Its Friday and I think we should finish the week strong! So today we are talking about using Nikto thru Burp & how to mask the default Nikto Header with another header of your choosing. When pen-testing you could get cut off before even leaving the gates due to that signature Nikto User-Agent in the 'Request Header'. Granted, you can modify the Nikto code directly to modify the header but where is the fun & flexibility in this?
Also, this kind of serves a dual purpose. If you are referencing the post Obfuscating your IP via Burp/Tor/Privoxy then you may wish to combine all this into one obfuscated and calculated attack.
So I'm using BackTrack 3 to operate Nikto/Burp.
Lets get started. In BackTrack3, navigate to the /pentest/web/nikto directory. If you enter 'ls' or 'dir' you will notice a file named config.txt
Now I used kedit to open the config.txt file and scrolled down (in the config file of course) to the line referencing proxy options like so:
Now if you would like to modify Nikto's User-Agent (to bypass certain detection systems) then follow the rest of this post.
So I have ruby installed AND the ruby gem mechanize which already has a list of User-Agents inside of it. So, while there is probably a more comprehensive list this is what I chose.
Out of this I made a list which I sent over to the BT3 VM. The list was cleaned up just a bit so it could be a copy and paste sort of deal. Looks like this: