Creating a Passive Scan Check With Burp's BChecks
Summary
TLDRThis tutorial delves into the intricacies of passive B checks in Beach X, contrasting initial misconceptions with the actual functionality. Unlike continuous, automated scanning, passive B checks require manual initiation with Burp's scanner. The video focuses on creating a simple B check to detect the presence of X-Frame-Options headers, illustrating the process from template selection to logic implementation. It clarifies that while passive checks do send requests, they don't involve malicious payloads, making them suitable for non-intrusive testing. The tutorial concludes with a demonstration of the scan process and result analysis, highlighting the tool's capabilities and limitations.
Takeaways
- 🔍 The speaker initially assumed that passive B checks in Burp Suite functioned like passive scanning, continuously inspecting all traffic, but this is not the case.
- 🛠️ Passive B checks are coupled with Burp's scanner and require activation during a scan to identify issues in requests or responses.
- 💡 The speaker suggests that passive B checks could be useful for detecting information leakage, such as sensitive data sent to third-party analytics services.
- 🚫 However, the speaker concludes that passive B checks are not an ideal solution for automatically flagging all instances of information leakage in traffic.
- 📝 The tutorial demonstrates creating a simple passive B check to identify the presence of the 'X-Frame-Options' header in HTTP responses.
- 🔧 The B check is created using a template and is modified to look for a specific HTTP header rather than AWS keys, which was the template's original purpose.
- 👨💻 The logic of the B check is explained, which involves matching a response to a string literal and reporting if found.
- 🔎 The tutorial shows how to validate, save, and enable the newly created passive B check within Burp Suite.
- 🎯 To test the B check, a scan is launched targeting specific items and using only B checks for auditing, without active scanning payloads.
- 🔄 Despite being passive, the B check process involves sending requests to the application, although no malicious payloads are included.
- ⚠️ The speaker notes that to focus solely on passive checks, one should configure scans to exclude all items except for B checks.
Q & A
What is the primary difference between how the speaker initially thought passive B checks functioned and the actual functionality?
-The speaker initially thought passive B checks would operate continuously, scanning all traffic like Burp's passive scanning, but they actually need to be coupled with Burp's scanner and are only triggered during a scan.
What is the main focus of the tutorial?
-The tutorial focuses on creating and implementing passive B checks in Perp, specifically for identifying the presence of X-Frame-Options headers in HTTP responses.
Why did the speaker choose to create a passive B check for X-Frame-Options headers?
-The speaker chose X-Frame-Options headers as an example to demonstrate the functionality of passive B checks, as it is a straightforward and easily identifiable header to check for presence.
How does the speaker suggest implementing a passive B check for information leakage?
-The speaker suggests that passive B checks are not the best solution for information leakage because they require running Burp's scanner against specific targets rather than scanning all traffic automatically.
What is the process for creating a new B check in Perp?
-The process involves going to the Extensions tab, then the B checks tab, clicking 'new', and starting from a template. The speaker modifies the template to check for X-Frame-Options headers.
What is the significance of the 'latest.response' and 'matches' functions in the B check logic?
-The 'latest.response' function refers to the most recent HTTP response, and 'matches' is used to check if the response contains a specific string or pattern, in this case, 'x-frame-options'.
Why does the speaker include an 'author' tag in the B check?
-The speaker includes an 'author' tag to attribute the creation of the B check to themselves, as they are the ones developing this specific check.
What is the purpose of the 'report an issue' function in the B check?
-The 'report an issue' function is used to log a finding when the B check identifies the presence of the X-Frame-Options header in the HTTP response.
How does the speaker configure Burp to only use B checks during scanning?
-The speaker configures Burp to only use B checks by deselecting all scan items except for B checks, ensuring that only passive checks are performed without sending malicious payloads.
What does the speaker notice about the scanner's behavior when running a passive B check?
-The speaker notices that even though it's a passive check, the scanner sends requests to the application, although it does not send requests with malicious payloads.
Outlines
Dieser Bereich ist nur für Premium-Benutzer verfügbar. Bitte führen Sie ein Upgrade durch, um auf diesen Abschnitt zuzugreifen.
Upgrade durchführenMindmap
Dieser Bereich ist nur für Premium-Benutzer verfügbar. Bitte führen Sie ein Upgrade durch, um auf diesen Abschnitt zuzugreifen.
Upgrade durchführenKeywords
Dieser Bereich ist nur für Premium-Benutzer verfügbar. Bitte führen Sie ein Upgrade durch, um auf diesen Abschnitt zuzugreifen.
Upgrade durchführenHighlights
Dieser Bereich ist nur für Premium-Benutzer verfügbar. Bitte führen Sie ein Upgrade durch, um auf diesen Abschnitt zuzugreifen.
Upgrade durchführenTranscripts
Dieser Bereich ist nur für Premium-Benutzer verfügbar. Bitte führen Sie ein Upgrade durch, um auf diesen Abschnitt zuzugreifen.
Upgrade durchführenWeitere ähnliche Videos ansehen
Vulnerability Scanning - CompTIA Security+ SY0-401: 3.8
GitLab | SonarCloud | Code Scan | How to Set Up GitLab Code Scan with SonarCloud | SonarQube
Passive Voice Materi Bahasa Inggris Wajib Kelas XII
Factoring Sums and Differences of Perfect Cubes
How to build an IFTTT integration - Getting started
DNA replication initiation in E coli
5.0 / 5 (0 votes)
