Take Your Pentesting Know-How to the Next Level with Browserling

By /

Listen to this Post

In this article, Mark Green, a Senior Information Security Analyst, discusses the benefits of using Browserling for pentesting. Browserling allows you to spin up virtual machines with older browsers, such as Firefox 52 on Windows XP, which can significantly increase your attack surface by 50%. This is particularly useful because many modern web applications are developed for the latest browsers and may not render properly on older ones, opening up new avenues for exploitation.

You Should Know:

1. Setting Up Browserling:

  • Visit Browserling and sign up for a plan (starting at $19/month).
  • Choose an older browser and operating system combination, such as Firefox 52 on Windows XP.
  • Spin up the VM in seconds and start your pentesting.

2. Using Browserling with Burp Suite:

  • Browserling allows tunneling, so you can set up Burp Suite to intercept traffic from these older browsers.
  • Configure Burp Suite to listen on the tunnel provided by Browserling.
  • Use the older browser to navigate to the target web application and observe how it renders differently.

3. Inspecting Web Applications:

  • Use the developer tools (Inspect) available in Firefox 52 and later versions to understand how web applications are working.
  • Look for rendering issues, JavaScript errors, and other anomalies that could be exploited.

4. Alternative: Setting Up Local VMs:

  • If you don’t want to spend money on Browserling, you can set up local VMs with older operating systems like Windows XP, Vista, or Windows 7.
  • Install older versions of browsers like Firefox, IE, Chrome, and Safari on these VMs.
  • Use these VMs to test how web applications behave in environments they weren’t intended for.

Commands and Steps:

  • Downloading Older Browser Versions: 
    wget https://ftp.mozilla.org/pub/firefox/releases/52.0/linux-x86_64/en-US/firefox-52.0.tar.bz2
tar -xvjf firefox-52.0.tar.bz2
cd firefox
./firefox

  • Setting Up a Windows XP VM:

    </p></li>
</ul>

<h1>Download VirtualBox</h1>

<p>sudo apt-get install virtualbox

<h1>Download Windows XP ISO</h1>

wget http://example.com/windows_xp.iso

<h1>Create a new VM in VirtualBox and install Windows XP</h1>
    • Configuring Burp Suite with Browserling:
    • Open Burp Suite and go to `Proxy` > Options.
    • Add a new proxy listener on the tunnel provided by Browserling.
    • Configure the older browser to use this proxy.

    What Undercode Say:

    Browserling is a powerful tool for pentesters looking to explore how web applications behave in older environments. By using older browsers and operating systems, you can uncover vulnerabilities that might not be apparent in modern environments. Whether you choose to use Browserling or set up local VMs, the key takeaway is to broaden your testing environment to include legacy systems. This approach not only increases your attack surface but also provides a deeper understanding of how web applications function across different platforms.

    For more information, visit Browserling.

    References:

    Reported By: Activity 7305198501892620288 – Hackers Feeds
    Extra Hub: Undercode MoN
    Basic Verification: Pass ✅

    Join Our Cyber World:

    💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: