Hey Everyone, I am Vikram Salunke and welcome the Web Application
Penetration Testing and Secure Coding In the last video we saw Burp Proxy Introduction
now let's see the request we sent to the web server
let's get started this is our Firefox web browser
and I have configured the Burp proxy to listen to our connection
and as we can see the "Intercept is On" let's browse the vulnerable.app
it is saying connecting that means
the request is currently in Burp as we can see this is the request which was
sent to the Web Server we will click on Forward
after that this is the Response we got from the web server
let's click on Forward let's look at that once again
this is our Firefox Web Browser and we want to Browse vulnerable.app
and this is our Burp Proxy I have configured this Burp Proxy
to listen to our connection between Firefox Web Browser to Vulnerable.app
webserver if you want to know
how to configure burp to listen to our connection then please watch my previous video
I will give the link in the "i" button above so when we type vulnerable.app into the Firefox
web browser the request first goes to Burp
after that when we click on Forward the request goes to vulnerable.app
then vulnerable.app sends response back first it comes to the Burp
and when we click on Forward that response returns to the Firefox web browser
now let's look at the format of HTTP Message
first there are headers after that there is a blank line
and after that the Message Body these are the headers
after that there is blank line but this HTTP request doesn't have any body
let's click on Forward after clicking on Forward
the request will go to the web server at vulnerable.app
now we got the Response back from the vulnerable.app and these are the HTTP Response headers
after that as we can see there is a blank line
and after that this is a message body and when we click on this Forward
the HTTP response will go back to the browser as we can see here
the Response is now into the browser in this video we will only
look at the HTTP Request and in the next video
we will analyse HTTP Response first there is GET /index.php HTTP/1.1
after that Host: vulnerable.app after that
User-Agent then Accept
then Accept-Langague after that Accept-Encoding
and after that Connection: close now let's understand this HTTP request line
by line first
GET /index.php HTTP/1.1 let's divide that into
GET /inde.php
HTTP/1.1 now GET is known as the HTTP verb or Method
so, GET request happens when you type URL and press Enter
there are some other HTTP methods also such as
HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE
we will look at those in upcoming videos next there is /index.php
so, index.php is a resource which we are requesting after that there is HTTP/1.1
it is a version of HTTP on which the browser wants to talk
there are some other versions of HTTP also we will look at those in the upcoming videos
from this point the HTTP Request headers will start
in this case the Host is Header Name
and vulnerable.app is Header Names as we can see in the left hand side those
are the Header names and in the right hand side
those are the Header Values next is
Host: vulnerable.app Host is a header name
and vulnerable.app is a header value vulnerable.app is known as the hostname
hostname + path = Full URL that means vulnerable.app is a hostname
and index.php is path that becomes Full URL
next is a User-Agent User-Agent tells the information about the
browser as we can see this is information about Firefox
Web Browser all browsers have their own unique identification
string this is for Firefox
for Internet Explorer there will be different for Google Chrome there will be different
and so on next is a Accept
that means it is a Accepted document type by a browser
so, when a browser sends a Request to the web server
it includes the Access HTTP Request Header it tell the Web Server that what kind of document
type will be Accepted by a Web Browser next is a Accepted-Language
in this case web browser tells the Web Server what kind of language is accepted here
after that there is Accepted-Encoding browser is telling the WebServer about the
accepted content encoding next is a Connection: close
Connection close means we are closing the connection with the server
from the next time if the browser wants something else from the same web server
it has to make a new connection request and if the value of a connection is keep-alive
that means a new Request will be made from the same connection
this is the difference between close and keep-alive close means for the new request
new connection will be made and keep-alive means
for the new request same connection will be used
now we are in Burp Proxy and we are sending request to the vulnerable.app
and as we saw earlier these are the HTTP Requests headers are sent
by the web browser to the Web Server such as
GET Host
User-Agent Accept
Accept-Langauge Accept-Encoding
Connection: close etc.
So, that's what I had planned for this video in the next video we will see the response
coming back from web server to the web browser
Thank you :)
Không có nhận xét nào:
Đăng nhận xét