-
-
Notifications
You must be signed in to change notification settings - Fork 238
Home
Below are the steps to hopefully get you up and running quickly.
If you're testing a mobile device or client on a separate machine then all you need to do is follow these few steps:
- Set the DNS on the client machine (i.e. iphone) to the same IP address that is running BurpSuite and the NoPE Proxy Extension.
- On the NoPE Proxy -> Server Config Tab: Select the correct interface from the list. Your current IP address should automatically populate into the 'DNS Response IP' input box.
- On the NoPE Proxy -> Server Config Tab: Enter the correct DNS port number. *If your on NIX then you will need to run Burp as root to be able to enable lower numbered ports like 53, 80, 443.
- On the NoPE Proxy -> Server Config Tab: Click Start DNS.
- On the NoPE Proxy -> Server Config Tab: Click the 'Add 80 & 443 to Burp' button. This will add the HTTP invisible proxies into burp. *If your on NIX then you will need to run Burp as root to be able to enable lower numbered ports like 53, 80, 443.
- If the application you're testing is not using any binary protocols then your done.
NoPE proxy will automatically resolve real host names using the Google DNS server (8.8.8.8). This means you can set you're test machine's DNS server to 127.0.0.1 and NoPE will handle DNS for your system and still be able to resolve real IP addresses. Follow these steps to set up single host testing.
- On you test machine set the system DNS server to 127.0.0.1
- On the NoPE Proxy -> Server Config Tab: Enter the correct DNS port number. *If your on NIX then you will need to run Burp as root to be able to enable lower numbered ports like 53, 80, 443.
- On the NoPE Proxy -> Server Config Tab: Uncheck 'Use the above "DNS Response IP" for ALL ...'
- On the NoPE Proxy -> Server Config Tab: Set IP address and hostnames to resolve in the 'Custom hosts file'. This follows the same format as any host file. Example:
127.0.0.1 www.google.com
- On the NoPE Proxy -> Server Config Tab: Click Start DNS.
- On the NoPE Proxy -> Server Config Tab: CLick the 'Add 80 & 443 to Burp' button. This will add the HTTP invisible proxies into burp. *If your on NIX then you will need to run Burp as root to be able to enable lower numbered ports like 53, 80, 443.
- If the application you're testing is not using any binary protocols then your done.
If you have the above steps working and now need to proxy non-HTTP protocols then you will first need to determine the hostnames, IP address and ports your application uses. This information will be inputed into the 'Non-HTTP proxy settings' You can do this is a few different ways. Wireshark is an option but I have created other tools to make this easier. Follow these steps to find the hostname, Ports, Server IP addresses.
These steps assume you have one of the above configurations already setup and running.
- Run your Mobile or Thin client application and monitor the DNS History tab in Nope.
- Review the DNS History for most recent requests. This will show the hostnames the client is attempting to connect to.
Now that you have hostnames you need the IP addresses. If your Running everything client side (single machine config) then the DNS History will have the correct IP address. If your running off two machines then you can just ping that hostname to get the real IP address.
Getting the ports it's trying to connect to can be achieved by navigating to Nope Proxy's DNS History tab. Start the port monitor by clicking the green button on the right. This will display the device's ip address, connected port number and either TCP or UDP depending on the protocol the device used to connect.
Alternate Method to get connecting ports (old method) or if the pcap
Getting the ports its trying to connect to can be achieved by running lister.py.
- Run lister.py as follows:
$ sudo python ./lister.py -i eth0
- This will list every port the client attempts to connect to on the local machine.
$ sudo python ./lister.py -i eth0
Listening on en1 (192.168.1.128)
**Note: Lister.py will only show new unique connections.
Connection from 192.168.1.198 to port 443
Connection from 192.168.1.198 to port 993
Connection from 192.168.1.224 to port 443
Connection from 192.168.1.224 to port 80
Connection from 192.168.1.224 to port 49152
Connection from 192.168.1.224 to port 15000
Now you should have Server IP address, Server Ports, and Hostnames. You can now create proxy listeners for these services.
- On the NoPE Proxy -> Server Config Tab: Enter the Server Address you found above, enter the Server Port as found above, and the listener port should be the same as the server port.
- If the service is SSL then select the SSL checkbox. Ensure you have burp's CA properly configured.
- Click Add
- If the protocol was UDP then select this checkbox in the table. (SSL is not available for UDP traffic)
- Click Enable from the table row of the newly created proxy listener.
- Restart your mobile or thin client application and ensure that that requests are flowing into the TCP History tab.