߹͕͋Δ
Slide 14
Slide 14 text
http://127.0.0.1:22 SSRF Payload
Slide 15
Slide 15 text
SSRFͷςετྫ Ϩεϙϯε
Slide 16
Slide 16 text
http://127.0.0.1:4444 SSRF Payload
Slide 17
Slide 17 text
SSRFͷςετྫ Ϩεϙϯε
Slide 18
Slide 18 text
ΤϥʔϝοηʔδͷࠩҟΛ ར༻ͯ͠ϙʔτεΩϟϯ͕Մೳ
Slide 19
Slide 19 text
No content
Slide 20
Slide 20 text
2. Find Script
Slide 21
Slide 21 text
Find Script • JavaScriptϑΝΠϧΛऩू͢ΔతͰ༻͢Δ • APIΤϯυϙΠϯτͷൃݟɺAPIΩʔͳͲͷػ ີใɺ੬ऑੑʹͳΓಘΔίʔυͷൃݟͳͲ ʹཱͯΔ͜ͱ͕Ͱ͖Δ
Slide 22
Slide 22 text
͍ํ 1. Engagement tools > Find scriptsΛΫϦοΫ ͏s
Slide 23
Slide 23 text
͍ํ • JavaScriptϑΝΠϧ͕Ϧετ͞ΕΔ
Slide 24
Slide 24 text
͍ํ • Export scriptsͰϑΝΠϧʹநग़Ͱ͖Δ
Slide 25
Slide 25 text
APIΤϯυϙΠϯτͷಛఆ 1. JavaScriptίʔυ͕ଘࡏ͢ΔURLΛऩू 2. JSParserͳͲͷπʔϧΛ༻͍ͯAPIΤϯυϙ ΠϯτΛಛఆ͢Δ
Slide 26
Slide 26 text
JSParser
Slide 27
Slide 27 text
1. JavaScriptίʔυ͕ଘࡏ͢ΔURLΛऩू 1. Find ScriptͰURLΛϦετ͢Δ 2. Copy selected URLsΛΫϦοΫ
Slide 28
Slide 28 text
HistoryͷϑΟϧλϦϯάػೳͰ༻Մೳ 1. Proxy > History > ϑΟϧλʔઃఆΛ։͘ 2. Show only ʹνΣοΫ͠ js ͱೖྗ
Slide 29
Slide 29 text
HistoryͷϑΟϧλϦϯάػೳͰ༻Մೳ 3. ΞΠςϜΛશબ͢Δ
Slide 30
Slide 30 text
HistoryͷϑΟϧλϦϯάػೳͰ༻Մೳ 4. Copy URLsΛΫϦοΫ
Slide 31
Slide 31 text
2. APIΤϯυϙΠϯτΛಛఆ͢Δ 1. ίϐʔͨ͠URLΛషΓ͚ 2. JSParseΛΫϦοΫ
Slide 32
Slide 32 text
৽ͨͳϦιʔεΛಛఆ͢Δ͜ͱͰ੬ऑੑΛൃݟ Ͱ͖Δ֬Λ্͛Δ 2. APIΤϯυϙΠϯτΛಛఆ͢Δ
Slide 33
Slide 33 text
3. Analyze target
Slide 34
Slide 34 text
Analyze target • Ͳͷύϥϝʔλ͕Կճ༻͞Ε͍ͯΔ͔Ѳ Ͱ͖Δ • ੬ऑੑͷԣల։ύϥϝʔλϕʔεͰ੬ऑੑ Λ୳͍ͨ࣌͠ʹ༗ޮͳ߹͕͋Δ
Slide 35
Slide 35 text
͍ํ 1. Engagement tools > Analyze target ΛΫϦοΫ
Slide 36
Slide 36 text
͍ํ ղੳ݁ՌΛ֬ೝ͢Δ
Slide 37
Slide 37 text
Happy Hunting!