 Hello, hi everyone. I am Sanjay Gupta. I welcome you on Sanjay Gupta Tech School. So today is day six of this cybersecurity boot camp and I have Sumit with me. So welcome Sumit on the channel. So today Sumit will be guiding you like how you can set up your accounts on few websites and how to download few softwares. So please follow all the instructions properly so that from next week whatever demonstrations he will be doing you will be able to understand them properly. Over to you Sumit. Welcome again on this cybersecurity boot camp day six and my name is Sumit Jain and I welcome you all on this journey with me. So previously we will discuss about how network functions, how network will create in your domain and how will you assign IP addresses and MAC addresses, how codes will be used throughout your network to transfer the data. So today and in next sessions we will be doing, we will be reading and doing demonstrations and some findings regarding the web security, which will be our main topics in this cybersecurity boot camp. So let me introduce myself. My name is Sumit Jain and I'm a Hethika Laker and cyber security expert from past 10 years. I'm right now working in Seneca Red Team and Pentabug Red Team as a web security researcher. Apart from that, I'm working as a senior security specialist at GDRO Networks. Previously I'm working as a guest instructor at CDTS Center Detective Training School. And right now I'm creating content on YouTube to help student pressures professionals to build their career and who wants to start and make a career in cyber security and related domains. So you can subscribe my YouTube channel and follow and share these videos and content I created regularly. You can follow the Sanjay Gupta Tech School YouTube channel as well for this cyber security boot camp and the Salesforce boot camp as well. Please share a review or feedback about this boot camp so I will know how you react, how you understand what I teaching you, what I delivering you. You can follow me on these below platforms as well. I'm available on LinkedIn, Twitter and we have created a Telegram group as well where you can put your queries, your questions and if something is not answerable in this live session you can ask in Telegram group. The links are available in the video description. So with that note, let's begin today's topic. So today I'm going to tell you how to set up your lab, the lab we will need to test or to understand how this cyber security functions. So first, we will modify our browser. We will use our Firefox browser. And in this browser, we will add some add-ons. The names of the add-ons are vaporizer, cookie editor, Hunter IO dot git, shodan and foxy foxy. These add-ons are some basic plugins which will be available in the Firefox add-ons section and you will be installed these add-ons to make your work efficiently when you test a website and when you are doing cyber security information technique like foot printing. So you will need those add-ons to gather some information, to collect some information and use the information regarding some scanning techniques. So let's move on to our Firefox and I will show you how to install these add-ons. So first, where to find the add-ons section, where to find how to download these add-ons. So you need to press Ctrl Shift A in your Firefox browser and you will be navigating to the Firefox add-ons section where you can download different types of add-ons which will be available in the Firefox add-ons store. And here, you can search the add-ons I named in the slide. You can type the cookie editor and search. After that, you can download. You can click on this link and you will download. So I already downloaded the cookie editor. So you can install with this button where you can install and add in your Firefox. So all these add-ons, cookie editor, vatelizer, Hunter, these are available in the Firefox add-ons store. You can search and download. Hunter is available here and cookie editor is available here. And vatelizer, this is the vatelizer add-on. So when you install these add-ons, these add-ons will reflected in your upper bar like this. This is my vatelizer add-on and this is my Hunter add-on. This is my Shodan add-on. So all the add-ons you need, all the add-ons you will download will display over the hair. You can see I already downloaded the dot gate, Hunter, Shodan, vatelizer, cookie editor and other add-ons as well. So right now you will only need these five to six add-ons for your cybersecurity journey. Vatelizer is basically tell us what technologies a domain will use. If you visit a website and that the website will build on different technologies, using this add-on, we can find out what technologies the website is using, frameworks, what server, what language, what analytics, what are the different technologies the website is using. It will be displayed by using this add-on. Cookie editor add-on will show you the cookies of your session when you login into an account. The cookies will generated and using this cookie editor we can see the cookies. Hunter.io will display email address of a domain.git will display a git file in your domain. Shodan will display a port name on your domain, how many ports are running on your domain, how many ports are open and how many ports are closed. You can find that by using this domain. Soxy proxy add-on will help you to redirect your traffic. So why we need those add-ons? So let me explain you. So we almost visit a website using STTP protocol. So when we visit a website, a STTP protocol will create and this stands for hypertext transfer protocol. Yesterday I told you about the how protocol, how ports are functioned. So port number 80, which will be called STTP protocol named for hypertext transfer protocol. This protocol is responsible for your communication. When you are communicating with a website, when you are accessing a website, when you are accessing some data on the internet using a domain name, this protocol will be the main reason why you are accessing those data. This is a protocol used to access the data on the worldwide web and stands for hypertext transfer protocol. The STTP protocol can be used to transfer the data in the form of plain text, hypertext, audio, video and so on. There are different types of format we have to transfer the data. It will be available using STTP protocol. So when we visit a website, when we visit a website, it will be displayed here. So right now this protocol is displayed here because I am using the Google will use STTP protocol, the secure version. That's why it will be displayed here as a STTP as protocol. So every website you will use, like if I use Flipkart.com. So a protocol will be used to connect your browser to the Flipkart server. This protocol is the main reason to transfer or access the data or to load your data into your browser. So two types of protocol will be used. One is STTP and the other one is STTPS. This protocol, STTP protocol will be the main reason to access your data and if you want to send your data with the secure function, you will use STTPS. So when we read about URL, URL is something like a Uniform Resource Locator. Uniform Resource Locator and this will be a URL. If you are using a website, so your website will be accessed by this. This is a URL. We called it as a URL. And this is a protocol. This is your worldwide web where you are accessing your data. This is your domain name. Then we have a port number, a port which we are connected to. So if you are using STTPS connection, the port number is 443. So the port is not shown in the URL section. But if you write a port and if you want to connect the target with a port number, you can be able to. So let me show you how you can connect a domain with a port number. So this is my domain name and if I type here a port number, you will be redirected to this website. If I type the port number, you will be redirected to the main website. So port number is also used but it is not displayed here because we are already using this STTP protocol. And if we give another port like 21, the 21 port is not available to show here. So we will get a message that this address is restricted. This address uses a network port which is normally used for purpose other than web browsing. Firefox has cancelled the request for your protection. So we are not allowed to access the data on port number 21. That's why we get this error. We get these messages. So basically when we are accessing a website, when we are connecting a domain, we usually use these two protocols. One is STTP. If we want to send our data non securely, then we use STTP. And if we want to send our data securely in secure form, we use STTPS. So mainly all the websites use this version because it is secure. So when your browser generates some data, when your browser sends a request to the server, it will be found using this protocol and this protocol generates some messages to share to receive or to transmit the data to your server or to your browser. So basically STTP protocol is using two types of messages like this. Suppose this is your browser and this is your server where you want to access. So this is your Firefox browser and this is your server where you want to get your data. This is your Google server. So when we connect with the domain, messages are exchanged between your browser, between your computer and between your servers. So those messages are exchanged. Your browser will generate a request to the respective server and your server will respond to that request. So messages are being sent. The conversion is done by using messages. So STTP protocol, STTP protocol using two types of messages. One is request when your browser generate a message to transmit the data onto the server, it will be called a request. And when a server is responding, it will be called response. So those messages are exchanged between your browser and your server. So STTP protocol is under two types of message. One is request message. The request message is sent by the client that consists of request line headers and some data. The response message is sent by the server to the client that consists of status line headers and sometimes a body. So what type of data a request contains or what type of data a response contains. So your add-ons, which will be your installing in your browser, in your Firefox, these add-ons will help you to detect or to display these messages. So your request or responses and we will use additionally some softwares to capture all those requests which our browser is generating and all those responses our server will be generating. So with the help of these software, we can analyze what in the request is and what type of data response contains. According to our use, according to our methodology, we can delete, we can change, we can modify, we can add some data in these messages. We can add some data in the request messages and we can add some data in the response messages as well. So basically, when we do a pen test on the web application, a target, a domain name, we mostly analyze these responses, these requests because they are something, they are containing the most data which you are sending throughout your connection. So to capture these data, we need a software and some add-ons. The add-ons you are already installing in your system, but we need a software. The software is called Burbsuit and it is available here. The website name is Portswiga.net. The product they will be creating is named Burbsuit and Burbsuit is a software which will be captured all the requests that will be generated by the browser or the response that will be generated by the server. So Burbsuit can capture all the traffics which will be floating in your network. So Portswiga created four types of version of this Burbsuit software. One is enterprise version where you can purchase or buy for your enterprise-enabled dynamic web vulnerability scanner. You can use Burbsuit professionals. This is also paid version and Burbsuit community edition. This is a free version so we can use instantly and this version is lightweight web application security for CID CD. CID CD integration, if you are familiar with the DevOps technology, we use this version but right now we don't have to pay to buy this software so we are using this version, Burbsuit community edition. So you will click on here and can find the download option. So go straight to downloads and this software will download in your directory. Upon downloading you can simply install the installation process is simple. You can open the file and click on next and click on next next the software will be installed. Let me show you how you will install this. So I already downloaded this software. Click on this and my software will be installed because I am using Mac so the installation of any software in the Mac is like this and if you are using other operating system you need to click on that file and follow the installation process. So now my Burbsuit is installed and as you can see this is my Burbsuit community edition. Okay now we need to configure this software to your browser. That window is not visible so I think you need to share the whole screen then those files will be visible. Now it is visible. So your software will be installed in your system. Now you need to configure with this your browser. So with the help of some add-ons we will configure and we can capture all the traffic which will be your browser generating and Burbsuit will capture all the traffic. After catching the traffic we can analyze and we can modify and we can see what your web message says. So upon installing you can click on next and start Burb. You can find all the functions of this Burbsuit community edition. First we need to configure with this with our browser. So here you can find a function which will be called proxy. So proxy is something where you can listen all the traffic the browser generate. So we need to enable it and then we go to here options. In options section you can find an IP address and a port number. This is an IP address and this is a port number. So you need to provide this IP address and this port number into your browser and then we can capture all the data. So let's move on to your browser. Capturing or for communicating with the Burbsuit community edition you need to install a add-on named foxy proxy foxy proxy which you can find in the Firefox add-on section foxy proxy. There will be two versions of foxy proxy will be available. One is foxy proxy standard and one is foxy proxy basic. You can use both as well and you can use one of them. So I click here on foxy proxy basic. The tool is the add-on is already installed so you can find it here. So this is the foxy proxy add-ons and you need to go here click on options click on add and here you can provide the IP address which will be written here. So this is the IP address and this is the port number port number we need to configure with our browser. So you can give a title as your need. The title can be anything you want to. So I'm giving here Bob I'm giving her cyber security boot camp and this section this is called foxy IP address or DNS names where you can enter your IP address. And here you can provide the port number port number is 8080 then you can save it. Let me tell you once again click on the foxy proxy add-on click on option click on add then provide a name according to your need and which will you remember. Give here the IP address which will be which you can find it from Bob suit the IP address will remain same for all of you because this is a local host address. So it will be displayed as 127.0.0.1 and this is the port number port number 8080 so we need to give those IP and this port number into our foxy proxy add-on. So I'm already given so you can see the cyber security. This is the section where I will be created so you can see this configuration will ready and I can save it. So again we need to configure this IP and the port number into your browser and also Bob suit will provide a certificate as well. So we need to install this certificate into your browser so you can find the certificate here. Here is the section in for in proxy and when you go to option you can find the section of certificate import export CA certificate. You will click on that and export the certificate in the format you can import in export in the other format as well. But your browser will accept only the format so we will be export this certificate in the format click on the format click on next and choose a file to export the certificate because basically this is a path in your operating system where you want to download this certificate. So you need to select a path and I'm so I'm selecting the download section and provide a file name so this file name is cyber security and you can save it. So your certificate will be saved as cyber security. This is the name of certificate and you this is the path where certificate will be downloaded by Bob suit click on next. And the certificate you will get this message the certificate was successfully exported. Now close this window and back to the browser go to browsers setting the setting will be accessed by by this click on this setting. And here you can find all the certificates your browser had type the search in the search box and you can find the section where all the certificates will be displayed. Click on view certificate. So basically when a browser connect to the domains it will be you it will use different different certificates for communication. So all the pre-installed certifications are displayed and we have to import a new certificate which will be downloaded by the Bob suit. So we need to click on import and you have to put the file we will be downloaded earlier. So click on download and you can see here is my file. So you need to click on all files because the certificate files will be not uploading. Click on this cyber security and open the message is displayed. This certificate is already installed as a certificate authority. So basically my configuration is already happened. So I don't need to reconfigure it reconfigure the software. But if you are using this software this tool first time you need to provide a certificate for once. This configuration is for once when you when your configurations are done you are have to you are ready to go for using Bob suit. So now how to use Bob suit for using Bob suit. We need to go to proxy and the intercept tab and click on enable intercept means where your traffic will be displayed. You need to click on intercept zone. Basically we are what we are doing we are doing that our browser traffic will be redirected redirected to this this this software this tool. So we need to we need to see why what is the message our browser is generating and what is the message our server is responding. So what is the request and what is the response we can we can we can monitor both via this tool. So we need to go to proxy intercept and then intercept is on and then go back to your browser on the proxy proxy add on your setting. So this is my cyber security boot camp setting and now visit a website. So I am visiting a website Google.com and when you go to your Bob suit you can find the request here. This is the request this is the message your browser will generate when communicating with the Google. Got it. So this is so Bob suit is basically using the Bob suit is used for capturing all the traffic. Your browser is generating and upon capturing the traffic we can modify add some data if you want to. So let me tell you one more time how this work. So I am closing this. So I turn off everything now go back to your Bob suit community addition tool and go to the proxy section in proxy section. You can find a tab named intercept on this intercept intercept is on now this software is ready to capture all the traffic your browser is generating. Go to your browser go to your add on proxy proxy add on click on the configuration you will create it. Now visit the domain you want to capture the request so you can see the request is displayed here. This is the request my browser is generating and you can see there are many information in this request. If you want to see the response of the server here you need to forward this request into the repeater tab for forwarding this request into the repeater tab. You need to use the action tab action action function and in action function there is an option send to this send request send this request to repeater. So you can click here and your request is forwarded to a repeater. So this repeater tab will display all the responses your server will generate. So using Bob suit you can monitor what is the response what is the request generated by your browser and what is the response generated by your server. We can monitor both of the things are particularly in this software. So if I send this request to the server you can see the response of the server here. So this Bob suit is quite important for our cyber security. So you need to you need to understand how this function you need to understand how this how to configure this. When you are using this you are you can be able to capture all the request all the traffic your browser will generate and all the other things or all other the response messages your server will generate. With the help of this tool we can also modify or can delete or can change request and response as well. So now let's understand what is the what is in the request or what is in the response. So basically when you are when you are able to capture a request a request message contains three types of body one is called the request line. The second is called header line and then your message request message request is basically something your browser is generating to communicate with the server. So request message contains three types of headers one is request line the first line is known as request line. Then you have headers with have all the information about your browser about your connection about your host which will be you are connecting to then a blank line. It will separate your message and then your body also the response message also contains some one is response line then some headers then a blank line and then body body something when your data is displayed it is displayed in the body section. So let's go back to our Bob suit and see what these request line headers or body sections are in this request or response this first line is known as the request line it always comes with a STTP header. If your request if your message looks like this which where you have this STTP header in your message that means it is a request. All the other things like this host cookie and the other things user agent see in the bottom this is all the headers we have. And in headers we have some information regarding those headers like in the host header we have the domain name which will be you are which will be visiting and in the cookie section here is the all the cookie your browser is generating and in the user agent section this is the information about your browser. What is the what is your browser what are the what are the operating system you are use so I'm now right now I'm using a Macintosh Intel Mac OS X so it will be displayed here so headers contains some information regarding the header name so we have multiple request headers also. In the last we have a blank line then we have message body in this request there is no messages so the body section is empty. What if in and also in the response message the first line is known as response line this line is known as response line and then we have some headers like in 234567811. We have multiple headers then a blank line and we have our body the body will displayed all the data or the message and these headers or these request and response line will tell you how this how this transmission works. Your transmission is valid or not like if I want to give you example if you are visiting a website that is not responsive like if you are visiting a page and that is not available on the server you will get a error message so you will get here the error will be displayed here. So by analyzing this request and response we can differentiate how our server or how our browser behave so it is very important to understand how this Bob suit function because Bob using Bob suit we can automate our task we can scan a web application we can launch some attacks with the help of Bob suit. But first we need to configure with our browser so this configuration will be you can use the Google Chrome and other browsers as well but Firefox will provide you some efficiency or you can use easily so right now you can only use Bob suit with the Firefox browser as. So in Firefox browser install all these add-ons I told you in the first place so let me show you again these all of the add-ons you need to install in your section in your browser these all of the add-ons you need to install in your browser also the Bob suit software which you can be downloaded by visiting this website. For figure dotnet go to Bob suit community edition and go to downloads after downloading you can easily configure with your browser and your Bob suit for that you need to you need a proxy for that you need a proxy IP so you go to options and find your proxy IP and port after that you can export a certificate and these two setting can be imported into your browser for certificate you can go to the website. The settings tab and the search here certificate and import the certificate you are downloading from the Bob suit for giving the IP and port you can use the foxy proxy add-on setting go to options create a new setting add the IP and the port number and you are ready to go you can capture all the traffic. Before capturing the traffic you need to own this setting and on the Firefox or on the proxy button in the Bob suit software upon open while you are on the button you can able to capture all the request when your work is done you can off this button and off this setting and now you can use your internet like this. When you are directing or redirecting your traffic to the Bob suit you are not able to use your internet so make sure when your request capture is done you can turn off your settings so you can turn off here and you can turn off here. Hope you are getting this lab setup so with that note I will take your leave now on Monday we will be understanding how Bob suit functions works different types of Bob suit methods different types of Bob suit options and how you will analyze all the results in first place. So if you have any questions and doubts you can ask in the telegram group or you can ask in our chat section as well. Over to you sir. Okay thank you Sumit for sharing all the details with everybody and guys I am just sharing the telegram group link in the chat so if you are not part of the telegram group you can join and for sure like you just need to go through this session recording once again. Because whatever so much demonstrated you so you need to configure those things in your system and once those things are configured in your system then only upcoming sessions you will be able to practice and let us know in the telegram group. If you see any kind of difficulty while config configuring everything whatever so many explained to you so you can ask your question in the telegram group and so it will be there to support you. Right so I hope you are enjoying all the sessions and it is different kind of bootcamp and you won't find any channel any YouTube channel where live sessions are happening on cyber security in so much detail. So please follow Sumit's YouTube channel that is the cyber security zone on that channel he is posting small small videos covering specific topics related to cyber security and on my channel Sanjay Gupta Tech School he is coming live and sharing all the details with you. So the recordings will be available on his channel as well right so support him and if you are really interested to become a freelancer so cyber security is a good opportunity for you. Right so with this note thank you everybody for joining this session and do watch the recording and if you have any doubt then just ping in the telegram group. Thank you everybody thank you Sumit for sharing your knowledge and next session will be on next week Monday. Okay thank you everyone thank you Sumit. Thank you.