nccgroup / berserko Goto Github PK
View Code? Open in Web Editor NEWBurp Suite extension to perform Kerberos authentication
License: GNU Affero General Public License v3.0
Burp Suite extension to perform Kerberos authentication
License: GNU Affero General Public License v3.0
While trying to test domain settings I get this type of error.
Connected to port 88, but failed to contact Kerberos service: No LoginModule found for com.sun.security.auth.module.Krb5LoginModule
This seems to work few moths ago.
My env:
OS:
Linux kali-i3 4.19.0-kali4-amd64 #1 SMP Debian 4.19.28-2kali1 (2019-03-18) x86_64 GNU/Linux
Java:
openjdk version "11.0.3" 2019-04-16
OpenJDK Runtime Environment (build 11.0.3+1-Debian-1)
OpenJDK 64-Bit Server VM (build 11.0.3+1-Debian-1, mixed mode, sharing)
Burp:
2.0.20beta Pro
Thanks in advance
java.lang.ClassNotFoundException: burp.BurpExtender
at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:348)
at burp.lqb.a(Unknown Source)
at burp.lqb.(Unknown Source)
at burp.uqg.a(Unknown Source)
at burp.xue.run(Unknown Source)
at java.lang.Thread.run(Thread.java:745)
I'm using Berserko 1.2 with Burp 2020.5.1 on Windows
After a fresh install of the extension I configured the "domain settings" but when I tried to "test domain settings" I had a warning about a missing krb5.conf file. I created it with the button but I didn't notice it at first.
Would it be possible to create it automatically by default when there's none?
Hi, my target is an internal application and I had to setup SSH port forwarding of two ports: 443/tcp and 88/tcp.
The nmap is able to connect and verify users: nmap -p 88 --script=krb5-enum-users <skip>
However, the plugin fails to "test domain settings" and fails to start eventually:
2020-12-21 12:09:00.282: Loaded config...
Domain DNS Name : mybox.local
KDC Host : 127.0.0.1
Username : XXX
Password :
Save password : false
Everything in scope : false
Domain in scope : true
Hosts in scope : app.mybox.local
Include plainhosts : true
Ignore NTLM servers : false
Alert level : 1
Logging level : 1
Auth strategy : PROACTIVE
Kerberos authentication disabled
Kerberos Authentication version 1.0
Kerberos authentication enabled
Unexpected error when testing connectivity to KDC: Connection refused (Connection refused)
Unexpected error when making test Kerberos request to KDC: ICMP Port Unreachable
I haven't check the source code, but is ICMP probe really mandatory? Can make it optional please?
Is it possible to modify this plugin to support multiple authentications at the same time? Kind of like the cookie jar but for kerberos tickets.
Hey, thank you for this amazing plugin!
Today I've had problem with authorization in web application. Server stored usernames in uppercase, but plugin was sending lowercase. I've tried to change username to uppercase, but it still remained same. Then I looked in source code and discovered that it is always lowercase. When I modified line 464 and removed "toLowerCase" function it worked as expected.
It would be nice to have option to use username "as it is".
Looks like libdefaults section of krb5.conf file only supports forwardable switch out of https://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html. Just wanted to confirm if this is true.
Berserko doesn't seem to work in latest Burp - no headers are added, and the following exception appears in error output:
java.lang.ClassNotFoundException: com.sun.security.jgss.ExtendedGSSContext
No option to select Kerberos as auth method when setting up Upstream proxy.
Tried "None" with Kerberos enabled in Beresko - didn't work.
Any hints on how to get this working?
v1.7.22 Burp.
Hi
It looks like this version of the extension is significantly ahead of the published BApp Store version.
If you'd like to update the extension in the BApp Store, please create a pull request against the PortSwigger fork of your extension and drop us an email at [email protected]
Provides an error for that the KDC appears to be correct but the DNS name is not.
Is there a way to leverage a keytab or ticket somehow launching burp form the command line or with your tool somehow, I tried specifying a keytab file in the conf file but it is ignoring it? I know I could use mimikatz to inject a ticket and use runas and do some other fancy things but I'm trying to avoid that to isolate OS from the situation.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.