Share localhost web server over internet

Localtunnel lets you expose a local webserver to the public internet. During pentesting, when you want to include a remote file into an application for LFI, Cross Site Scripting and remote code execution. localtunnel is very useful.

It is easy to setup, you can make any changes instantly as it is hosted
on your local machine. localtunnel is available for both Windows and linux.

Step 1:-
Install localtunnel using Rubygems.

$# gem install localtunnel

Step 2:-
Run your local web server on any port. Lets say apache on 8080

Step 3:-

First time you need to create your public ssh key.

Step 4:-

Now run the localtunnel passing it the port to share.The first time you run localtunnel you have to point to the public ssh key.

$# localtunnel -k (path to ssh) 8080

Copy the URL generated by localtunnel and paste in browser. 

Done!!!

Script to find live IP addresses on your network

Sometimes it can be the simplest of things which are the hardest to do. An example is finding details of IP address allocation and usage on the network.

This command will ping all addresses in your class C network from .1 to .254 and display the result of the ping if the address responds:

C:\>for /L %a in (1,1,254) do @ping -n 1 192.168.3.%a|find "TTL"
Reply from 192.168.3.1: bytes=32 time<1ms TTL=128
Reply from 192.168.3.3: bytes=32 time<1ms TTL=128
Reply from 192.168.3.4: bytes=32 time<1ms TTL=128
Reply from 192.168.3.9: bytes=32 time<1ms TTL=64
Reply from 192.168.3.17: bytes=32 time=2ms TTL=128
Reply from 192.168.3.22: bytes=32 time=2ms TTL=12
Reply from 192.168.3.27: bytes=32 time=2ms TTL=128
Reply from 192.168.3.41: bytes=32 time=1ms TTL=128


As you can see, this has picked up some addresses which we didn't see in the ARP list.

The command is actually sending a single ping to each address in the range but only displaying those which respond as being 'alive'.

Setting up TOR in BackTrack

1. Add Repository

The first step is to add repository of tor in backtrack so that when we hit apt-get it should resolve the required address and fetch the dependencies. To do so edit the file "/etc/apt/resources.list"  and append below link to file.

deb http://deb.torproject.org/torproject.org lucid main

2. Add a new key to repository

gpg --keyserver keys.gnupg.net --recv 886DDD89

gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -

3. Update the software list using apt-get

apt-get update

4. Install tor, vadalia and piroxy

apt-get install tor tor-geoipdb privoxy vidalia

apt-get install proxychains

5. Configure piroxy to forward request to tor daemon.

gedit /etc/privoxy/config 

and uncomment the following line "forward-socks5 / 127.0.0.1:9050"

6. Start the engine

/etc/init.d/privoxy start

/etc/init.d/tor start  

7. Testing the environment

proxychains tracert google.com

7. Done !!!

Now Check the response.

Proxying BurpSuite through TOR

       Hi everyone, Today i am going to demonstrate how to send BurpSuite requests through tor proxy servers. First understand the scenario what we are going to do, 

       In general we set our browser's proxy to "127.0.0.1:9050" on which tor proxy daemon is running. So our request is directly going through "tor proxy servers" to the destination.

Browser --> Tor Proxy --> Destination

Lets add BurpSuite in-between the Browser and a Tor proxy, to do so we need to specify two interfaces to Burp one will handle requests from the browser to Burp and second will send requests from Burp to tor proxy.

 Step 1:- Install tor  

Open /etc/apt/resouces.list file using any editor in BackTrack and add following line.

"deb http://deb.torproject.org/torproject.org  lucid main"

Open command prompt and run following commands  to install tor

gpg --keyserver keys.gnupg.net --recv 886DDD89

gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -

apt-get update

apt-get install tor tor-goipdb

apt--get install privoxy

Now we have successfully installed tor & piroxy.

Step 2:- Configure

open /etc/privoxy/config file and uncomment the following line

forward-socks4a / 127.0.0.1:9050

start both the services tor & privoxy.

/etc/init.d/tor start

/etc/init.d/privoxy start

Step 3:-Set BurpSuite

First you need to configure your browser to point to Burp for outbound HTTP & HTTPS connection, then you need to set your SOCKS proxy to point to your tor service running on port 9050 by default.

 

Finally configure BurpSuite to point to privoxy. 
Select "options tab" in Burp and navigate to 'upstream proxy server' click on 'add' button. By default privoxy runs on port '8118' so add proxy host and port accordingly.

 To verify that you are being routed through tor network visit www.whatismyipaddress.com

Keep visiting blog for exploits and vulnerabilities :)