Parsia's Den

Because no one wants to be the other guy from Wham!

Mar 27, 2016 - 9 minute read - Comments - Burp Thick Client Proxying

Thick Client Proxying - Part 1: Burp Interception and Proxy Listeners

Burp is not just used for web application testing. I usually use it during mobile and thick client tests. If the application is using HTTP methods then Burp is your best friend.

I am going to document a bunch of Burp tips and tricks that have helped me during my work. One purpose is to share it with the world and not be the other gun from Wham! (:D) and the other is to have it in an accessible place (similar to the cheat sheet in the menu).

This part one I talk about Interception and Proxy listeners which are configured via Proxy > Options.

At the time of writing the current version of Burp Pro is 1.6.39 and most items should apply to the current Burp Free version (1.6.32). Most settings have not changed since I started working with Burp (v1.5). You can download Burp from: https://portswigger.net/burp/download.html.

When I started this, I did not think I have so much stuff to write about Burp. So I divided it to different parts. Please not that this is not targeted towards web application testing so I may have skipped some functionalities. If you have any favorite tips or usecases and want them included with credit please let me know, as usual feedback is always welcome.

Feb 21, 2016 - 4 minute read - Comments - Burp Tutorial

Installing Burp Certificate Authority in Windows Certificate Store

I was writing another blog post and I realized that I keep repeating how to do the same things, so I decided to write some tutorial-ish things and just link them.

Burp uses custom certificates to Man-in-the-Middle (MitM) the traffic. All of these certificates are signed by Burp’s root Certificate Authority (CA). Each installation of Burp generates its own root CA that needs to be installed in the browser or Operating System’s certificate store to be recognized properly. Otherwise browsers will return warnings and some thick client applications will not recognize these certificates as valid.

Each installation of Burp generates its own root CA so it is unlikely that others can gain access to it and sign certificates to MitM your connection. To get the certificate’s private key, the attackers need to get to your local machine and if so they have better ways to look at your traffic anyway.

Alternate instructions by Portswigger: https://support.portswigger.net/customer/en/portal/articles/1783075-installing-burp-s-ca-certificate-in-your-browser

For instructions on installing/removing Burp’s CA in other browsers and devices please use Portswigger’s website: https://support.portswigger.net/customer/en/portal/articles/1783075-installing-burp-s-ca-certificate-in-your-browser.

Note: These instructions are for Burp version 1.6.37 Pro and 1.6.32 Free. As long as I remember (v1.5) these instructions have not changed, although they may change in the future but I really doubt it.

Feb 2, 2016 - 7 minute read - Comments - Migration to Hugo Not Security

From Octopress to Hugo

In my previous post I talked about why I moved from Octopress to Hugo. You can also see the last archive of my Octopress blog (previously a private repo on Bitbucket) on github and this is the new site. If I had wanted to use an already existing Hugo theme, it would have not taken more than a few hours.

In this post I am going to talk about how I managed the migration and any interesting things that I encountered in the process. I will also introduce the Hugo-Octopress theme (you are looking at it), which is the classic Octopress theme ported to Hugo. If you like what you see, please go ahead and use it. If there are any issues please use the Github issue tracker or contact me another way. I will try my best to fix them but please remember that I am not a developer and do not know much about css :).

Jan 31, 2016 - 5 minute read - Comments - Migration to Hugo Not Security

Why Hugo?

As you may have noticed (well no one reads this so I am fine), I have moved from Octopress to Hugo. I have been trying to make this change for a while but due to laziness and some other matters it did not happen. I am going to talk about why I decided on the move and what I did. In then ext post I will talk about my migration from Octopress to Hugo.

Nov 14, 2015 - 23 minute read - Comments - Reverse Engineering

Intro to .NET Remoting for Hackers

This is a simple tutorial about .NET Remoting. I am going to re-create a very simple RCE and local privilege escalation that I encountered in my projects and use it to explain .NET Remoting and simple debugging in dnSpy.

In this post we will:

  1. Do a brief introduction to .NET Remoting
  2. Develop a simple .NET Remoting client and a vulnerable server in Visual Studio
  3. Observe .NET Remoting traffic
  4. See .NET Remoting in action by doing some basic debugging with dnSpy
  5. Re-create the vulnerable application
  6. Use dnSpy to patch and create modified .NET modules to exploit our sample vulnerable server

If you know of any applications that use .NET Remoting please let me know. I want to look at them.