-
Open 'Oracle VM VirtualBox Manager'.
-
From the top-left
File
menu, selectImport Appliance
option. -
Select the OVA file
OwaspSecurityShepherdVm_V3.0.ova
to import. -
Click on
Import
button. -
Select the imported appliance and click on
Start
button. -
Did you encounter an error? If you did, click on
Change Network Settings
button, in the error prompt. -
Ensure that
Adapter 1
settings are set as shown in following image, and then click onOK
button. -
On the login prompt, enter credentials as mentioned in
Settings
>General
>Description
-
Did you reach here successfully?
-
Obtain IP address of target machine by running the command
ipconfig
. Do you see an IP that looks similar to:192.168.56.101
?
-
Check if you have Firefox browser (https://www.mozilla.org/en-US/firefox/new/) installed in your machine.
-
Did you install the FoxyProxy Standard add-on (https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/)? If you did already, skip to step #3.
-
Open the Firefox browser.
-
Click on
FoxyProxy
icon in the top-right corner of your browser. -
Select
Options
from the dropdown menu. -
Click on
Add
button to add a new proxy. -
Enter title as
localhost-8080
(or anything of your choice), IP address as127.0.0.1
, port as8080
, and click on theSave
button. -
Enable proxy settings by selecting the option "Use proxy localhost-8080 for all URLs (ignore patterns)".
-
If you have Burp Suite Community Edition (https://portswigger.net/burp/communitydownload) already installed in your machine, start it now. [Else, download and install Burp Suite in your system first.]
-
Go to 'Proxy' tab > 'Options' sub-tab > 'Proxy Listeners' section, and validate the proxy listener settings. It should be same as that set in the Firefox browser, i.e., enable a proxy listener for localhost (
127.0.0.1
) on port8080
. -
Switch to your Firefox browser and navigate to https://www.google.com
-
By now, you should see all your browser (Firefox) traffic going through Burp.
-
Do you see unnecessary traffic in your site map? Are they originating from Firefox browser itself? We need to get rid of these noise.
-
To disable capturing of unnecessary browser traffic, analyze the traffic in the "Site map" and identify URL patterns that need to be excluded. In the current scenario, we observe that most of the noise is originating from following two domains:
firefox.com
mozilla.com
-
In your Firefox browser, click on "FoxyProxy" icon and select "Options"
-
Choose the recently created proxy (named as, "localhost-8080") and click on "Patterns" button.
-
In the "Add/Edit Patterns for localhost-8080" window, click on "New Black" button, and edit the "Name" and "Pattern" fields as shown below:
- 1st Black Pattern:
- Name:
firefox.com
- Pattern:
*.firefox.com
- Name:
- 2nd Black Pattern:
- Name:
mozilla.com
- Pattern:
*.mozilla.com
- Name:
- 1st Black Pattern:
-
Delete the other (default) patterns listed under "Black Patterns". The final screen should look similar to:
-
Click on "Save" button and select the option "Use Enabled Proxies By Patterns and Priority".
At this point, even though you could intercept most of the HTTP traffic, you might face issues while trying to access secure websites, i.e., websites that follow the "HTTPS" protocol. To resolve this issue, you must install Burp's CA Certificate in your Firefox browser.
-
Go to Burp > Proxy > Intercept and disable intercept mode by clicking on the "Intercept is on" button.
-
Navigate to
http://burp
in your Firefox browser. -
Click on "CA Certificate" to download the "cacert.der" certificate for Burp.
-
In your running instance of the Firefox browser, go to "Preferences", search for the term "certificates", and click on "View Certificates" button.
-
In the "Certificate Manager" window, click on "Import" button and select the downloaded "cacert.der" file.
-
In the "Downloading Certificate" window prompt, select checkboxes as shown in following image and click on "Ok".
-
Validate if you could access secure websites in proxy mode without any error, by accessing "https://www.google.com" in the Firefox browser with proxy mode enabled.
-
Change the URL in your Firefox browser to the IP address of your target application, i.e., enter
192.168.56.101
in the URL address bar and hit ENTER. -
If you have encountered an insecure connection error, that says "The owner of 192.168.56.101 has configured their website improperly. ...", then click on "Advanced" > "Add Exception"
-
Uncheck the checkbox that says "Permanently store this exception", and click on "Confirm Security Exception" button.
-
Did you meet the Security Shepherd? Let's get some secrets out...