1
00:00:01,990 --> 00:00:09,490
Now before we dig any deeper into how to exploit and discover vulnerabilities I like to pause and just

2
00:00:09,490 --> 00:00:15,170
go back for a second and see what exactly happens when a user clicks on a certain link.

3
00:00:15,250 --> 00:00:19,910
So let's say you're browsing a Web site and you click on any link on that website.

4
00:00:20,320 --> 00:00:21,520
What happens.

5
00:00:21,580 --> 00:00:23,440
So we have here we have the client site.

6
00:00:23,470 --> 00:00:29,490
So this is your computer with the Hastey of my web site that is displayed to the user.

7
00:00:29,500 --> 00:00:33,970
So this this is all loaded on your computer or on the client.

8
00:00:34,180 --> 00:00:39,910
And then we have the server which contains the code that gets executed if the website is functional

9
00:00:39,940 --> 00:00:49,360
and if it uses code so when you click on a link they see on a Web site or the client side part of the

10
00:00:49,360 --> 00:00:54,970
page of the website will generate a request so it won't actually do any computations.

11
00:00:54,970 --> 00:00:59,130
Most of the time though sometimes there is client side code and we'll see that.

12
00:00:59,380 --> 00:01:06,670
But usually the client side code will generate a request which is sent to the Web site to the web server

13
00:01:07,120 --> 00:01:13,660
and the web server you'll have some functional code such as Page free or Python Ruby any programming

14
00:01:13,660 --> 00:01:14,220
language.

15
00:01:14,410 --> 00:01:20,530
And that's most of the time that code interacts with the database gets some sort of information and

16
00:01:20,530 --> 00:01:26,650
then send the information as a response to the website to the browser and the browser will display it

17
00:01:26,680 --> 00:01:27,950
as well.

18
00:01:28,090 --> 00:01:35,420
So the code the functional code or the computation code is usually stored on the server side.

19
00:01:35,590 --> 00:01:41,920
And the way that most of these Web sites work is they generate a request they send it to the server

20
00:01:41,980 --> 00:01:45,690
the server execute the request and send it back.

21
00:01:45,700 --> 00:01:51,520
So when we're trying to hack into Web sites and exploit them we usually play with the request sent and

22
00:01:51,550 --> 00:01:58,600
try to modify that request so that it performs some actions that would help us to gain information or

23
00:01:58,870 --> 00:02:03,880
run some certain type of code that would give us a reverse connection.

24
00:02:03,880 --> 00:02:11,340
Now there is two type of requests there is get requests and post requests that have an example.

25
00:02:11,340 --> 00:02:17,790
So if we go here on the file inclusion you'll see that we have a variable called Page and the value

26
00:02:17,880 --> 00:02:20,710
of that is include the Ph.

27
00:02:20,910 --> 00:02:26,590
So right here this is a get request because we can see the values of it.

28
00:02:26,790 --> 00:02:30,280
So we can see that page equals include BHB.

29
00:02:30,360 --> 00:02:36,570
So this page is requesting another page to include another page called indexed or APHC.

30
00:02:36,590 --> 00:02:39,110
Now we won't go into detail of what that means.

31
00:02:39,130 --> 00:02:42,990
All we're concerned about is to have an example and this is the example.

32
00:02:42,990 --> 00:02:48,660
So this is the variable that we're given a value for which is page and we're giving it a value of include

33
00:02:48,890 --> 00:02:49,890
the Ph.

34
00:02:49,980 --> 00:02:54,300
So that's a get request an example of a post request.

35
00:02:54,420 --> 00:02:56,010
Is the file upload.

36
00:02:56,010 --> 00:03:01,400
So if we go to the file upload when you upload something in here.

37
00:03:01,630 --> 00:03:07,140
So let me just upload something.

38
00:03:07,240 --> 00:03:12,380
You'll see that the URL doesn't get modified but the request is sent so the.

39
00:03:12,420 --> 00:03:19,180
The image is actually uploaded on the server and all that but the or else still looks the same but the

40
00:03:19,180 --> 00:03:20,890
website did send information.

41
00:03:20,890 --> 00:03:26,440
So the haste and my web site did send information to the server you just didn't see the information

42
00:03:26,440 --> 00:03:36,450
in here because it was sent as post instead of get so the first problem now is we can see the parser

43
00:03:36,470 --> 00:03:41,580
costs we can't modify them because they're not shown here in the in the you are out in the case of get

44
00:03:41,600 --> 00:03:44,660
we can modify them straight away from the R L.

45
00:03:44,660 --> 00:03:50,210
Another problem is a lot of these Web sites in the future they're going to be used in security and they're

46
00:03:50,210 --> 00:03:52,680
going to be used in client side code.

47
00:03:52,730 --> 00:03:58,490
So if that's used then the request is actually modified before it gets sent.

48
00:03:58,520 --> 00:04:04,190
So there will be filters and stuff working on the client side that will modify our code before we send

49
00:04:04,190 --> 00:04:04,490
it.

50
00:04:05,490 --> 00:04:11,710
So the best way of intercepting requests and so that we can see the post requests we're going to use

51
00:04:11,760 --> 00:04:12,330
our proxy.