martes, 7 de julio de 2026

A Vision of Web Application Security 1

 A Vision of Web Application Security  1

To undersand the vulnerabilities of a Web Application, we need to think like an attacker do. In order to reach this, we will use a suite that works on webs applications that generates variants of the requests to simulate a normal traffic, and this suite is the burpsuite that works like a man in the middle in order to alter of modify the normal behaviour. it use a proxy configuration. The proxy configuration could be for a external server or a local server. for the local server configuration requires an extra configuration.

Normal Configuration before configure proxy




Step 1: Download and install Burpsuite

 

Once installed burpsuite, we use the proxy tab.

click on intercept on will show request that the system do to servers, some of them are automatic for telemetry and so on, and also request of our actions.


Step 2: configure the proxy setting to 127.0.0.1:8080


   Schema of Client, BurpSuite as Proxy and external Web Server

Step 3: On Tab Proxy click on intercept On , Do a Request to an external Site https://portswigger.net Click Open Browser, it will open the chrome browser, 
...

...
Step 4: Now the intercept is active, the server is waiting for the request that is in brupsite proxy, to send to the server, press Forward or Forward All till all the frames finish to arrive to the server.



...
Step 5: Once finish the transaction, the history of traces are on Tab Proxy --> Tab Http History