In our previous post we saw how to prepare Tor and Polipo for our anonymity in pentest purpose.
Configure your browser to use Tor through Polipo: easy one. Go to any ip website identification like whatismyip and check the result.
Configure your browser to use Tor through Polipo: easy one. Go to any ip website identification like whatismyip and check the result.
Now if you want to use Burp Suite Pro as your pentest tool for websites, you have to configure it this way:
1- Go to the options tab
2- In the connections menu select Socks Proxy and use the Tor one
1- Go to the options tab
2- In the connections menu select Socks Proxy and use the Tor one
You may want your browser to use Burp. Here is the configuration:
Now you are ready to run anonymously your websites attacks.
Let see how it work with sqlmap:
Let see how it work with sqlmap:
Doing like this, all your requests goes to the Polipo proxy which send them through Tor (just remember our configuration).
Now you understand how you could be totally anonymous and you can run pentest without worry of getting caught using so many tools such as MSF.
That's it. Hope you enjoy this little tutorial.
Y. from ENKI
Now you understand how you could be totally anonymous and you can run pentest without worry of getting caught using so many tools such as MSF.
That's it. Hope you enjoy this little tutorial.
Y. from ENKI