When we get to the man in the middle (MITM) and client-side attacks, we will need another machine to make requests to the already set up server. In this recipe, we will download a Microsoft Windows virtual machine and import it to VirtualBox.
- First we need to go to the download site http://dev.modern.ie/tools/vms/#downloads.
- Through this book we will use the IE8 on Win7 virtual machine.
- After the file is downloaded, we need to unzip it. Go to where it was downloaded.
- Right-click on it and then click on Extract Here.
- Once extracted, open the
.ovafile and import it in VirtualBox.
- Now, start the virtual machine (named IE8 - Win7) and we will have our client ready:
Microsoft provides these virtual machines for developers to test their applications with the help of different versions of Windows and Internet Explorer with a free license limited to 30 days, which is enough for us to practice.
As penetration testers, it is important to be aware that real-world applications can be multiplatform and that users of those applications may have a lot of different systems and web browsers to communicate with them; knowing this, we should be prepared to perform successful tests with any of the client-server infrastructure combinations.
As for server and client virtual machines, if you are not comfortable using an already built configuration, you can always build and configure your own virtual machines. Here is some information about how to do it: https://www.virtualbox.org/manual/.