A Vision of Web Application Security 1

To undersand the vulnerabilities of a Web Application, we need to think like an attacker do. In order to reach this, we will use a suite that works on webs applications that generates variants of the requests to simulate a normal traffic, and this suite is the burpsuite that works like a man in the middle in order to alter of modify the normal behaviour. it use a proxy configuration. The proxy configuration could be for a external server or a local server. for the local server configuration requires an extra configuration.
Normal Configuration before configure proxyStep 1: Download and install Burpsuite
Once installed burpsuite, we use the proxy tab.
click on intercept on will show request that the system do to servers, some of them are automatic for telemetry and so on, and also request of our actions.
Schema of Client, BurpSuite as Proxy and external Web Server

Step 3: On Tab Proxy click on intercept On , Do a Request to an external Site https://portswigger.net Click Open Browser, it will open the chrome browser,
...
Step 4: Now the intercept is active, the server is waiting for the request that is in brupsite proxy, to send to the server, press Forward or Forward All till all the frames finish to arrive to the server.
Step 4: Now the intercept is active, the server is waiting for the request that is in brupsite proxy, to send to the server, press Forward or Forward All till all the frames finish to arrive to the server.
...
Step 5: Once finish the transaction, the history of traces are on Tab Proxy --> Tab Http History




No hay comentarios:
Publicar un comentario