버그 바운티를 하다보면, 간혹 차단되는 경우가 있습니다. 다시 차단을 우회하고 접속할 수 있는 방법에는 여러가지가 있으나 tor를 이용하면 간단하게 처리할 수 있습니다.
Sometimes, when you do a bug bounty, network block me from target’s security team… There are many ways to bypass blockage and connect, but with tor, you can do it simply


다만 tor를 사용하면 내 request와 response는 나만의 것이 아니니 중요정보가 포함되거나 인증 쿠키등은 조심해야합니다.
But, if you use tor, my request and response are not only my own, so I have to be careful of important information and certified cookies.


Install & Run tor

Install

$ brew install tor

Running tor

$ tor
Nov 15 23:55:22.342 [notice] Tor 0.4.1.6 running on Darwin with Libevent 2.1.11-stable, OpenSSL 1.1.1d, Zlib 1.2.11, Liblzma N/A, and Libzstd N/A.
Nov 15 23:55:22.342 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Nov 15 23:55:22.343 [notice] Configuration file "/usr/local/etc/tor/torrc" not present, using reasonable defaults.
Nov 15 23:55:22.351 [notice] Opening Socks listener on 127.0.0.1:9050
Nov 15 23:55:22.351 [notice] Opened Socks listener on 127.0.0.1:9050
Nov 15 23:55:22.000 [notice] Parsing GEOIP IPv4 file /usr/local/Cellar/tor/0.4.1.6/share/tor/geoip.
Nov 15 23:55:22.000 [notice] Parsing GEOIP IPv6 file /usr/local/Cellar/tor/0.4.1.6/share/tor/geoip6.
Nov 15 23:55:22.000 [notice] Bootstrapped 0% (starting): Starting
Nov 15 23:55:22.000 [notice] Starting with guard context "default"
Nov 15 23:55:23.000 [notice] Bootstrapped 5% (conn): Connecting to a relay
Nov 15 23:55:24.000 [notice] Bootstrapped 10% (conn_done): Connected to a relay
Nov 15 23:55:24.000 [notice] Bootstrapped 14% (handshake): Handshaking with a relay
Nov 15 23:55:25.000 [notice] Bootstrapped 15% (handshake_done): Handshake with a relay done
Nov 15 23:55:25.000 [notice] Bootstrapped 20% (onehop_create): Establishing an encrypted directory connection
Nov 15 23:55:25.000 [notice] Bootstrapped 25% (requesting_status): Asking for networkstatus consensus
Nov 15 23:55:25.000 [notice] Bootstrapped 30% (loading_status): Loading networkstatus consensus
Nov 15 23:55:30.000 [notice] Bootstrapped 45% (requesting_descriptors): Asking for relay descriptors
Nov 15 23:55:30.000 [notice] I learned some more directory information, but not enough to build a circuit: We need more microdescriptors: we have 2862/6000, and can only build 15% of likely paths. (We have 55% of guards bw, 53% of midpoint bw, and 53% of exit bw = 15% of path bw.)
Nov 15 23:55:31.000 [notice] Bootstrapped 56% (loading_descriptors): Loading relay descriptors
Nov 15 23:55:34.000 [notice] Bootstrapped 62% (loading_descriptors): Loading relay descriptors
Nov 15 23:55:34.000 [notice] Bootstrapped 67% (loading_descriptors): Loading relay descriptors
Nov 15 23:55:35.000 [notice] Bootstrapped 72% (loading_descriptors): Loading relay descriptors
Nov 15 23:55:35.000 [notice] Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
Nov 15 23:55:36.000 [notice] Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
Nov 15 23:55:36.000 [notice] Bootstrapped 95% (circuit_create): Establishing a Tor circuit
Nov 15 23:55:37.000 [notice] Bootstrapped 100% (done): Done

Setting SOCK5 Proxy on Burp suite

Burp suite > Project options(or User options) > SOCK5 Proxy


host : localhost
port : 9050

Burp request using tor tunnel

The outgoing proxy is now use a tor network

https://i.giphy.com/B37cYPCruqwwg.gif

댓글 없음:

댓글 쓰기