Idra intercettante con suite di burp

2

Utilizzo la suite di burp come proxy e quando eseguo hydra, la suite di burp dovrebbe essere in grado di intercettarla e registrarla nella cronologia HTTP, ma al suo posto ottengo l'errore

Can not connect [unreachable]

Ho provato export HYDRA_PROXY_HTTP=http://127.0.0.1:8080 e export HYDRA_PROXY=socks5:127.0.0.1:8118 , ma nessuno di questi funziona. La suite di Burp dice che il proxy è in esecuzione, intercetta persino le richieste di Firefox, ma non Hydra.

Il comando che uso è questo:

hydra -l admin -p password -e ns -t 1 -F -u -w 10 -W 1 -v -V 127.0.0.1 http-post-form "/~bob/DVWA/login.php:username=^USER^&password=^PASS^&user_token=${CSRF}&Login=Login:F=Location\: login.php:C=/404.php:H=Cookie: security=impossible; PHPSESSID=${SESSIONID}"

e ottengo questo

MacBook-Pro:Desktop bob$ hydra -1 admin -p password -e ns —t 1 —F —u —w 10 —W 1 —v —v 127.0.0.1 http-post-form "tybob/DVMA/login.php:username=ADSERa&password=APASS^&user token4(C) SRF}&Login=Login:F=Location\: login.php:C=/404.php:H=Cookie: security=impossible; PHPSESSID=WESSIONIDI"
Hydra v8.4 (c) 2017 by van Hauser/THC — Please do not use in military or secret service organizations, or for illegal purposes. 

Hydra (http://www.thc.org/thc—hydra) starting at 2017-03-18 14:43:40
[INFO] Using HTTP Proxy: http://127.0.0.1:8080 
[INFORMATION] escape sequence \: detected in module option, no parameter verification is performed. 
[DATA] max 1 task per 1 server, overall 1 tasks, 3 login tries (1:1/p:3), —3 tries per task 
[DATA] attacking service http—post—form on port 80 
[DATA] with additional data /—bob/DVWA/login.php:username=nUSERA&password=^PASS^&user_token=39926bc7cff8584646ef71ab6f17cd88&Login=login:F=Location\: login.php:C=/404.php:H=Cookie : security=impossible; PHPSESSID=0018e65e3e7365e1f36a5dd5b375fac3 
[VERBOSE] Resolving addresses ... 
[VERBOSE] resolving done 
Process 2947: Can not connect 
[unreachable], retrying (1 of 1 retries) 
[ATTEMPT] target 127.0.0.1 — login "admin" — pass "admin" — 1 of 3 (child 0] (0/0) 
Process 2947: Can not connect 
[unreachable] 
[ERROR] Child with pid 2947 terminating, cannot connect 
[VERBOSE] Retrying connection for child 0 
Process 2948: Can not connect 
[unreachable], retrying (1 of 1 retries) 
[RE—ATTEMPT] target 127.0.0.1 — login "admin" — pass "" — 1 of 3 
[child 01 (0/0) 
Process 2948: Can not connect 
[unreachable] 
[ERROR] Child with pid 2948 terminating, cannot connect 
[VERBOSE] Retrying connection for child 0 
Process 2950: Can not connect 
[unreachable], retrying (1 of 1 retries) 
[RE—ATTEMPT] target 127.0.0.1 — login "admin" — pass "password" — 1 of 3 
[child 0) (0/0) 
Process 2950: Can not connect 
[unreachable] 
[ERROR] Child with pid 2950 terminating, cannot connect 
Process 2951: Can not connect 
[unreachable], retrying (1 of 1 retries) 
[REDO—ATTEMPT] target 127.0.0.1 — login "admin" — pass "password" — 2 of 4 
[child 0] (1/1) 
Process 2951: Can not connect 
[unreachable) 
[ERROR] Child with pid 2951 terminating, cannot connect 
Process 2953: Can not connect 
[unreachable], retrying (1 of 1 retries) 
[REDO—ATTEMPT] target 127.0.0.1 — login "admin" — pass "password" — 3 of 5 (child 0] (2/2) 
Process 2953: Can not connect 
[unreachable] 
[ERROR] Child with pid 2953 terminating, cannot connect 
Process 2955: Can not connect 
[unreachable], retrying (1 of 1 retries) 
[REDO—ATTEMPT] target 127.0.0.1 — login "admin" — pass "password" — 4 of 6 
[child 0] (3/3) 
Process 2955: Can not connect 
[unreachable] 
[ERROR] Child with pid 2955 terminating, cannot connect 
Process 2956: Can not connect 
[unreachable], retrying (1 of 1 retries) 
[STATUS] attack finished for 127.0.0.1 (waiting for children to complete tests) 1 of 1 target completed, 0 valid passwords found Hydra (http://www.thc.org/thc—hydra) finished at 2017-03-18 14:44:00
MacBook—Pro:Desktop bob$ 

fonte

Sono abbastanza nuovo su questo argomento, quindi non so esattamente cosa sto facendo sempre. Ho seguito un tutorial che ho trovato. Per favore qualcuno può spiegare cosa sto sbagliando? Capisco che la suite di burp non possa registrare le richieste di hydra, perché hydra non si connette tramite proxy, ma perché è così?

    
posta Java-Kree 18.03.2017 - 17:03
fonte

0 risposte

Leggi altre domande sui tag