Page 49 - Hands-On Bug Hunting for Penetration Testers
P. 49
Preparing for an Engagement Chapter 3
Using Burp
Now let's start Burp d the ( part of the command is where we're specifying Burp Suite
should run on 4 GB memory:
java -jar -Xmx4G "/Applications/Burp Suite Community
Edition.app/Contents/java/app/burp/burpsuite_community_1.7.33-9.jar"
Since this is a mouthful, we can create a small wrapper script that will use the ! variable
to add any options we may want to pass, without making us rewrite our path to the KBS
executable. Here's CPPUTUSBQ@CVSQ TI:
#!/bin/sh
java -jar -Xmx3G "/Applications/Burp Suite Community
Edition.app/Contents/java/app/burp/burpsuite_community_1.7.33-9.jar" $@
Now you can make the file executable and symlink it to VTS MPDBM CJO or the
appropriate utility so it's available in your 1"5):
chmod u+x bootstrap_burp.sh
sudo ln -s /Full/path/to/bootstrap_burp.sh /usr/local/bin/bootstrap_burp
This allows us to start the program with just CPPUTUSBQ@CVSQ.
Attack Surface Reconnaisance ` Strategies
and the Value of Standardization
The Attack Surface of an application is, put succinctly, wherever data can enter or exit the
app. Attack-surface analysis describes the methods used to describe the vulnerable parts of
an application. There are formal processes, such as the Relative
Attack Surface Quotient (RASQ) developed by Michael Howard and other researchers at
Microsoft that counts a system's attack opportunities and indicates an app's general
attackability. There are programmatic means available through scanners and manual
methods, involving navigating a site directly, documenting weak points via screenshots
and other notes. We'll talk about low- and high-tech methods you can use to focus your
attention on profitable lines of attack, in addition to methods you can use to find hidden or
leftover content not listed on the sitemap.
[ 34 ]
