So I started testing TM again; I wanted to start testing it for XSS vulnerabilities. Now TM is a Windows application; I pulled down the latest code from here, copied it to my guest VM (VirtualBox) and then clicked on the bat file to start TeamMentor. TeamMentor uses an inbuilt server called Cassini; this is its own web server which hosts its code. It started up okay and the inbuilt Cassini dev server started running on a higher order port (12120) on localhost.
Now that’s fine; but the problem was that I had Burp and all my other tools on the Host machine. So I needed to run tools from the Host machine to scan or test a server on the Guest. One option is to use bridged networking and give the Guest machine a separate IP. This time though I was using NAT networking from Virtual Box so I wanted a different option. So here’s what I did in brief:
a) Open the Cassini Web Server manager while it was still on and get the physical path to the web server, where all the TeamMentor code actually is. This is viewable in the server GUI.
b) Stop the Cassini server and then open it again from the Tools folder. Paste the copied physical path in here.
c) Change the listening interface from localhost to any host so it’s on the network and you can talk to it.
d) Start Cassini now so it listens on all interfaces
e) Since I’m using NAT networking though, I can’t directly access a service running on the guest; I’ll have to do something like ‘port forwarding’ from the guest to the localhost. Effectively all this means is..whatever is running on 12120 on the guest..do something so that it can be accessible on the host as well.
f) Virtual Box has a nice port forwarding GUI option where I can put in 127.0.0.1 and any port; say 20000; the IP of the guest and Cassini’s port.
g) Once this is done go to the host browser and type in http://127.0.0.1:20000 and you have TeamMentor.
Now you can have fun with Burp and whatever other tools you want 🙂