Welcome Readers,
Today we will cover some basics to start web application penetration testing. In simple terms"Web APp HaCkiNg". Just remember guys we are doing this in ethical way so be careful on testing public websites. caution: Do not exploit any website unless you have permission to do so. always be ethical and responsible. Know everything before doing any hack.
So coming to the basics we will first understand what is WEB APPLICATION?
As we daily browse many websites like Facebook, LinkedIn, YouTube, blogger etc with browsers like firefox,safari, IE, Opera. That means we are accessing web application using web browsers. Web apps are hosted on web servers. There are number of web servers like Apache, IIS, cold fusion etc. These web servers integrates with database server and store the user/website data in different ways.
Take a look on below diagram for clear understanding,
Now we understood what is simplest web app architecture lets see how it works. Lets assume we are surfing www.facebook.com from our web browser (eg.Firefox). Now what exactly happen when we type facebook url in web browsers. In simple terms web browser will send request packet with facebook address to facebooks web server. Web server will respond with another response packet to user's browser and facebook page will appear.Now these packet exchange follow some rules they should follow some protocols in order to work properly. And those protocols are HTTP and HTTPS.
HTTP/s (Hyper Text Transfer Protocol/ secure):
Some highlights about HTTP protocol
Lets take example for HTTP GET request:Today we will cover some basics to start web application penetration testing. In simple terms"Web APp HaCkiNg". Just remember guys we are doing this in ethical way so be careful on testing public websites. caution: Do not exploit any website unless you have permission to do so. always be ethical and responsible. Know everything before doing any hack.
So coming to the basics we will first understand what is WEB APPLICATION?
As we daily browse many websites like Facebook, LinkedIn, YouTube, blogger etc with browsers like firefox,safari, IE, Opera. That means we are accessing web application using web browsers. Web apps are hosted on web servers. There are number of web servers like Apache, IIS, cold fusion etc. These web servers integrates with database server and store the user/website data in different ways.
Take a look on below diagram for clear understanding,
Now we understood what is simplest web app architecture lets see how it works. Lets assume we are surfing www.facebook.com from our web browser (eg.Firefox). Now what exactly happen when we type facebook url in web browsers. In simple terms web browser will send request packet with facebook address to facebooks web server. Web server will respond with another response packet to user's browser and facebook page will appear.Now these packet exchange follow some rules they should follow some protocols in order to work properly. And those protocols are HTTP and HTTPS.
HTTP/s (Hyper Text Transfer Protocol/ secure):
Some highlights about HTTP protocol
- The HTTP is a stateless protocol is based on a series of client requests and web server responses.
- HTTP requests and responses are comprised of Headers, followed by request or response body
- HTTP requests must use a specific request method.
- HTTP responses contain a Status Code.
- HTTP is a plain-text protocol.
- HTTPs is not a plain text protocol.
above request is which our web browser will send to web application. here in this case our browser is requesting to testfire.net web application.
Now lets see how testfire.net will send HTTP response:
I
hope you understood the basic of request response. I know there are
lot of things to explain but we will cover one by one. Lets see what is
URL and how it formed.
URL: Uniform resource locator
when we hit URL of any website from browser it uses,
Protocol: HTTP (80 port) /HTTPS (443 port)
Host name: website name
Path: website file name like login.html ,index.php etc.
Query and fragment: web application query.
By this way browser and server exchange requests and complete the conversation. This is basic concept of web application and its working.
In the next post we will see types of HTTP methods, response codes, interception tools and bit more basics stay tuned....
Now lets see how testfire.net will send HTTP response:
URL: Uniform resource locator
when we hit URL of any website from browser it uses,
Protocol: HTTP (80 port) /HTTPS (443 port)
Host name: website name
Path: website file name like login.html ,index.php etc.
Query and fragment: web application query.
By this way browser and server exchange requests and complete the conversation. This is basic concept of web application and its working.
In the next post we will see types of HTTP methods, response codes, interception tools and bit more basics stay tuned....
Prats : Nice Explanation
ReplyDelete
ReplyDeleteThanks for sharing your honest experience. When I first took a look at my head shots,
I wasn’t too thrilled with mine but you’ve given me a new perspective!
Web application security