![]() The VPN tunnel is of course the core of this setup, and will allow you to tunnel your (selected) traffic either towards assets inside a target’s environment, or towards internet-accessible assets, but originating from the target’s network. The setupĪrchitecturally, the solution that I will describe looks like this: High-level diagram of proxying traffic through a VPN using Burp Suite. While this definitely works, I found that separating my testing activities from other network activity is not only a privacy-conscious decision, but also helps towards freeing up as much of the VPN bandwidth as is possible, because now it is no longer occupied with superfluous traffic. To accommodate this need, you may be inclined to install an OpenVPN client on your local testing machine and get going. Bug bounty programs that require the use of their VPN as a condition to participate in the program.web applications that are usually hidden behind a WAF, applications that are internet-accessible, but only available to a number of whitelisted networks, etc Testing public assets from a whitelisted environment, e.g.located on an internal network this is often the case when performing internal infrastructure tests or tests against UAT environments Testing assets that are not publicly available, e.g.There are a few reasons why configuring a VPN to execute your security tests may be a good idea: Browser extension Switchy Omega in Chrome or Firefox. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |