Creating a Passive Scan Check With Burp's BChecks

Ryan Armstrong
4 Jul 202307:48

Summary

TLDRThis tutorial delves into the intricacies of passive B checks in Beach X, contrasting initial misconceptions with the actual functionality. Unlike continuous, automated scanning, passive B checks require manual initiation with Burp's scanner. The video focuses on creating a simple B check to detect the presence of X-Frame-Options headers, illustrating the process from template selection to logic implementation. It clarifies that while passive checks do send requests, they don't involve malicious payloads, making them suitable for non-intrusive testing. The tutorial concludes with a demonstration of the scan process and result analysis, highlighting the tool's capabilities and limitations.

Takeaways

  • 🔍 The speaker initially assumed that passive B checks in Burp Suite functioned like passive scanning, continuously inspecting all traffic, but this is not the case.
  • 🛠️ Passive B checks are coupled with Burp's scanner and require activation during a scan to identify issues in requests or responses.
  • 💡 The speaker suggests that passive B checks could be useful for detecting information leakage, such as sensitive data sent to third-party analytics services.
  • 🚫 However, the speaker concludes that passive B checks are not an ideal solution for automatically flagging all instances of information leakage in traffic.
  • 📝 The tutorial demonstrates creating a simple passive B check to identify the presence of the 'X-Frame-Options' header in HTTP responses.
  • 🔧 The B check is created using a template and is modified to look for a specific HTTP header rather than AWS keys, which was the template's original purpose.
  • 👨‍💻 The logic of the B check is explained, which involves matching a response to a string literal and reporting if found.
  • 🔎 The tutorial shows how to validate, save, and enable the newly created passive B check within Burp Suite.
  • 🎯 To test the B check, a scan is launched targeting specific items and using only B checks for auditing, without active scanning payloads.
  • 🔄 Despite being passive, the B check process involves sending requests to the application, although no malicious payloads are included.
  • ⚠️ The speaker notes that to focus solely on passive checks, one should configure scans to exclude all items except for B checks.

Q & A

  • What is the primary difference between how the speaker initially thought passive B checks functioned and the actual functionality?

    -The speaker initially thought passive B checks would operate continuously, scanning all traffic like Burp's passive scanning, but they actually need to be coupled with Burp's scanner and are only triggered during a scan.

  • What is the main focus of the tutorial?

    -The tutorial focuses on creating and implementing passive B checks in Perp, specifically for identifying the presence of X-Frame-Options headers in HTTP responses.

  • Why did the speaker choose to create a passive B check for X-Frame-Options headers?

    -The speaker chose X-Frame-Options headers as an example to demonstrate the functionality of passive B checks, as it is a straightforward and easily identifiable header to check for presence.

  • How does the speaker suggest implementing a passive B check for information leakage?

    -The speaker suggests that passive B checks are not the best solution for information leakage because they require running Burp's scanner against specific targets rather than scanning all traffic automatically.

  • What is the process for creating a new B check in Perp?

    -The process involves going to the Extensions tab, then the B checks tab, clicking 'new', and starting from a template. The speaker modifies the template to check for X-Frame-Options headers.

  • What is the significance of the 'latest.response' and 'matches' functions in the B check logic?

    -The 'latest.response' function refers to the most recent HTTP response, and 'matches' is used to check if the response contains a specific string or pattern, in this case, 'x-frame-options'.

  • Why does the speaker include an 'author' tag in the B check?

    -The speaker includes an 'author' tag to attribute the creation of the B check to themselves, as they are the ones developing this specific check.

  • What is the purpose of the 'report an issue' function in the B check?

    -The 'report an issue' function is used to log a finding when the B check identifies the presence of the X-Frame-Options header in the HTTP response.

  • How does the speaker configure Burp to only use B checks during scanning?

    -The speaker configures Burp to only use B checks by deselecting all scan items except for B checks, ensuring that only passive checks are performed without sending malicious payloads.

  • What does the speaker notice about the scanner's behavior when running a passive B check?

    -The speaker notices that even though it's a passive check, the scanner sends requests to the application, although it does not send requests with malicious payloads.

Outlines

plate

Этот раздел доступен только подписчикам платных тарифов. Пожалуйста, перейдите на платный тариф для доступа.

Перейти на платный тариф

Mindmap

plate

Этот раздел доступен только подписчикам платных тарифов. Пожалуйста, перейдите на платный тариф для доступа.

Перейти на платный тариф

Keywords

plate

Этот раздел доступен только подписчикам платных тарифов. Пожалуйста, перейдите на платный тариф для доступа.

Перейти на платный тариф

Highlights

plate

Этот раздел доступен только подписчикам платных тарифов. Пожалуйста, перейдите на платный тариф для доступа.

Перейти на платный тариф

Transcripts

plate

Этот раздел доступен только подписчикам платных тарифов. Пожалуйста, перейдите на платный тариф для доступа.

Перейти на платный тариф
Rate This

5.0 / 5 (0 votes)

Связанные теги
Web SecurityBurp SuitePassive ScanInformation LeakagePenetration TestingSecurity TutorialB ChecksAWS KeysX-Frame OptionsApplication Testing
Вам нужно краткое изложение на английском?