1 00:00:01,990 --> 00:00:09,490 Now before we dig any deeper into how to exploit and discover vulnerabilities I like to pause and just 2 00:00:09,490 --> 00:00:15,170 go back for a second and see what exactly happens when a user clicks on a certain link. 3 00:00:15,250 --> 00:00:19,910 So let's say you're browsing a Web site and you click on any link on that website. 4 00:00:20,320 --> 00:00:21,520 What happens. 5 00:00:21,580 --> 00:00:23,440 So we have here we have the client site. 6 00:00:23,470 --> 00:00:29,490 So this is your computer with the Hastey of my web site that is displayed to the user. 7 00:00:29,500 --> 00:00:33,970 So this this is all loaded on your computer or on the client. 8 00:00:34,180 --> 00:00:39,910 And then we have the server which contains the code that gets executed if the website is functional 9 00:00:39,940 --> 00:00:49,360 and if it uses code so when you click on a link they see on a Web site or the client side part of the 10 00:00:49,360 --> 00:00:54,970 page of the website will generate a request so it won't actually do any computations. 11 00:00:54,970 --> 00:00:59,130 Most of the time though sometimes there is client side code and we'll see that. 12 00:00:59,380 --> 00:01:06,670 But usually the client side code will generate a request which is sent to the Web site to the web server 13 00:01:07,120 --> 00:01:13,660 and the web server you'll have some functional code such as Page free or Python Ruby any programming 14 00:01:13,660 --> 00:01:14,220 language. 15 00:01:14,410 --> 00:01:20,530 And that's most of the time that code interacts with the database gets some sort of information and 16 00:01:20,530 --> 00:01:26,650 then send the information as a response to the website to the browser and the browser will display it 17 00:01:26,680 --> 00:01:27,950 as well. 18 00:01:28,090 --> 00:01:35,420 So the code the functional code or the computation code is usually stored on the server side. 19 00:01:35,590 --> 00:01:41,920 And the way that most of these Web sites work is they generate a request they send it to the server 20 00:01:41,980 --> 00:01:45,690 the server execute the request and send it back. 21 00:01:45,700 --> 00:01:51,520 So when we're trying to hack into Web sites and exploit them we usually play with the request sent and 22 00:01:51,550 --> 00:01:58,600 try to modify that request so that it performs some actions that would help us to gain information or 23 00:01:58,870 --> 00:02:03,880 run some certain type of code that would give us a reverse connection. 24 00:02:03,880 --> 00:02:11,340 Now there is two type of requests there is get requests and post requests that have an example. 25 00:02:11,340 --> 00:02:17,790 So if we go here on the file inclusion you'll see that we have a variable called Page and the value 26 00:02:17,880 --> 00:02:20,710 of that is include the Ph. 27 00:02:20,910 --> 00:02:26,590 So right here this is a get request because we can see the values of it. 28 00:02:26,790 --> 00:02:30,280 So we can see that page equals include BHB. 29 00:02:30,360 --> 00:02:36,570 So this page is requesting another page to include another page called indexed or APHC. 30 00:02:36,590 --> 00:02:39,110 Now we won't go into detail of what that means. 31 00:02:39,130 --> 00:02:42,990 All we're concerned about is to have an example and this is the example. 32 00:02:42,990 --> 00:02:48,660 So this is the variable that we're given a value for which is page and we're giving it a value of include 33 00:02:48,890 --> 00:02:49,890 the Ph. 34 00:02:49,980 --> 00:02:54,300 So that's a get request an example of a post request. 35 00:02:54,420 --> 00:02:56,010 Is the file upload. 36 00:02:56,010 --> 00:03:01,400 So if we go to the file upload when you upload something in here. 37 00:03:01,630 --> 00:03:07,140 So let me just upload something. 38 00:03:07,240 --> 00:03:12,380 You'll see that the URL doesn't get modified but the request is sent so the. 39 00:03:12,420 --> 00:03:19,180 The image is actually uploaded on the server and all that but the or else still looks the same but the 40 00:03:19,180 --> 00:03:20,890 website did send information. 41 00:03:20,890 --> 00:03:26,440 So the haste and my web site did send information to the server you just didn't see the information 42 00:03:26,440 --> 00:03:36,450 in here because it was sent as post instead of get so the first problem now is we can see the parser 43 00:03:36,470 --> 00:03:41,580 costs we can't modify them because they're not shown here in the in the you are out in the case of get 44 00:03:41,600 --> 00:03:44,660 we can modify them straight away from the R L. 45 00:03:44,660 --> 00:03:50,210 Another problem is a lot of these Web sites in the future they're going to be used in security and they're 46 00:03:50,210 --> 00:03:52,680 going to be used in client side code. 47 00:03:52,730 --> 00:03:58,490 So if that's used then the request is actually modified before it gets sent. 48 00:03:58,520 --> 00:04:04,190 So there will be filters and stuff working on the client side that will modify our code before we send 49 00:04:04,190 --> 00:04:04,490 it. 50 00:04:05,490 --> 00:04:11,710 So the best way of intercepting requests and so that we can see the post requests we're going to use 51 00:04:11,760 --> 00:04:12,330 our proxy.