버그 바운티를 하다보면, 간혹 차단되는 경우가 있습니다. 다시 차단을 우회하고 접속할 수 있는 방법에는 여러가지가 있으나 tor를 이용하면 간단하게 처리할 수 있습니다.

Sometimes, when you do a bug bounty, network block me from target’s security team… There are many ways to bypass blockage and connect, but with tor, you can do it simply

다만 tor를 사용하면 내 request와 response는 나만의 것이 아니니 중요정보가 포함되거나 인증 쿠키등은 조심해야합니다.

But, if you use tor, my request and response are not only my own, so I have to be careful of important information and certified cookies.

Install & Run tor

Install

brew install tor

Running tor

tor

Nov 15 23:55:22.342 [notice] Tor 0.4.1.6 running on Darwin with Libevent 2.1.11-stable, OpenSSL 1.1.1d, Zlib 1.2.11, Liblzma N/A, and Libzstd N/A.
Nov 15 23:55:22.342 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Nov 15 23:55:22.343 [notice] Configuration file "/usr/local/etc/tor/torrc" not present, using reasonable defaults.
.... snip ....
Nov 15 23:55:36.000 [notice] Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
Nov 15 23:55:36.000 [notice] Bootstrapped 95% (circuit_create): Establishing a Tor circuit
Nov 15 23:55:37.000 [notice] Bootstrapped 100% (done): Done

Setting SOCK5 Proxy on Burp suite

Burp suite > Project options(or User options) > SOCK5 Proxy

• host : localhost
• port : 9050

Burp request using tor tunnel

The outgoing proxy is now use a tor network