Week 3 - Deep Dive into Footprinting and Burp Suite

As required by the course guidelines, any tools, techniques, and tutorials shared on this blog are strictly for educational purposes. I am not responsible for any misuse of the information or tools demonstrated here.

Week 3 of Ethical Hacking and Penetration Testing got significantly more technical. We moved past the high-level theory of Target Scoping and Information Gathering and started getting our hands dirty with actual footprinting tools in our Kali Linux VMs.

Here is a rundown of the practical techniques we covered.


Target Scoping Realities

Before launching into the tools, we discussed the logistics of scoping. It is not just about picking a target; it involves defining business objectives, establishing strict test boundaries, and setting up project management schedules. You need to know exactly what is allowed (e.g., black-box vs. white-box testing) and what is strictly off-limits before you start.


Intercepting Traffic with Burp Suite

One of the core practical skills this week was setting up Burp Suite. Burp Suite acts as a local proxy. By configuring Firefox to route traffic through 127.0.0.1 on port 8080, you can intercept, inspect, and modify HTTP requests before they even reach the server.

Because so much of the web is encrypted today, we also had to download the PortSwigger CA certificate from the proxy and import it into our browser's trusted authorities to properly intercept HTTPS traffic.

As a class demonstration, we looked at how this works when submitting a login request to our campus portal, binusmaya.binus.ac.id. When you intercept the POST request during a login attempt, you can see the raw parameters, including the username and password, captured in cleartext within the proxy. (Note: A huge reminder was given in class: DO NOT SCAN or launch attacks against university infrastructure!)


DNS Enumeration and Zone Transfers

We spent a lot of time in the terminal using tools like whois, host, and dig. These are standard tools for gathering IP addresses and domain information.

The ultimate goal during this phase is often to check if a target's Domain Name System (DNS) server is vulnerable to a Zone Transfer. If a server is misconfigured and allows a zone transfer, it basically hands over the organization's entire network diagram, revealing internal hostnames and IP addresses.


HTTP Under the Hood

A basic understanding of HTTP is critical for security testers. We reviewed different HTTP methods (like GET, POST, and OPTIONS). We also broke down HTTP status codes. Analyzing the specific codes returned—like 4xx for client errors and 5xx for internal server errors—can sometimes passively reveal information about the underlying server operating system.


Other Footprinting Details

To wrap up, we touched on a few other tracking and reporting methods:

Web Bugs: We looked at how 1-pixel by 1-pixel invisible image files are embedded in pages to track users, often working alongside cookies.

Reporting: All of this gathered information has to go somewhere, so we were introduced to Dradis, an open-source framework used to compile and report penetration testing findings.

Next week, we are moving into target discovery and utilizing search engines for deeper reconnaissance. For now, I have a lot of terminal commands to memorize.

Comments

Post a Comment

Popular posts from this blog

Week 2 - Target Scoping and Information Gathering

Here is a draft for your Week 2 blog post, keeping that same grounded, realistic student perspective. Just a reminder as required by the course: any tools, techniques, and concepts shared on this blog are strictly for educational purposes. I am not responsible for any misuse of the information or tools discussed here. Week 2 of Ethical Hacking is here, and my Kali Linux VM is finally set up and running smoothly. This week, we moved past the legal definitions and jumped right into the first two steps of the Kali Linux Testing Methodology: Target Scoping and Information Gathering. To prepare, our reading assignment was chapters 3 and 4 from Kali Linux: Assuring Security By Penetration Testing (KLASPT). Here are my notes on the early phases of a penetration test. Step 1: Target Scoping Before you even think about touching a network or firing up a terminal, you have to define the scope of the test. This is arguably the most important part from a legal and professional standpoint. Scoping ...
Read more

Week 5 - Target Enumeration and Uncovering Real IPs

As always, any tools, techniques, and concepts shared on this blog are strictly for educational purposes. I am not responsible for any misuse of the information or tools discussed here. All practical exercises were conducted on authorized target domains. Week 5 of Ethical Hacking and Penetration Testing moved us from discovering targets into actively enumerating them. Led by S. Pradono Suryodiningrat, the lecture focused on extracting highly specific information from our targets—things like network shares, active usernames, passwords, and the exact operating systems running on the machines. Here are my notes from the session, followed by the results of our practical lab assignment. The Theory: Enumerating Environments   Enumeration is an intrusive process. We looked heavily into enumerating Microsoft operating systems, specifically utilizing NetBIOS over TCP/IP (NBT). We practiced installing and using nbtscan on our Kali Linux setups to scan ranges of IP addresses. We also reviewe...
Read more

Week 1 - Intro to Ethical Hacking and Building the Lab

As required by the course guidelines, any tools, techniques, and tutorials shared on this blog are strictly for educational purposes . I am not responsible for any misuse of the information or tools demonstrated here. We just had our first session for the Ethical Hacking & Pen Test course at BINUS University International . Our lecturer, Pak Kalpin Erlangga Silaen , laid out the syllabus, the ground rules, and what we will be covering this semester. The main objective of the course is straightforward: get hands-on experience with hacking tools and penetration testing techniques . We will be walking through the complete ethical hacking cycle, which includes information gathering, enumeration, system hacking, privilege escalation, and covering tracks . Our main textbook for the semester is Mastering Kali Linux by Noah Hardy . Course Policies and Ethics One thing made very clear today is that professional ethics are non-negotiable in this field. We are actually expected to sign an a...
Read more