Burp Suite can not intercept the wget and curl HTTP request

I use Burp Suite as proxy listen 127.0.0.1:8080, and I also set the HTTP Proxy as 127.0.0.1:8080.

now Burp Suite can intercept all the browsers(eg. firefox, safari, chrome), and application(eg. dictionary ) on my Mac: enter image description here


but can not intercept the wget and curl‘s request.

such as:

curl www.apple.com 

Isn’t curl and wget using HTTP protocol requests?


EDIT-01

  1. Why I set macOS preferences HTTP Proxy to 127.0.0.1:8080, all the browsers and applications will use this Proxy by default? I did not set in each browser.

  2. Why curl and wget do not use the proxy by default? even I set –proxy still not work.

wget www.cloud123.com --proxy 127.0.0.1:8080 

Why can’t Hash Suite see any username/hash pairs in my SAM file?

I recently started experimenting with Hash Suite 3.5.1 – a Windows program that tests the security of password hashes.

A problem I’m already running into is that Hash Suite is only able to see the username and hashes on my Windows 10 laptop but not my Windows 10 desktop. The main difference (that I can see) between the two PCs is that my laptop has BitLocker enabled! There must be something else that I’m missing here, related to the SAM file version and behaviour.

![enter image description here

Laptop:

I can see my usernames in Hash Suite when using the "Import: Local accounts" option.

I haven’t been able to test this against an offline copy of my laptop’s SAM file due to BitLocker making it more complicated to extract the SAM file (as Windows locks it when booted) but I will try to test this scenario soon.

Desktop:

An offline version of the SAM file reveals no username/hash pairs.

When attempting to import local accounts from within Windows (something that works on the laptop), I get the following error:

enter image description here

LM and NTLM are both greyed out when selecting the offline copy of my SAM file:

enter image description here

Does anyone have any ideas why these two different Windows 10 systems are behaving differently?

Why does TLS1.3 use same cipher suite for RSA and ECC key pairs?

As per this answer RSA and ECC certificates should use different cipher suites. I tried to test it. It holds true for TLSv1.2. But for TLSv1.3 I see same cipher suite being used for both types of certificates(Tested via Google Chrome=>Dev Tools=>Security). Why is that?

Here is how I generated an ECC cert:

openssl ecparam -out nginx.key -name prime256v1 -genkey openssl req -new -key nginx.key -out csr.pem openssl req -x509 -nodes -days 365 -key nginx.key -in csr.pem -out nginx.pem 

Generating RSA cert:

 openssl genrsa -out rsa.key 2048  openssl req -x509 -new -nodes -key rsa.key -days 7300 -out rsa.pem 

With TLS1.3 both the certs result in usage of same cipher suite:

The connection to this site is encrypted and authenticated using TLS 1.3,  X25519, and AES_256_GCM. 

With TLS1.2, RSA cert:

    The connection to this site is encrypted and authenticated using TLS 1.2,  ECDHE_RSA with X25519, and AES_256_GCM. 

With TLS1.2, ECC cert:

The connection to this site is encrypted and authenticated using TLS 1.2,  ECDHE_ECDSA with X25519, and AES_256_GCM. 

Cipher suite is different in “client hello” for the same code running on different platforms

I’m facing a “Alert: handshake failure (40)” error when trying to establish a TLS connection. The error only happens when I run the same application on cloud, it works when I run the application on HPG8 server. OS is the same Redhat 7. By checking into the traces, I found that the cipher suite in “client hello” is much less in the error case than the worked case, and the cipher suite that TLS server supported is just missed in the “client hello” of the error case. I want to know what will impact the cipher suite that contains in the “client hello”?

The openssl version is the same (1.1.1d) for both cases, Redhat version has small difference. TLS1.2 is used. The key file and cert file are also the same.

In the code, I’m using SSL_set_cipher_list to set the cipher string as “ALL:!DH:!EXP:!RC4:@STRENGTH”.

SSL_set_cipher_list(ssl, "ALL:!DH:!EXP:!RC4:@STRENGTH"); 

I also checked the source code of openssl, but didn’t find much clue.

Cipher suite in the failure case:

Cipher Suites (25 suites)     Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)     Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)     Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 (0xc0af)     Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CCM (0xc0ad)     Cipher Suite: TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 (0xc05d)     Cipher Suite: TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 (0xc061)     Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)     Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)     Cipher Suite: TLS_RSA_WITH_AES_256_CCM_8 (0xc0a1)     Cipher Suite: TLS_RSA_WITH_AES_256_CCM (0xc09d)     Cipher Suite: TLS_RSA_WITH_ARIA_256_GCM_SHA384 (0xc051)     Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)     Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084)     Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 (0xc0ae)     Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CCM (0xc0ac)     Cipher Suite: TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 (0xc05c)     Cipher Suite: TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 (0xc060)     Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)     Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)     Cipher Suite: TLS_RSA_WITH_AES_128_CCM_8 (0xc0a0)     Cipher Suite: TLS_RSA_WITH_AES_128_CCM (0xc09c)     Cipher Suite: TLS_RSA_WITH_ARIA_128_GCM_SHA256 (0xc050)     Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)     Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041)     Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) 

Cipher suite for successful case (0xc02f is the suite that server returned in “server hello”):

Cipher Suites (45 suites)     Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)     Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)     Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)     Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)     Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 (0xc0af)     Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CCM (0xc0ad)     Cipher Suite: TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 (0xc05d)     Cipher Suite: TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 (0xc061)     Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)     Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)     Cipher Suite: TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 (0xc073)     Cipher Suite: TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 (0xc077)     Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)     Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)     Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)     Cipher Suite: TLS_RSA_WITH_AES_256_CCM_8 (0xc0a1)     Cipher Suite: TLS_RSA_WITH_AES_256_CCM (0xc09d)     Cipher Suite: TLS_RSA_WITH_ARIA_256_GCM_SHA384 (0xc051)     Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)     Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 (0x00c0)     Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)     Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084)     Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)     Cipher Suite: **TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256** (0xc02f)     Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 (0xc0ae)     Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CCM (0xc0ac)     Cipher Suite: TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 (0xc05c)     Cipher Suite: TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 (0xc060)     Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)     Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)     Cipher Suite: TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 (0xc072)     Cipher Suite: TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (0xc076)     Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)     Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)     Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)     Cipher Suite: TLS_RSA_WITH_AES_128_CCM_8 (0xc0a0)     Cipher Suite: TLS_RSA_WITH_AES_128_CCM (0xc09c)     Cipher Suite: TLS_RSA_WITH_ARIA_128_GCM_SHA256 (0xc050)     Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)     Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 (0x00ba)     Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)     Cipher Suite: TLS_RSA_WITH_SEED_CBC_SHA (0x0096)     Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041)     Cipher Suite: TLS_RSA_WITH_IDEA_CBC_SHA (0x0007)     Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) 

Burp Suite change value cookie

I’m trying to change the value of a cookie using the Burp option, “Match and Replace”. Here is my configuration: Item: Request header Match: cookieName:.*; Replace: cookieName:myValue; Type: Literal.

Unfortunately, it does not work with this configuration. Do you have any suggestions?

aegis and customization suite

When the Aegis levels up and gain more basic powers For the suite, he can Form, change type and dismiss suite if he like or need it with their timing (swift, move, full-round) without pay power Point or customizations. If I really understand: Now the Aegis can learns (or gains) not basic powers For the suite (How? But probably the master knows) and so he need to change from basic power of i.e. Astral skin (nimble, speed and so on) For a non-basic power i.e. Darkvision that need 1 pp. Finally in the morning he can choose from basic to non-basic powers paying power points too, if he wants to change from basic to non-basic powers during the day he needs to use the reconfigure ability and then the customization points? Something is wrong…

Burp Suite – Use \n in repeater

Currently I am trying to fuzz the request I sent to Repeater. However if I put a new line (using Enter key) inside repeater’s text window, burp on background really creates a crlf.

My goal:

Send a request, which contains only a newline without carriage return.

What I tried

I tried to use \n (as it is common in a lot of programming languages). However burp’s Repeater treats \n as set of two characters – \ and n.

burp repeater

Question

Is there any way how to pass standalone newline character without carriage return inside Request stored in Repeater?

So far I tested this using my workaround in bash console, which is not-elegant at all:

curl https://mykey.example.com --header "Content-Length: 1" --header $  '\nTransfer-Encoding: chunked' 

Any insights appreciated.