Intro to web application testing

Learn Cybersecurity for FREE

HTTP Protocol

Proxy request:

CONNECT www.example.com:443 HTTP/1.1

Proxy request with authentication:

CONNECT server.example.com:80 HTTP/1.1 
Host: server.example.com:80 
Proxy-Authorization: basic aGVsbG86d29ybGQ=

Check open proxy request:

echo -ne "CONNECT http://$DOMAIN HTTP/1.1\r\nHost: $DOMAIN\r\n\r\n" | nc $IP 8080

Fuzzing websites and HTTP protocol

wfuzz: Web application fuzzer. Wfuzz has been created to facilitate the task in web applications assessments and it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload.

https://github.com/xmendez/wfuzz

pip install wfuzz
wfuzz -w wordlist/general/common.txt --hc 404 http://$DOMAIN/FUZZ
wfpayload -z range,0-10
wfencode -e md5 test

Fuzz HTTP methods:

wfuzz -z list,GET-HEAD-POST-TRACE-OPTIONS -X FUZZ http://$DOMAIN/

Through a proxy:

wfuzz -z file,wordlist/general/common.txt -p localhost:8080 http://$DOMAIN/FUZZ

Brute-force usernames in WordPress:

wfuzz -c -z file,fsoc.dic — hs Invalid -d “log=FUZZ&pwd=aaaaa” http://$DOMAIN/wp-login.php

References:

JWT

JWT types:

  • JWS (Signature)
  • JWE (Encryption)

Debugging payloads:

  • https://jwt.io/ Auth0 JSON Web Tokens (JWT) debugger (encoder/decoder)
  • Unsecure JWS: Check if alg:none

SAML