How to simulate "server down" situation using Burp suite proxy? - http-proxy

I tried using Burp suite to simulate the above for a particular domain. I am a beginner on this and don't know how to set it up. I couldn't find a built-in option for this.
Also, if there is no option, will I need to forward the request to some random IP address so that the connection gets timed out?
Update
Actually I doubt if redirecting to some invalid IP will give a connection timeout. Or will it give a timeout? I just want to know what response will I get if the server is down.

There isn't a feature to simulate "server down" but you can redirect as you suggest. If you redirect to an unused IP address (perhaps 192.168.99.99) you will normally get a timeout.
You can configure this in Proxy > Options > Proxy Listeners > Edit > Request Handling

You can just edit the response code to be a server error. You can do this automatically using match and replace as well.

Related

Mule4: "Remotely Closed" error for HTTPS POST

HTTPS POST requests are successful in POSTMAN both with and without Port 443. But failing in MULE Application with the error Remotely Closed.
Also, I tried to access the host using commands PING, TELNET and TRACENET for the host server via Command Prompt. Those fail with error Request Timed Out.
Can you please let me know where the issue lies?
Workaround:
For Mule4, remove the Global Element "HTTP Request Configuration" and pass the URL directly.
I am working with SAP Revsym Rest API's and this worked for me.
Plese, share config details. My guess is that config has path as well as path exist in the http request. These 2 pathes combined lead request to wrong place. That would be only possible explanation for provided information.

Can I change the current network interface in Windows CMD?

In my current setup I have two interfaces, one is my normal connection and the other for my VPN, which is the default interface.
My VPN isn't nearly as fast as my connection so for some heavier load I use my normal connection. The problem I am having is that I want to send files to Google Drive by using their api via CMD, but googleapis.com simply resolves to too many IP's to route them all. Currently I am solving this issue by connecting through a proxy so I only have to route that proxy to my normal interface.
What I would rather do is just set the interface of my normal connection to the CMD session like I do with the proxy. I have tried playing around with netsh but so far with no success.
Does anyone have an idea on how to solve this problem?
It isn;t that your VPN is your "Default Interface" it's that it has a Lower Route Metric for Traffic because whoever set it up made it so that all traffic routes t the VPN instead of only internal traffic.
If this is intentional, and you don;t want to change it then your only real option is to use a Proxy as you need to be able to sniff the packet headers to match the API URL, and it's it's HTTPS traffic, that is encrypted, and only passing through a proxy will be able to get around that.

OpenSIPS 2.4 call forbidden

I discovered OpenSIPS and all the possibilities a few days ago. I would just use it as a simple SIP proxy to get started. Proxy between my designated UAC and my UAS (asterisk, not natted). The goal is to use a proxy to prevent bot attacks on my UAS.
After installing OpenSIPS, I tried to configure my XLITE (natted) by simply adding the proxy URL in the configuration. It works, I register and I can see in my UAS peers my extensions with proxy IP. But when I make a call, I got a forbidden error. In debug mode, the log does not talk to me, I see a lot of information but nothing about this error.
I did not make any changes to the default configuration script. Is this behavior normal?
I also tried with VM on public IP as UAC (so not named), same thing.
Thank you for your help.
Olivier
Most likely, your SIP INVITE is hitting this block:
if (!is_myself("$rd")) {
send_reply("403", "Relay Forbidden");
exit;
}
What this means is that your OpenSIPS does not consider itself responsible for the domain (or IP) that your SIP UA has placed in the Request-URI and is trying to route towards. To fix this, just whitelist the Asterisk IP as a local (recognized) domain using the alias statement:
listen = udp:*:5060
alias = 1.1.1.1

jmeter Cannot find interface error

I'm trying to run an test on jmeter. However, when I'm run an test I'm getting the following result: Non HTTP response code: java.net.UnknownHostException/Non HTTP response message: Cannot find interface ec2----*.compute-1.amazonaws.com
Why would I get the following error message when I'm trying to do an load test? I'm running jmeter from the desktop and I'm trying to an load test from the site from the AWS.
Thank you,
Kevin Davis
I have found the resolution. It was an advance setting of the http request defaults that was causing the issue.
It looks like you are attempting to do IP spoofing using wrong settings, you should not be using your AWS instance hostname in the Source address tab, it should be rather network adapter name, you can get it using i.e. ifconfig command.
Once you determine network adapter name - substitute your ec2----*.compute-1.amazonaws.com with the real adapter name, i.e. eth0
If you are not going to use the IP Spoofing - just leave this Source address field blank.

"TCP_MISS" with squid proxy

I have set up a squid proxy on EC2, and I'm trying to use it from behind a corporate firewall. After configuring firefox to use my proxy, I tried to surf to yahoo.com. The browser seems to hang as if handling an extremely long running request. Checking the squid logs I see:
1431354246.891 11645 xxx.0.xx.xxx TCP_MISS/200 7150 CONNECT www.yahoo.com:443 username HIER_DIRECT/xx.xxx.XX.xx-
So far, I don't have a good explanation of most of these entries , but from http://wiki.squid-cache.org/SquidFaq/SquidLogs#access.log , I've found that:
MISS = The response object delivered was the network response object.
What does this mean? Is anything I can do to connect to the outside internet?
This has been asked a long time ago, but maybe someone can still use this...
This means you connected to squid and the request was made to yahoo using the TCP protocol that HTTP uses. Furthermore, the MISS means it's a cache miss, squid doesn't have this page stored.
The reason for the hanging might be caused by the response being caught somewhere along the line (corporate firewall, maybe? local firewall?) or even misconfiguration of the proxy.
For more, perhaps you should search on https://serverfault.com, for example this is a good starting point, then you can narrow down the problem: https://serverfault.com/questions/514716/whats-the-minimum-required-squid-config-to-make-a-public-proxy-server

Resources