Interceptando hidra con burp suite

2

Estoy usando burp suite como proxy y cuando ejecuto hydra, burp suite debería poder capturar eso y registrarlo en el historial HTTP, pero en lugar de eso recibo el error

Can not connect [unreachable]

Probé export HYDRA_PROXY_HTTP=http://127.0.0.1:8080 y export HYDRA_PROXY=socks5:127.0.0.1:8118 , pero nada de eso funciona. Burp suite dice que el proxy se está ejecutando, incluso intercepta las solicitudes de Firefox, pero no la hidra.

El comando que utilizo es este:

hydra -l admin -p password -e ns -t 1 -F -u -w 10 -W 1 -v -V 127.0.0.1 http-post-form "/~bob/DVWA/login.php:username=^USER^&password=^PASS^&user_token=${CSRF}&Login=Login:F=Location\: login.php:C=/404.php:H=Cookie: security=impossible; PHPSESSID=${SESSIONID}"

y me sale esto

MacBook-Pro:Desktop bob$ hydra -1 admin -p password -e ns —t 1 —F —u —w 10 —W 1 —v —v 127.0.0.1 http-post-form "tybob/DVMA/login.php:username=ADSERa&password=APASS^&user token4(C) SRF}&Login=Login:F=Location\: login.php:C=/404.php:H=Cookie: security=impossible; PHPSESSID=WESSIONIDI"
Hydra v8.4 (c) 2017 by van Hauser/THC — Please do not use in military or secret service organizations, or for illegal purposes. 

Hydra (http://www.thc.org/thc—hydra) starting at 2017-03-18 14:43:40
[INFO] Using HTTP Proxy: http://127.0.0.1:8080 
[INFORMATION] escape sequence \: detected in module option, no parameter verification is performed. 
[DATA] max 1 task per 1 server, overall 1 tasks, 3 login tries (1:1/p:3), —3 tries per task 
[DATA] attacking service http—post—form on port 80 
[DATA] with additional data /—bob/DVWA/login.php:username=nUSERA&password=^PASS^&user_token=39926bc7cff8584646ef71ab6f17cd88&Login=login:F=Location\: login.php:C=/404.php:H=Cookie : security=impossible; PHPSESSID=0018e65e3e7365e1f36a5dd5b375fac3 
[VERBOSE] Resolving addresses ... 
[VERBOSE] resolving done 
Process 2947: Can not connect 
[unreachable], retrying (1 of 1 retries) 
[ATTEMPT] target 127.0.0.1 — login "admin" — pass "admin" — 1 of 3 (child 0] (0/0) 
Process 2947: Can not connect 
[unreachable] 
[ERROR] Child with pid 2947 terminating, cannot connect 
[VERBOSE] Retrying connection for child 0 
Process 2948: Can not connect 
[unreachable], retrying (1 of 1 retries) 
[RE—ATTEMPT] target 127.0.0.1 — login "admin" — pass "" — 1 of 3 
[child 01 (0/0) 
Process 2948: Can not connect 
[unreachable] 
[ERROR] Child with pid 2948 terminating, cannot connect 
[VERBOSE] Retrying connection for child 0 
Process 2950: Can not connect 
[unreachable], retrying (1 of 1 retries) 
[RE—ATTEMPT] target 127.0.0.1 — login "admin" — pass "password" — 1 of 3 
[child 0) (0/0) 
Process 2950: Can not connect 
[unreachable] 
[ERROR] Child with pid 2950 terminating, cannot connect 
Process 2951: Can not connect 
[unreachable], retrying (1 of 1 retries) 
[REDO—ATTEMPT] target 127.0.0.1 — login "admin" — pass "password" — 2 of 4 
[child 0] (1/1) 
Process 2951: Can not connect 
[unreachable) 
[ERROR] Child with pid 2951 terminating, cannot connect 
Process 2953: Can not connect 
[unreachable], retrying (1 of 1 retries) 
[REDO—ATTEMPT] target 127.0.0.1 — login "admin" — pass "password" — 3 of 5 (child 0] (2/2) 
Process 2953: Can not connect 
[unreachable] 
[ERROR] Child with pid 2953 terminating, cannot connect 
Process 2955: Can not connect 
[unreachable], retrying (1 of 1 retries) 
[REDO—ATTEMPT] target 127.0.0.1 — login "admin" — pass "password" — 4 of 6 
[child 0] (3/3) 
Process 2955: Can not connect 
[unreachable] 
[ERROR] Child with pid 2955 terminating, cannot connect 
Process 2956: Can not connect 
[unreachable], retrying (1 of 1 retries) 
[STATUS] attack finished for 127.0.0.1 (waiting for children to complete tests) 1 of 1 target completed, 0 valid passwords found Hydra (http://www.thc.org/thc—hydra) finished at 2017-03-18 14:44:00
MacBook—Pro:Desktop bob$ 

fuente

Soy bastante nuevo en este tema, por lo que no sé exactamente lo que siempre estoy haciendo. Estoy siguiendo un tutorial que encontré. ¿Puede alguien explicar por favor qué estoy haciendo mal? Entiendo que Burp Suite no puede registrar las solicitudes de Hydra, porque Hydra no se conecta a través de un proxy, pero ¿por qué?

    
pregunta Zdenek Frydryn 18.03.2017 - 17:03
fuente

0 respuestas

Lea otras preguntas en las etiquetas