Author Archives: Felix

TL;DR; New BurpSuite plugin called “Look Over There” that tells Burp where to look when scanning API end points that otherwise would be like shouting into a void.

---

I fondly remember the good old days when restful web apps meant you could walk through the web application, check it for sanity and then use the Active Scanning techniques within Burp Suite to get a significant amount of coverage completed without much effort.

On far too many recent web application penetration tests I have found myself frustrated that Burp doesn’t understand the application’s JavaScript API calls and what they mean or where it should look for results. These are the days of the Single Page Application (SPA) and JavaScript driven API calls and the frustration grew to the point where I wrote an extension to help.

Look Over There is expected to be available in the BApp store any moment now and you can also find the source code here:

https://github.com/yg-ht/Burp-LookOverThere

The extension checks for a number of scoping requirements and if they all match it will inject a Location header and a 302 HTTP status code. This means that Burp will interpret redirection and make the necessary additional requests. If configured correctly it will request the resource in which reflected content can be found and analyse it as it ordinarily would, for example in an old-skool restful web application.

To use the extension you first need to configure it, and then you need to send the relevant request to the Scanner or to Intruder for more targeted Scanning. Configuration is straight forward, at minimum you need to enable the plugin, specify the trigger URL and specify the target URL. There are also other relevant qualities about the request that can further specify the type of transaction in order to be as precise as possible. It is important to configure it correctly to make sure the extension only operates when you want it to prevent the extension from accidentally trampling on any other possible results.

• The trigger URL is the URL that is being scanned. It triggers the extension to take action and without this, nothing happens and the tool won’t know it is supposed to do something.
• The target URL is where you want Burp to look. This should be the URL that would return the reflected content. The contents here can be in any format, for example, a full HTML page, or just a JSON blob.

In this episode of “You Gotta Hack That,” hosted by Felix, the focus turns to Closed-Circuit Television (CCTV) systems and their vital role in building security within the context of the Internet of Things (IoT). The episode begins by introducing the concept of CCTV, emphasizing its closed nature and historical reliance on coax cables and analog signals. Over time, advancements in technology have led to higher resolutions and increased capabilities in CCTV systems. The host highlights the various components of CCTV systems, including cameras, video recorders, cloud connections, and network equipment, all of which contribute to the system’s attack surface.

Felix explores potential motivations for attacking CCTV systems, such as espionage, tampering with evidence, or obstructing live video feeds. He delves into vulnerabilities within CCTV systems, particularly those related to web applications and the Real-Time Streaming Protocol (RTSP). These vulnerabilities can lead to unauthorized access, data manipulation, or even commandeering of the systems. The host discusses the security challenges posed by outdated technology, emphasizing the risks associated with running legacy Linux kernels that lack modern security features.

The podcast episode also touches on cloud-based CCTV systems, highlighting their potential advantages in terms of security oversight, though not without their own vulnerabilities. The conversation extends to the importance of network segmentation and the challenges posed by complex network setups in various environments. Felix underscores the significance of using experienced and qualified individuals for penetration testing on these systems, given the intricate and often overlooked vulnerabilities that could be exploited.

Reflecting on the prevalence of CCTV systems and their societal impact, Felix stresses the importance of choosing reputable vendors who prioritize security. He encourages potential buyers to inquire about pentest results and corrective action logs, ensuring that security is a top priority in their choice of CCTV systems. As the episode concludes, Felix expresses gratitude for the listeners’ engagement and urges them to share and review the show. He offers multiple avenues for further communication and invites participation in discussions surrounding IoT security.

In this insightful podcast episode, listeners gain a comprehensive understanding of the intricate world of CCTV systems within the IoT landscape. Felix provides valuable insights into the vulnerabilities, risks, and best practices associated with these systems, serving as a resource for both experts and individuals seeking to enhance their knowledge of IoT security.

In this episode of “You Gotta Hack That,” Felix explores the world of occupancy sensors, focusing on their role in the security of the Internet of Things (IoT). These sensors play a critical role in modern systems, detecting the presence of people and influencing various actions like security alarms, HVAC systems, and lighting. Occupancy sensors come in different types, each with varying levels of complexity. At the top end, there are complex sensors like noise and video sensors, which require sophisticated computation to interpret the data they receive accurately.

The discussion centers around Passive Infrared Sensors (PIRs), which are commonly used but not well-understood by the general public. PIRs detect changes in infrared radiation in their environment, typically using pyroelectric components. These components change resistance when exposed to infrared radiation, creating a detectable signal. A key feature of PIRs is the use of Fresnel lenses to focus infrared radiation and enhance sensor sensitivity. The lenses include multiple offset circles, broadening the sensor’s detection range, akin to a fly’s compound eye.

Felix explores potential vulnerabilities in PIRs. One method to manipulate them is by blocking infrared radiation using materials like glass plates, rendering the sensor ineffective. Saturation of the sensor through controlled temperature changes is another approach, albeit slower. He recalls personal experiments where moving extremely slowly in front of a PIR could potentially evade detection due to the sensor’s sensitivity limitations. Moreover, attackers could tamper with communication mechanisms or manipulate sensor data, leading to compromised systems relying on garbage data.

Felix emphasizes that while sensors are integral to various urban systems, their data should be treated with caution and verified. The principle of “trust but verify” applies, where sensor cybersecurity requires careful consideration. To bolster security, Felix suggests combining multiple sensors or incorporating redundancy in the system to address faults and failures effectively. He concludes by inviting listeners to engage with the show, share feedback, and explore the critical role of IoT sensor security in our increasingly connected world.