Bug Hunting on Dark Web !!!

Let’s Start:-

Disclaimer:-

How to Configure BurpSuite to use TOR as Proxy ?

Steps:-
1] We can find BurpSuite Community Edition within Kali Linux or download any version of burpsuite.

2] I am using kali linux we need to install TOR on our kali linux.
Commands-
# apt update
# apt install tor

3] Enable and start TOR service and check if the service is listening on port 9050.

4] We need to configure Burp to use TOR as Socks Proxy.
- Navigate to User Option-> Connection-> SOCKS Proxy and click Check button — Use Socks proxy. Insert the TOR socket settings as below.

5] Configure Burp Listener port and check all the client request.

6] Configure CA certificate on your FireFox browser and navigate to http://burp/ download CA certificate and import on your browser.

7] After this we can check to intercept any .onion site or any site anonymously using TOR service.

8] Now all the setup has been done for any security assessment on a Dark-Web.

9] Here we can apply all the test cases as we used to do with a non TOR website using burp.
And here I was lucky enough to get a Cross Site Scripting (XSS)on this TOR portal.

10] Now it was the time to report the admin. And yes I reported to the admin using there own feedback form.

11] Thereafter they also replied for the issue reported.

Note:- Here I used a temporary Email account. I hope you do the same.

Anyways it was FUN one, Thanks for reading.

You can Connect with me :-

Twitter :- https://twitter.com/imsushantkamble
Linkedin :- https://in.linkedin.com/in/iamsushantkamble
Facebook :- https://www.facebook.com/iamsushantkamble/