Uthena

Hello everybody and welcome back to the Linux commands part two tutorial.

Now as you may see right here, I have two terminals opened. One I will just write the commands as we do them and in the other one, I will put them in a text file. 

So I will open this command.txt. 

You don't have to open this file. This is just for me so I know which commands I covered, and which I didn't, and the other one, we will just test the commands in this one.

So before we begin, I just want to mention the command that we did in the previous video, which is the "cd" command. You now know that it stands for change directory and basically just change the directory to another directory from this terminal. 

Now, for example, let's say we want to go to the documents directory. We could just type here "cd Documents." But the question now is, if for example you wanted to go one directory back, how do you do that? 

Well, there comes the simple command which also starts with "cd," but instead of typing here a directory you can just here type ‘..’ which will basically lead you one directory back. 

So if I press enter right here, it will lead me back to the previous directory, to the root directory as you can see right here, print working directory we are again in the root. 

And if we type "ls" to list the current folders and files in this directory, we will once again see the documents right here. So basically I just wanted to mention that you can change directory with the "cd" command and you can also go one directory back.

So for example if you had let's say a directory in the documents directory, I just created it with the "mkdir" command, we also covered that in the previous video, it stands for Make Directory, you can see that now in the documents directory we have another one, another directory which I basically called just "directory". 

Also, let's go to that directory and you can see that our current path right now is /Documents/directory. 

Now, in order to go back two directories, you can just type here two times "cd," and then two dots, and then "cd," then two dots and now we are going to be back once again in the root directory.

So now that we got that out of the way, I will just type it right here so I know I covered that command, and we will clear the screen for the next command. 

Now, this one is a simple command for example if you wanted to check out on which account you are currently, which most likely you will be on the root account, you can just type here the command, which basically does what it says. 

It's "whoami."

The command basically just asks, “Who is the current user of this terminal?”

Right now, as we can see, it is root. 

You can just read it from here. You don't need to even write this command. You can just read it from this first word right here, which will most likely be root unless you have another account. 

We will cover in some next videos how to make another account, which could be useful because we do not want to run all our programs as a root user because it can be dangerous. 

So in another video, we will cover how to make another user, which you could use for some potentially dangerous programs. 

So now I will just write it right here. 

This is not really that useful command, but in case you forget or in case a user is named something differently than root you can just check here with the "whoami" command.

Now, there is a command that I used in the previous videos, but never really explained what it does. It's an important command, especially if you are running some of the programs or downloading the programs which are not executables and you want to make them an executable so you can run them in your terminal. 

Now, in order to demonstrate this command, I will just go and make a folder called "programs." As we can see, it is right here and I will change my directory into that program. 

Right now I will basically just create a simple Python program that we can just call "program.py." 

It doesn't really matter. 

Right here, I will just code a simple addition program. Just give me one second. It doesn't matter at the moment what I am doing, but we will be also covering Python later on.

For example, Enter first number, b will be for example Enter second number, and c will equal a * b.

Now, this is simple to understand. We basically ask for an input for two numbers you know, just making an addition and storing it in c. Then, we can basically just print that number, that c number, the result.

So we will just type here Result equals to “+ str(c)).

I hope this works. It should probably work.

So we have here a program called "program.py" now it is a Python program, but you might notice that if we try to run that program and you do that by typing here "." then "/" and then the name of the program, you will notice that it won't work.

It will say, “Permission denied.” 

Now, why is the permission denied? 

Well, if we use a command that we covered in the previous video, which is "ls - la" we can see all the files in the current directory, also the hidden files and our program.py.

Now, what interests us here is this part right here. Basically, these are just mods that are enabled for this file. 

R stands for Read, W that stands for Write, and X stands for Execute. 

Now, you might notice that in our program.py, we don't have an X which stands for Execute, therefore, we cannot really execute that program. In order to make that program executable we want to type here "chmod + x" and then the name of the program. 

Now, if I click here enter and type here "ls - la" again, you can see now that the program changed its color and not only the color, it also added the X which stands for, as I said, "executable." 

You can see the difference from here and from here, and that's how you can check if the program is executable or not. 

So now, let's clear the screen.

Now, if you wanted to, you can run the program. 

It will ask us, “Enter first number,” let's say 3, “Enter second number,” four, and it will say, “Result equals to 12.” 

Now, this command is important and you should learn.

It can be used to make any program that is not executable an executable. So now that we have got that command out of the way, I will just remove this. Well, actually I will leave it right here. Maybe we will use it for another command such as "cat." 

Let's cover that command right now.

The command "cat" basically just prints out the contents of the file into our own terminal as an output. 

So if we type here "cat" and then the name of our file, it will just print out the code that we just typed as you can see right here. It can be used so you don't really open the file in order to read it like this. You can just print it out in the terminal with the "cat" command and it will just print out all the contents from the file.

Now, that is not the main use of this command. Basically, the main use of this command would probably be in some of the bigger files where you just want to find a certain thing in them. 

In order to demonstrate what I mean, we will combine the "cat" command with another command called "grep." 

Now, basically what "grep" does is if you want to list for example a huge file with a bunch of words, and from that huge file you want to put aside all the words that contain "password" in them. 

Let me just demonstrate. Maybe it's easier if I demonstrate it. 

Now, we will create in programs file another file, which will be called words.txt and here we will just type here a bunch of words, then 123password123, then a bunch of words, and for example abcpasswordx, for example, and then a bunch of other random stuff.

Now, if we save this file, CTRL + O to save, enter to save under that name and CTRL + X to close.

We can see that right here we have that words.txt file. 

Now, in order to see the contents of that file, as I said we can just type "cat words.txt" and we will see all of those words. Here we can with our own eyes find all the words that contain "password" in them.

But let's say for example that this file was much bigger with millions and millions of words, you couldn't possibly just go through all of those words and just find by yourself all of those words that contain "password" in them. 

So what you want to do is combine the "cat" command with the "grep" command.

How do we do that? 

Well, basically we just start off the same command "cat words.txt" and then we basically pipe the "grep" command.

How do we pipe? 

Well, basically this straight line, just type it right here, then you type here "grep" and then the word that you want to be contained in the other words.

So for example "password" in our case. 

Now, what this will do, it will list all the words that contain the word "password" in them. As we see, it only listed two words which is "abcpasswordx" and "123password123."

So it is also a very important mix of two commands, which we will be using a lot. At least, I am using it a lot in my case. 

Let's continue with another command, which can be right now "echo."

Basically, with "echo" you can just add a word into another file without opening it. 

So, if we want to add "John" as a word into file words.txt. you just type "echo John" then this arrow that points to the right, and then "words.txt." 

As you can see, the command worked and right now if we "cat words.txt" it will only be "John."

Now, you might be asking, “Where did the other words go?” 

Well, if you use the "echo" command, it will basically rewrite the entire text file. So from those bunch of words, it basically deleted all of them and just put "John" in there. 

Now, if we use another word, let's say "echo Jake" into words.txt and we "cat" once again words.txt, we can see that John is no longer there, it's only "Jake."

So let me just type here the "echo" command.

One more thing you want to know, which I probably should have mentioned at the beginning and it is really important, is this command right here "apt update" & "apt -upgrade."

Now, this basically is referring to your Kali Linux repositories, and it will basically just check for the updates from there, and in case there are some updates it will download them and you can install the updates with the "apt upgrade" command.

Now, you want to run this command as you finish the installation of Kali Linux, but we will be doing that command in our next video because the "apt upgrade" command will take, after the installation, I believe about an hour in order to finish.

It will download just a bunch of other files and upgrade them, and I don't even know what not. It will just take a lot of time. That's what I know. So we will be doing that command at the end.

So right now, if you want to check out the history of all of the commands you typed previously in this current session of terminal, you can just do that with the simple command which says "history."

It just print right here all the commands that I ran before. So as you can see right here, these are all the commands that we ran before. It's not that useful, but you might need it sometime. I don't use it that much. 

The next command we want to do, let's say for example you want to copy the program.py file into another directory. 

So we will just create another directory in this programs directory. We will call it "test" for example, and now you can see that we have the "test" directory, which is blue and the green program.py file, which is an executable. 

Now, for example, you want to copy this file into the "test" directory. We do that with a simple "cp" command. Well, "cp" basically stands for "copy" and you just type here the file that you want to copy, which in our case is "program.py" and then you type here the directory you want to copy it in, and in our case it is "test."

So just press enter and basically, as you can see right now, if we change directory to "test" we will have also a program.py there and they are identical.

So if we "cat" this program.py in "test" directory, then we go one directory back and "cat" here a program.py, they are basically identical because we copied them. 

So let me just put here the "cp" command. We finish that command. But let's say for example you didn't want to copy that file. Let me just delete it from the "text" directory. You wanted to move it. It is no longer here.  

If you wanted to remove it from the "programs" directory into the "test" directory, you do that with the "mv" command, which stands for "move," to move program.py to the directory where we want to move it, "test" in our case. 

You can see right now that if we type here "ls" in order to list all the files, we can see that the program.py is no longer here, it is now moved to the "test" directory.

So we type here "ls" in the "test" directory, and now it is only here. 

Now, this command can be used for two things. In order to move files from one directory to another directory, and in order to rename files.

So for example, if I type here "move program.py" and then I don't specify a directory where I want to move it, but I specify another name for the file. Let's say "anothername.py" which is not a directory, it is a file, it will rename the "program.py" into "anothername.py."

As we can see right here, there is no program.py now, the program is called "anothername.py" and if we "cat" it right here, we can see that it is the same program that we typed before.

So it is also important to know that it can be used for two things, which is rename and move, just so you know. 

Right now, we can cover some of the more basic commands such as "man."

Now, this command basically is used for opening a manual for any other command.  

So, if we type here "man cat" it will open us a file which will basically give you all the options available for the "cat" command.

As you can see right here, it can be used for any other command. So basically if you type here "man cp" it will open up a manual for the "cp" command where you can see what else you can do with the "cp" command. As it says right here, copy files and directories.

Now, for example, you can type here "man history."

I don't know if it has a manual, let's see. Yes, it has the manual from the history. Basically, it shows the manual for all the other commands. These manuals are already pre-installed on Linux. You will have them with the installation of it.

You can just check out if you forget what some command does or something like that. You can just type here "man" and then "grep" and it will basically open you up with a manual, and you can just read right here and use the command. 

So now that we got that out of the way, you will be using manual a lot in the programs later on which you do not know how they work. 

So you will be opening up a lot of manuals in order to find out the command that you need to use in order to run that program. 

Also, if we wanted to let's say locate one of the files we forgot where we saved it, and we want to locate it, we can do that with a simple command called "locate."

So, let me just try here with anothername.py. Yeah, I don't think it will work like this. Not really sure why. But for example, you want to locate every file in the system which has a word in it, you can just type here "locate" and you will see that it will print a bunch of these files, and they all have in some of the part, they have a word in it. 

As you can see, this file has a word in it right here. So kali - password, and then something else.  All of these files will have a word in it. Let's say you want to locate everything that has "wordlist" it will also print out all the files that have "wordlist" in it as you can see: wordlist, wordlist, wordlist, then wordlists.list and so on and so on. 

So we covered that command as well. 

Now, this is about it for this tutorial and in the next one, we will cover some of the commands which are more towards the system that you are using. 

For example, in order to check some of the system settings you will be running the commands that I will show you in the next video such as for example shutdown, ps, uname, restart, reboot and so on and so on, and ifconfig, a bunch of those network commands. 

So you should learn this. You should remember like these are some of the more important commands that you will be using all the time.

That's about it for this tutorial.

I hope I see you in the next one. 

Bye. 

Hello everybody and welcome back. 

Now before we begin with the footprinting lessons, I would like to just show you some of the things you might want to install before we begin.

So the first thing I want you to install is "GitHub repository."

Basically, if you do not already have it, you just type here "apt install git."

Now, if you encounter this error, just basically delete these locks from the path that is specified right here.

So just take this path, copy it, type here the "rm" command that we covered, which stands for remove, then paste the file. 

Now, it might ask you to remove other locks as well. This one is also here, we want to remove this one as well. Basically, just copy the path and delete it. Let's just paste and let's see if there is something else.

There is one more lock in the cache, which we also want to remove. So copy the third one and I believe this one is the last one. 

So now that you deleted it, you can install "git" which is already installed for me. You just type here "apt install git."

How do we use git? 

Now let me just show you. 

You just go here on the GitHub website. 

Basically, any program that is not pre-installed in the Kali Linux, you will probably be downloading it over GitHub. 

So let's say, for example, I know a name of one program that is called "Instashell." It does not come pre-installed in the Kali Linux, but you can download it in from GitHub. 

I will show you the command right now. 

So basically, it is the first one. You can see that the site is GitHub and the path is what you want to copy.  

If you just enlarge this, it is the website and this is the program that I want to download. It is used for Instagram hacking. 

We will be covering it later on. 

For now on, I just want to show you how to install any program on GitHub. So basically, you just find the program you want to download and you copy the link right here, and once you go copy the link, you just go to your terminal. 

Let me see just where we are. 

We are in the /root directory and if we type here "git clone" which is basically the start of the command, and then you paste the link and just add ".git" it will download the program into our root directory. 

So, as you can see right here now, we have the full program downloaded. It is as simple as that, and now you can go to the program and basically use the program. 

So, if you do not have a git installed, you basically just install it with the command, "apt install git."

The next thing I want to show you is, for example, if you want to run a program that is not available to run as a root user or doesn't allow you to run as a root user, you might want to add a non-root user, which is simple, and you just type here the command "add user" and then basically any name you want.

So, let's say we want a user called John. It will ask you some of the questions for the new user, which you can answer correctly or not depending on you. It will ask you firstly for the password, which I will set as 1234. 

It will ask you to retype the password. I will retype it as 1234 and now it will ask some of the personal information, which I will skip. I will just paste the wrong thing so it doesn't really matter if this information is correct. 

Just type here "Yes" and you have a new user.  

Now, in order to add that user into a "sudo group," which basically means you will be able to run these root commands with that user just using the password from root. 

So the command for that is "usermod – aG" and "sudo," and then the name of the account you created, which in my case is John, and it will basically add John as a sudo user and he will be able to execute root commands if he provides the root password. 

Now, at the rebooting, you can basically login into your user account, but I will just stay here as a root user for now on and we will install the next thing you might want to have, which is "Tilix." 

Tilix is a program which basically allows you to execute multiple commands from the same terminal. 

Now, it could be useful if you are running a bunch of the commands and you want to see what is going on so you just run multiple commands from the same terminal and see the output of all of those commands. 

That's why I will install it just in case. I am not really sure if we will use it, but it is good to have it.

Now, this will take a few seconds to install and I believe once it is installed, we can run it basically with a simple command, which is just Tilix. 

Here we go, 5% installed. We will wait for this to finish and we will run it right away so I can show you how it works. It's basically the same terminal we have here. 

If we want to, we can split it in two parts.

The installation has finished and now I will show you how to run it. 

In order to run Tilix we just type "your telex" and it will open up a terminal as you can see right here, which is basically the same as this one, just it is white and if we want to we can split it on this button, and here we can make multiple terminal windows basically in one terminal.

So, if we want to, we can type one command right here, the other command here, and basically here the third command. It could be useful once you run big things like for example multiple commands for some program and you want to see what is going on, you basically use Tilix.

Now that we have Tilix, we can close it. We don't need it right now. The next thing and the last thing I want you to do is install "Tor."

Now Tor is a browser which is used to accept the onion routers on your links basically, which basically leads you to the Deep Web. 

Now, you can go "apt-get install tor" and just here you want to press Y. 

Basically, we need Tor for multiple things. Multiple programs require Tor in order to run. For example, the previous program we just installed, which was Instashell, which we will cover later on uses Tor in order to switch IP addresses in the process of brute-forcing Instagram accounts. Now, that is not the only program that uses Tor.

There is a bunch of programs that use it and you also might want to visit the Deep Web sometime, so you can just download it and we will have it for all the future purposes.

So this should finish relatively fast. 

Here we go. 

It is finished. 

We will clear the screen and in order to start Tor as a service, we just type here "service tor start" and it will open up Tor. 

Now, if you want to run Tor, you just type your Tor, which will say — Yes. Could not bind to this. Address already in use. Is Tor already running? 

Yeah. We're basically already running Tor so it just gives us an error that Tor is already running.  

So, if you want to stop it, for example, we can just stop with this command "service tor stop."

Now, that is about it for some of the basic things you might need in the future and in the next lecture I will show you how to change your MAC address in a simple program that is already pre-built in the Kali Linux. It is called "Mac changer." 

So we will cover that in the next tutorial and after that, we will go on to the Google hacking, Harvester, and Shodan.

Now, I hope I see you in the next lecture and take care. 

Bye. 

Hello everybody and welcome back. Now, in this lecture, we will cover our first program that we will use, which is called "Macchanger."

It allows us to change our MAC address, which can be used for multiple things such as, for example, if on a particular wireless network there is a blacklist or whitelist which is based on the MAC addresses, you can bypass that with simply changing your MAC address. 

Now the program that we will use is called "Macchanger." If you just type here in the terminal "machanger" you will notice that it will print the usage of the command. 

So here it says we need to type "macchanger options" and then the device. Now, in order to check out our available options, we can type here as it says "try macchanger — help."

So we will type "macchanger — help."

It will basically show us right here some of the available options that we can use right now. In order to find out what our MAC address is, we want to use this option which is "- show" or "- s."

Now, if we just type here "macchanger - s" it will say that we incorrectly used this program because we didn't specify the device. 

Now, this device basically means your network interface card. You might be having multiple interface cards, so we want to pick one. 

If you type here "ifconfig" as we covered in the previous tutorials, it will print you up with your network interfaces. 

Here I only have "lo" interface and the "etho" interface witch I use to connect to the Internet. 

So, I will use this one.

If I just repeat the command "macchanger - s" and then "etho" it will read my current MAC address and my permanent MAC address, which in this case are both the same because we didn't change it yet.

Now, if you have multiple interfaces, just pick the one you use currently and just specify it at the end of the command. 

Let's type here once again "macchanger — help" in order to see what else we can do with this program. 

So we covered this part, which is showing our current MAC address. 

Now let's say we want to change the MAC address, we can look at some of the options here. It says set fully random MAC address, which we can do with the "- r" or "— random."

So, let's try to put the random MAC address and see what happens. If we type here "macchanger - r" which stands for this option right here, which is set fully random address, and then we specify once again our network interface, we can see that right now our MAC address has changed.

As you can see right here, new Mac is this one. The previous one was this one. So if we want to show our MAC address again, we can see that it has changed. 

I forgot to specify the interface. We can see that the current MAC address is a different one from the permanent one, and we can see that we successfully changed MAC address.

But let's say, for example, you want to bypass the whitelist of the MAC addresses, you would want to specify a specific MAC address.

So, we can do that with this command, which is basically "— mac" and then specifying a MAC address.

Let's say, for example, we want this MAC address. Let me just open another terminal right here. Let's say we need to have this MAC address right here. We can try to get it with the "-m" command. We just move this right here.

So, if we run once again "macchanger — mac" now we will set here the MAC address. Here we will put equal. I am not sure we need to put equal right here. We will try with that first, and then 22:33:44:55:66:77, and then we will specify our network interface. 

So, if we see right here, it changed our MAC to the specific MAC address that we wanted it to change to. 

Right now, once again, if we type "machanger — show" now it is like this. Yes, I always forget to specify the network interface. We can see that our current MAC address is "22:33:44:55:66:77" and our permanent MAC is our normal MAC address, which doesn't really change. 

Oh yes. If we want to we can reset back to the original permanent hardware MAC with the "-b" command. 

Now, if you are finished with your attack, for example, and you want to change the MAC address to the normal MAC address, which is our permanent MAC address, you can do that with "-p" command. 

So let's try that "macchanger -p" and then our network interface, and we can see that the new MAC is now the same as the permanent one, and now we are back to normal.  

We can just type here "show" again, and we are the same as we started before using this program. 

This is a useful program for you to change the MAC address. You can even put it to change it at the boot up of this machine, so it changes basically every time you restart the machine. It will change your MAC address, which can be used to provide a little bit of anonymity, but I don't really use that. 

You can if you want to and that's about it for this program. It is one of the simple ones, so we covered it first. 

In the next lecture, we will cover Google hacking, which is also pretty simple. 

I will show that in the next lecture.

I hope to see you there and take care.

Hello everybody and welcome back. This is the last part of the footprinting section where we will cover two tools, which are basically almost the same, but there are slight differences between them. 

The first one is called "Dig," so if you just type here on your keyboard "dig," you will notice that nothing will happen since we didn't specify any website. But for more information we will just type here "dig —help" to provide us with the simple usage of this command.

Now you can use any website for this. It is basically not illegal. This is just a tool in order to scan the DNS. Dig basically stands for Domain Internet Groper, and with it, you can basically try one of the attacks, which is called the zone transfer.

Now zone transfer, it uses the replication for primary and secondary DNS servers in order to be synchronized. Well, basically the secondary server, for example, asks for data for zone from primary server. The primary server answers with a copy of database, which has IP addresses and name of hosts.

Now, the configuration of the DNS can potentially allow anyone to request a zone transfer. So, with this tool, we will try out the zone transfer on some of the bigger websites, which of course won't work, but on the smaller ones it could possibly be a misconfiguration in the DNS, so that the zone transfer is enabled.

Now zone transfer is happening over TCP on port 53 and not over UDP at the regular port 53 for the DNS. 

So, if you just type here "dig google.com" you will notice that it would give us a bunch of the information about google.com. 

So for example, as we can see, this is the DNS query right here. The NS right here stands for Name Server and we can see that there are four of them. The A basically represents the IP address, the one A stands for the ipv4 IP address and AAAA stands for the ipv6 IP address. 

We can see also some of the other options, which is the server that it used to query, which is our own router on port 53. As you can see, the usual DNS port will be port 53 over UDP and my router IP address is 192.168.1.1. 

We can see that the one query, we got one answer authority four, which is these four servers right here, and additional line I believe it is referring to this one right here, even though there is eight ones. 

But these are basically the same servers just with the different format of IP address. This one is as it says ipv4 and this one right here is ipv6 IP address. 

So that’s the basic use of the "dig" command. You can use it to find out some of the information about the domain, but if you wanted to try out the zone transfer, you can do it like this. So, just type here "dig" and then you type here "axfr" which stands for the zone transfer.

Now, we can use for example "facebook.com" and we can use the other server for example A.NS.FACEBOOK.COM. 

If we type this right here, you will notice that after a few seconds it will basically prompt us with “The zone transfer failed,” since Facebook didn't misconfigure their DNS, so the zone transfer attack cannot be done on Facebook.

Now there are maybe other smaller sites that could be possibly vulnerable to some transfer attack, but we won't be trying to find them at the moment. This is just one of the tools that you can use in order to find out if it is vulnerable. 

But let me just show you another tool right here, which is called "DNSENUM" and also preinstalled in Kali Linux. So basically, it is the same as the dig tool. If we type right here "DNSENUM google.com" it will provide us with similar information.

As we can see, host address google.com, which is A, stands for the ipv4, and then it will print us the IP address, the ipv4 address of google.com.

Right here, it is trying to find out some of the name servers of Google. As we saw before, there should be four of them. 

Now, this might take a few seconds and sometimes it actually just times out. It might time out right now, but we will see in a few seconds, I will come back when these finishes. 

As we can see, it finished right here and it says that the google.com NS record query failed. It timed out.

So we won't be trying that anymore. I just wanted to show you that you can use that tool as well if you want to. But that would be it for the footprinting section.

So let us just recap what we covered.  

We covered some of the tools that we use to gather as much information as we can about our targets. 

So, for example, these two we covered in order to gather some of the information from their server for their DNS. 

We also tried one of the attacks, which is the zone transfer and of course it didn't work on Facebook.  But as I said, it might work on some of the other websites. 

We also covered the Whois, we also covered the Shadon website, we covered The Harvester in the previous lecture where I showed you that it sometimes can actually work.

We also covered the Nikto, which is a big command tool. You should search more about it if you want to. It might be useful later on. 

So that would be about it for the footprinting section, and with this section, we basically finish the beginner section and we enter the intermediate section where we will start off with creating our vulnerable virtual machine, which we will use in order to run our scans and attacks.

Since it is not legal for us to attack a machine that we do not own, we will create a virtual machine which we can attack. 

Now you might have heard of that virtual machine. It is called Metasploitable and I will show you in the next tutorial how to install it.

We will start covering one of the bigger tools in Kali Linux and one of the tools that you will use a lot, which is called the Nmap.

But more about that in the scanning section, and I hope to see you there. 

Take care.

Hello everybody and welcome back. 

Right now, we will try to configure our Burp Suite in order for us to make it as a proxy and in order for us to intercept our own HTTP requests and responses. 

The Burp Suite which is a program that we will use, is already pre-installed in Kali Linux. If you go on to the applications right here and you go on to the web application analysis, it should be the first one right here.

So if this is the first time for you running it, it might ask you for a root password, you just type it in and you open up the Burp Suite. 

Now, another way that you can open it is through the command line. Here it will say what appears to be a message about the version, just click here "Okay," it doesn't even matter what it says, and it should open up our Burp Suite.

I already configured my Burp Suite, so it works for me. Basically, I will just show you the process, we will need to configure some of the things in our Firefox and also some of the things in the Burp Suite in order to capture our packets.

Here just click on "Next US burp defaults," click on "Start burp" and it should start in a few seconds. Now, what I wanted to say is that you can also run it through a command line with the Burp Suite and it will just open up the same thing right here.

It will use your terminal for it so you don’t have to go to the applications, and so on and so on. As you can see right here, this is the Burp Suite. It has a bunch of options. It is used for us to intercept our own packets.

Here we have some of the options such as HTTP history. Here we will have the websites that we visited in the current session and here you have the intercept. Here you have the option that the intercept is on and intercept is off.

Now, before I cover all of these options, I just want to show you what you need to do in order to get this to work. 

What you want to go to, is go to the proxy, which is the second one from the left, and then below that you want to go to the options, so proxy, and then options.

Here we are interested in the proxy listeners part, but you will have by default this 127.0.0.1 on port 8080, which is listening on 8080 on a local host. 

Now, what you want to do is select that one and basically just click here on the edit. It should open up this small window where you want to specify the port to be *8080. Basically, you can put here all interfaces or loopback only, I leave it on loopback only.

You can also specify a certain address like my current IP address of this virtual machine which is 192.168.1.6, but I will leave it on localhost and on loopback only since I will specify that proxy in my Firefox as well. 

Just click here on the "Okay."

So port 8080, loopback only 127.0.0.1, click here on "Okay."

What we want to do is go to our Firefox. So open up your web browser and where you want to go is basically here on the right, these three lines, open menu and go to the preferences. 

Now, under the preferences, you want to go to the general which is already opened right here by default. You want to scroll all the way down and find the network proxy.  

Here we can see, “Configure how Firefox connects to the internet.” 

What we want to do is basically make our Firefox connect to the Internet through our Burp Suite. Click here on the settings and it should open up this small window. By default, it should be set on "no proxy."

What you want to do is change that to be set on the manual proxy configuration. So once you check that, I believe since you didn't configure it before, it should have only the first one which is HTTP proxy set on 127.0.0.1 on port 8080. 

Now, what you want to do is all of these four you want to set on the same settings, which is basically even the SSL, even the FTP, even the SOCKS host, you want to set all of these four onto the IP address of your local host, which is 127.0.0.1.

All of those four you want to be set on the port 8080. Once you set all of this four to be exactly the same, you want to check here SOCKS v5. It should be checked by default, but if it is not, check here SOCKS v5.

Once you do that, click here on "Okay" and you should be good to go. So, if we click here, setting again we can see that now our manual configuration proxy is set on the local host. 

Now, if you go right here and try to search "google.com" first of all, it won't work for you. It should say something like “Insecure connection,” or something like that. Basically, it won't let you connect to google.com.  

But if you, for example, go to an HTTP website, which I'm not really sure. Let me just find any HTTP website. Do I have anything saved?

Well, we have our web application which is not HTTPS, so you should be able to connect to any HTTP website, but you will not be able to connect to any HTTPS website. 

Now, if you type here any HTTP website and it is loading on forever, what you want to do is go to your Burp Suite and make intercept off. So if your intercept is on like it is right now for me, it won't let you load any page since it will wait for you to forward or drop the packet. 

Let me just show you what I'm talking about. If I refresh this page right here, you will see that this will load forever, it will never load the page. 

In the Burp Suite we can see that it basically gave us some of the HTTP header request header for this website, which is just my virtual machine, my OWASP vulnerable machine, and it will ask me if I want to drop this packet, which means to discard it or to forward that packet to that machine. 

Now, if I forward it and I open right here once again, let me just open up my Firefox, you can see that now it loaded the page because I forwarded the package. 

But if you have that checked on, which means the intercept is on, you want to make it off so you can load the page without forwarding every package. 

So just click here and make sure that the intercept is off.

Now, if I try to reload the page once again, it will reload it normally and open the page. 

We want to also make sure that we can load our HTTPS websites. For me, it works, but for you, it won't work until you install in your Firefox a Burp Suite CA certificate.

Basically, we need to install the Burp Suite certificate in our Firefox in order for our Firefox to look at Burp Suite as a trusted proxy source. 

So in order to do that, first of all, make sure your Burp Suite is running, make sure that you configured the preferences in Firefox. Let me just go once again right here and make sure that this is the same as mine. 

Make sure the Burp Suite is running, if it's not running, this won't work. You won't be able to download the certificate. Once this is the same as mine and once you run the Burp Suite and the intercept is off, you want to go and open up a new tab and type here "HTTP" and then "burp."

Once you type that, it will lead you to this page where it will say, “Burp Suite Community Edition. Welcome to burp suite Community Edition.”

What you want to go on here is on the CA certificate and click on it. It will ask you if you want to download this file, “Do you want to save it?”

Yes, and the file is 973 bytes, so it's not that large. You just click here on the "Save." Once it downloads, you find where you saved it. Let us just find it. I already have one downloaded, so I have it right here. You will only have one of these.

Once you find that you want to go to your Firefox. Again to the preferences, but instead of going to the network's proxy settings, we want to go on to the privacy and security settings.

So once you are there, once you are at the privacy and security settings, what you want to do is basically scroll down and find the certificates.

Maybe they are all the way down. So here are the certificates and you want to go onto the “View certificates.”

Once this window opens up, it will show you a bunch of these certificates that already are in your Firefox web browser. 

Now, what you want to do is import the already downloaded certificate that we downloaded from this website, which is "HTTP burp." 

How we do that?

Well basically we just go on to the import right here. So click on the "Import" and find where this file is saved for you. I already imported it so I won't be importing it twice. Here it is. Just click on the file and click on the "Open," and once it does that, click on the "Okay" and you should be good to go.

After that, if you type "google.com" once again, it should be loading the HTTPS websites as well as the HTTP websites.

Now, if this didn't work, make sure once again that the Burp Suite is running or this will not work. Make sure that all of these options are already set as mine and you should be good to go. 

Once we made this work for HTTP and HTTPS, now we can track all of the packets going through our own Burp Suite. As we can see right here, if I go on to the target, it will give me a list of all the hosts that I’ve already visited. 

As we can see right here, these are just a bunch of the HTTP request packets that I sent in order to visit my virtual machine, which is on the IP address of 192.168.1.9.

Now, in the next tutorial, I will show you some of these packets and how you can configure them, how you can change them and all of that, and where you can find all the websites that you visited and specific packet if you search for it.

But for now on, just make sure that your Burp Suite works. 

Let me just show you once again. Let's visit "facebook.com." It should open up the Facebook page and it should also have here a bunch of other Facebook domains opened. As you can see, the page that you requested will be the darker letters than the ones it automatically searched for in order to get to your Facebook page.

We can see right here this is our Facebook page and the HTTP requests that we got from it.

So I will make sure to explain the requests and responses better in the next video, and until then, I hope you are having a great day and take care.

You can buy Private Label Rights (PLR) for this course and others, click here.

You can buy Master Resell Rights (MRR) for this course and others, click here.