How to start hacking the Deep Web.
Hacking Deep Web sites is a blast. It really brings me back to my OSCP training days. Every site is horribly written and full of vulnerabilities. To get started you’re going to need the following:
- Firefox
- Burp Suite
- Tor(the service, not the Tor Browser)
First, start running Tor and open up Burp Suite. Edit your Proxy Listener to handle requests as an invisible proxy.
If you did it right, running an nmap scan on 127.0.0.1 should look like the following:
Depending on your version of Tor, port 9050/9051 will be open. Next, go back to Burp, and under ‘User Options’ add a SOCKS Proxy pointing to Tor. Do not add an upstream proxy server.
Finally, open up Firefox and go to your Advanced Settings. Create a manual proxy configuration, with your HTTP Proxy pointing to Burp Suite and a Socks Host pointing to your Tor service.
Now you’re all done! If you’re using command line tools during pentesting, set the proxy parameter to 127.0.0.1:8080. If you’re not a script kiddy, you can use TorRequest or any HTTP library that supports SOCKS in your scripts.
