This is hopefully going to give you an overview of a packet. A packet basically is what your computer sends to other computers. So when you purchase something online your creditcard will most likely be stored in a packet. By the end of this you should know how to exploit packets and how to protect yourself by examining them.
What you need:

• Burp Suite(or proxy), this works on windows, linux and OSX!
• Basic knowledge.

Setting Up Burp

1. Download and unextract the Burp Suite(or proxy) mentioned above.
2. Open the Burpsuite_v1.01.jar file (please note that the v1.01 may be slightly different on your copy)
3. Now click on “options” and see what port it is running on, should be 8080 but you can change it if you need to.
4. Go into your browser and find your proxy settings.
5. Put 127.0.0.1 in for the hostname and 8080 for the port(unless you changed it) *Note when these settings are saved you will not be able to access the internet from that browser without burp open, i recomend disabling it when you are done*
6. Now when you want to see the information that is getting sent to and from your computer go to the burp proxy and turn intercept on
   • This information could be usefull if you wish to see what sites will transmit your password, credit card, etc information in plaintext. This way when you go on a wireless access point or at a internet cafe, you can know how to protect your valuable information.

The Fun Stuff, Editing:

• Flash game scores! This won’t always work but the places it does you can give yourself any score!

1. Start up your proxy(intercept off) and click on the “param” option.
2. Find a flash game that keeps track of high scores
3. Start playing the game
4. When your half way through turn intercept on.
5. Lose the game and look at what score you have
6. Find your score and edit it to what you would like it to be.
7. Click forward and turn intercept off, if another packet came just click forward again
8. Thats it. Most likely the major places will have this patched.

• Faking an image, to upload anything to those image only upload places

1. Find a site with a fairly small site that allows uploads of any kind(this won’t work on any major site due to you can take over their whole server from this little exploit).
2. Start up your proxy with the text bubble clicked(by the param and hex bubbles)
3. Upload a legit file that it will accept.
4. look for the “content type” this till be near the bottem most likely and have *something*/*something* ex: image/jpeg. Copy and paste that and forward the packets. If you do not see this then forward the packet and look at the next one.
5. Now turn intercept off get back to that page and turn intercept back on.
6. Upload what ever file you wish now.
7. Find the *something*/*something* again, it will most likely be: application/octet-stream. and replace that with the accepted.
8. Forward the packets.
9. If it did not work repeat(steps 5-8) this time find your file name and replace the extension with the accepted one such as .php with .jpg.
10. If this does not work this will not work. Sorry!

There is much more you can do by editing your packets mainly due to the fact that majority of scripts used are free. And some authors don’t properly test stuff they don’t make cash off of

This entry was posted on Friday, January 19th, 2007 at 1:52 am and is filed under Technology.You can follow any responses to this entry through the RSS 2.0 feed.You can leave a response, or trackback from your own site.