Scribd
Upload
2 views59 pages

WebApplication One

The document provides an overview of web applications, including their operation over HTTP/HTTPS protocols and various server types like Apache, Nginx, and IIS. It discusses HTTP requests, methods for data transmission (GET, POST, PUT, DELETE), and the importance of headers and cookies in web security. Additionally, it touches on vulnerabilities related to session management, cookie handling, and the use of proxies like Burp Suite for intercepting and modifying web requests.

Uploaded by

imad
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
2 views59 pages

WebApplication One

The document provides an overview of web applications, including their operation over HTTP/HTTPS protocols and various server types like Apache, Nginx, and IIS. It discusses HTTP requests, methods for data transmission (GET, POST, PUT, DELETE), and the importance of headers and cookies in web security. Additionally, it touches on vulnerabilities related to session management, cookie handling, and the use of proxies like Burp Suite for intercepting and modifying web requests.

Uploaded by

imad
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 59

Web Application

Basics about web application

▪ Web Application or website are Just some


files hosted on server took Ip and domain name

▪ The web application is working over the


protocol HTTP (port 80) or HTTPS (443)

▪ There are many Servers hosting web application as :


▪ Apache, Nginx , IIS
Basics about web application

▪ Apache can work for both windows and linux ,


IIS work only on windows server
▪ Nginx is preferred on Deep web Sites

▪ Every Server has its own vulnerabilities that we


are gonna talk about
Basics about web application

▪ The HTTP request consists of two parts


▪ ( Header , Body )
▪ The header is details about the devices (sender and
receiver )
▪ Body : is the data that you need to send or
receive
Basics about web application

▪ For us as hackers we need to attack every point in


the header and the body but we need first to
understand what every element is
Basics about web application
Basics about web application

▪ First line has word GET


▪ There are two ( methods or verbs ) of sending and
receiving data
▪ GET and POST
▪ GET is used to grep or get data from server
and does not have body but have parameters on
the url as
▪ https://hossamshady11.github.io/file.php?name=hossa
m&id=1
Basics about web application

▪ POST (method or verb) : that is used to send data


to the server as username or password or anything
▪ Is has body like
Basics about web application

▪ Same as POST there is PUT and PATCH to send data to


server also
▪ There is DELETE to delete something from the
server
▪ HEAD : to test and look to see if the server
working or not
Basics about web application

▪ Second thing is / after GET means to visit the root


element of the site and don't call
any directory or file (root directory or home)

▪ HTTP/1.1 is the version of HTTP


Basics about web application

▪ Host: means the domain or subdomain that we need


to go to (testphp.vulnweb.com)

▪ User-Agent: is the browser that you are using


to send the request and some data about your device
Basics about web application

▪ Accept: it tells the server we understand only text


and html and please send your data like that
Basics about web application

▪ Content-Type: means How I will send the data to


server and in what type , Json , URL-Encoded or
something , here is urlencoded because I find & in
the body uname=text&pass=test
Basics about web application

▪ Origin: What was the domain when you tried to send


this request here : https://testphp.vulnweb.com
▪ Referer: What was the previous page when you tried
to send this request
Basics about web application

▪ Let's talk about Origin:


▪ Origin is important as the server ensures that his
site who sent this request not another server and
that prevents another sites from reading his data
▪ Question : When you are opening facebook.com and
twitter.com what prevents facebook to send request
from your browser to twitter to get your data for
example
Basics about web application

▪ There is policy called Cross Origin Policy (CORS)


that prevents sites from talking to each other from
your browser as if you are

▪ For us as hackers we try to find way to bypass


this and we will talk about it more in advanced
level
Basics about web application

▪ This is the body and the data sent inside it , here


is uame and password and they are send by :
▪ POST method
▪ For us why don't we but malicous code here instead
of test and test
Basics about web application

▪ I Need you to focus on the first line above


Basics about web application

▪ Why we but Host: domain.com although there is IP in


the request
▪ Actually every IP can have multi domains so when
you need to visit this IP , what domain you need to
go to , if you didn't specify the Host: it
can Redirect you to another domain on the same IP
Basics about web application

▪ If you changed the


▪ Host: testphp.vulnweb.com to
▪ Host: hacker.com
or any other thing and gave you the same content
▪ then this is vulnerability called
(Host Header injection )
Basics about web application

▪ If you focused more , the site is http not https


and it sending password over http , (Vulnerability)

▪ Attacker could steal the data easily by making Man


in the Middle Attack
Basics about web application

▪ Lets talk about authentication or Cookies


▪ Cookies are instead of entering username and
password
▪ In another words you but your username and password
for the first time and after that you don't need to
put them again because the server sent you cookies
Basics about web application
Basics about web application

▪ Once attacker could steal these cookies , he


could steal your account
▪ We will know more about how to steal
these Cookies in the future
▪ These cookies should be killed once you logout out
and if it wasn’t killed then it is vulnerability
Basics about web application

▪ Session : is part of Cookie that ensure that you


are still alive , it determines how long you should
be logged in ,
▪ Some sites tells you , ( remember me ) means that
the session would be for long time as 1 month and
after that it will ask you for password again
Basics about web application

▪ Session has its vulnerabilities and Cookies have


its vulnerabilities

▪ But you need to know that session should end once


you changed the password , changed the email
, enabled 2FA
▪ To test sessions you need to login to your account
with two browsers ( Firefox and chrome )
Basics about web application

▪ The vulnerabilities can be found by logging to two


browser and then try to change the password for one
account and see if the other session has been
logged out then it's ok , but if didn't logged out
then it is vulnerability called improper session
expiration
Basics about web application

▪ You can try also to enable 2FA on one session


browser and see if the other session logged out or
not
Proxy And Burpsuite
Proxy And Burpsuite

▪ You can intercept the request by any proxy and then


edit or drop this request
▪ One of these Proxies is Brupsuite and it is the
most Popular
▪ But wait how Would you send the request to proxy
before going to its destination
▪ We would make proxy work on port 8080 and then send
all the requests to that port
Basics about web application

▪ Then we now can send the request to burpsuite on


port 8080
▪ We will use ( foxy proxy ) to redirect all requests
to 8080 (burpsuite)
Basics about web application
Basics about web application

▪ First you need to use foxy proxy extension and make


the port 8080
▪ Search for foxyproxy extension for firefox or
chrome
▪ Then after installtion click options then click
proxies
Basics about web application
Basics about web application

▪ Click on add then


add Hostname: 127.0.0.1 and port: 8080 and title:
burp
Proxy And Burpsuite

▪ After clicking go to extension from firefox click


on it then choose ( burp )
Proxy And Burpsuite

▪ After enabling foxy proxy then go to your broswer


and put http://burpsuite
▪ Once you found it then download Certificate
Proxy And Burpsuite

▪ Once you downloaded the certificate then put it


inside your browser as :
▪ Go to firefox settings
Proxy And Burpsuite
Proxy And Burpsuite

▪ Search for ( cert ) then click (view certificates)


Basics about web application
Proxy And Burpsuite

▪ Click on import and click on the certificate you


downloaded (cacert.der) , check the first option
Proxy and Burpsuite

▪ By that way all requests will go to burpsuite then


you open burpsuite and open proxy tab and
(intercept is on )
▪ With that way , you can control the request
Proxy and Burpsuite
Basics about web application
Basics about web application

▪ You can Forward , Drop the request


▪ After editing the request with what you need
then Forward the request

▪ We can see the scope of sites to make it Stop just


only one Specific site as google.com only and pass
all other requests
Basics about web application

▪ Click on target then Scope settings and add


Basics about web application
Basics about web application

▪ It will intercept only google.com and what related


to it
▪ After that go to Proxy tab and Specifiy the word
▪ ( And )
Basics about web application
Basics about web application

▪ It will intercept only all requests inside the


scope and will not intercept anything else

▪ You can make scan for the site by burpsuite from


dashboard
Basics about web application

▪ you can scan the site also with


burpsuite from Dashboard
Basics about web application

▪ If you intercepted the request with proxy tab right


click and send the request to repeater then open
repeater
Basics about web application

▪ You can modify the request then click send and see
the response
Basics about web application

▪ If you looked at response first line will see


▪ 200 OK that code tells you the site is working ok
▪ 403,401 Forbidden : tells you can't enter this site
▪ 301: tells you the site has been moved to new one
▪ 302 : redirects you to new place in the site
▪ 500,501,503 : error in the site
Basics about web application

▪ Set-Cookies: that gives you cookies as username and


password to be able to use the
application without entering the username and
password every time

▪ We will talk about them more in the future


Basics about web application

▪ Let's talk about domains and subdomains


▪ Domains like google.com and every domain can have
thousands of subdomains like
▪ www.google.com
▪ shop.google.com
▪ mail.google.com
▪ api.google.com
▪ home.google.com
Basics about web application

▪ You as a hacker or cyber security engineer need to


find all subdomains of the domain and there are
many ways to gather all what you can gather
from subdomains ,
▪ The more you find subdomains , the more
vulnerabilities you can find
▪ We are gonna talk about subdomain enumeration
in separated lecture ...
Questions

END

You might also like