Welcome

hackers!
We’ll start soon…
Web
Exploitation
CTF
jGet ready to dive into
the world of ethical
hacking and
cybersecurity.

Presented by :
kissandghost
Scope of the
Presentation
I. What is web exploitation?
II. What is web?
III.How does HTTP and HTTPS
work?
IV. In which profiles we can use
it?
V. Which tools we use
VI.Common Vulnerabilities and
Attack Vectors
VII.Platforms to practice
VIII. Challenges to solve
 I. What is web
exploitation?
Web exploitation refers to the
malicious use of vulnerabilities in
web applications and websites to
gain unauthorized access, steal
sensitive data, or disrupt operations.
This can involve techniques such as SQL
injection, cross-site scripting (XSS),
cross-site request forgery (CSRF),
and remote code execution, among
others.
When it comes to web exploitation , we
must look over web
architecture ,vulnerabilities, and
 II. What is web (Web
Architecture)?
Exploiters target the complex interactions
between clients, servers, and
databases that underpin web
applications.
All websites constitute of many things ,
but we can resume all in backend
and frontend .
The frontend delivers content to users,
while the backend manages data and
ensures everything runs smoothly behind
the scenes.
 Backend VS Frontend
Frontend: The part of the website that users interact with directly.
•Technologies:
• HTML: Structure of web pages.
• CSS: Styling and layout.
• JavaScript: Interactivity and dynamic content.
• Framework
•Role: Responsible for the visual elements, user experience, and how the site looks
and feels.
Backend: The server-side of the website that users do not see.
•Technologies:
• Server-side languages: Python, PHP, Ruby, Node.js, etc.
• Framework
• Databases: MySQL, PostgreSQL, MongoDB, etc.
•Role: Handles data processing, storage, and application logic. It manages user
requests, retrieves data, and sends responses back to the frontend.
 III. How does HTTP and
HTTPS?
• HTTP (Hypertext Transfer Protocol):

HTTP, or Hypertext Transfer Protocol, is an

application layer protocol used for transmitting
hypertext via the internet. It facilitates
communication between clients (like web
browsers) and servers, allowing users to access
and interact with web resources such as HTML
documents, images, and videos. HTTP operates on
a request-response model, where a client sends a
request to a server, which then processes the
request and returns the appropriate response.
 The Main Steps of an HTTP
Request

1. Client Request 3. Client Receives

The client (web browser) sends an
HTTP request to the server, including
the URL, headers, and any data to
be sent.
The client receives the server's response and
processes the data, displaying the web page
or taking other appropriate actions.
3

2. Server
Response
The server processes the request and
sends an HTTP response back to the
client, including a status code, headers,
and the requested data.
 Common HTTP
Request Types

GET POST

Retrieve a resource from the server. Submit data to the server to be stored.

DELETE PUT

Remove a resource from the server. Update an existing resource on the server.
• HTTPS ( Hypertext Transfer Protocol Secure ):
HTTPS, or Hypertext Transfer Protocol Secure, is an extension of
HTTP that incorporates security features to protect data
transmitted between a client (like a web browser) and a server.
It uses encryption protocols, primarily Transport Layer Security
(TLS), to ensure that data remains confidential and secure from
eavesdropping, tampering, and forgery. HTTPS is essential for
secure online transactions, protecting sensitive information
such as passwords, credit card details, and personal data.
Websites that use HTTPS are often indicated by a padlock symbol in
the browser's address bar.
 How HTTPS Works

1. Client
Request
The client (web browser) sends an
HTTPS request to the web server,
initiating a secure SSL/TLS
handshake.
2. Server
Authentication
The web server provides its SSL/TLS
certificate to the client, which
verifies the server's identity.

3. Encrypted Communication

The client and server establish a

secure, encrypted communication
channel to exchange data.
 HTTP vs. HTTPS
• HTTP: • HTTPS:

Uses port 80 by default. Uses port 443 by default

Unencrypted, plain-text
Ensures data integrity and
communication
confidentiality
Vulnerable to eavesdropping and
Provides secure data transfer and
tampering
server authentication
No server authentication
Encrypted communication using
SSL/TLS. (The Secure Sockets Layer
(SSL) and Transport Layer Security
(TLS) protocols provide the encryption
 IV. Common Vulnerabilities
and Attack Vectors
Injection Cross-site request forgery
Malicious code injected CSRF
Exploiting a user's authenticated session to
into web application perform unauthorized actions on their behalf.
inputs to gain
unauthorized access or
manipulate data.
3

2
Cross-Site Scripting (XSS)

Via user input, server accepts untrusted

JavaScript code. When server returns
this in response, browser will execute it.
 V. In which profiles we can
use it?
•Penetration Testing: Professionals conduct controlled attacks on web
applications to identify vulnerabilities and weaknesses.
•Vulnerability Assessment: Teams assess web applications for potential
security flaws and provide recommendations for mitigation.
•Incident Response: Security teams investigate security breaches involving
web applications, determining how exploitation occurred and how to prevent
future incidents.
•Application Security: Specialists focus on integrating security practices into
the software development lifecycle (SDLC) to prevent vulnerabilities during the
development phase.
•Threat Intelligence: Analysts study and track web-based threats, including
exploitation techniques, to improve overall security posture.
•Security Training and Awareness: Educators provide training to developers
and staff about secure coding practices and awareness of common web exploits.
 VI. Which tools we
use?
Burp Suite: A comprehensive tool for web application security testing that allows for intercepting requests, performing
scanning, and testing for vulnerabilities.

OWASP ZAP (Zed Attack Proxy): An open-source security tool that helps find vulnerabilities in web applications, offering
features for automated and manual testing.

SQLMap: An automated tool designed to detect and exploit SQL injection vulnerabilities in web applications.

Nmap: A network scanning tool that can also be used to discover services running on a server, which can help identify potential
attack vectors.

Nikto: A web server scanner that checks for dangerous files, outdated server software, and common vulnerabilities.

Metasploit: A powerful framework for penetration testing that includes a wide range of exploits and payloads for testing web
application vulnerabilities.

W3AF (Web Application Attack and Audit Framework): A tool that helps identify and exploit vulnerabilities in web
applications.

Fiddler: A web debugging proxy that captures HTTP and HTTPS traffic, allowing for analysis and manipulation of requests and
responses.

BeEF (Browser Exploitation Framework): A penetration testing tool that focuses on exploiting vulnerabilities in web
browsers.

DirBuster: A tool for brute-forcing directories and files on web servers to uncover hidden resources.
 Burp Suite-PortSwigger

These tools are essential for security professionals to assess and improve the security of web applications.
Burp Suite Features:
1.Proxy: Intercept and modify HTTP/S requests and responses between the browser and
the server for detailed analysis.
2.Scanner: Automatically scans web applications for common vulnerabilities such as
SQL injection, XSS, and more.
3.Intruder: A tool for automating customized attacks, such as brute-force attacks or
sending payloads to test for vulnerabilities.
4.Repeater: Allows users to modify and resend individual HTTP requests to test how the
server responds.
5.Sequencer: Analyzes the randomness of session tokens or other values to identify
weaknesses.
6.Extender: Supports the integration of third-party plugins and extensions to enhance
functionality.
 VII. Platforms to
practice

CTFlearn.com
Hackthebox.com
PicoCTF.com
Cybertalents.com
TryHackme.com
 V.IIIChallenges to
solve
Challenge N°1 Challenge N°2 Challenge N°3 Challenge N°
4

Challenge N°5 Challenge N°6 Challenge N°7 Challenge N°8