1
00:00:01,050 --> 00:00:02,730
All right, so welcome back, everyone.

2
00:00:03,060 --> 00:00:05,290
This is a station on learning something.

3
00:00:05,430 --> 00:00:08,740
I mean, this this is about learning SCDP.

4
00:00:09,210 --> 00:00:09,600
All right.

5
00:00:09,600 --> 00:00:10,620
So let's get started.

6
00:00:11,430 --> 00:00:19,680
As should be is pretty well known, of course, but we'll be understanding the next SCDP from the Nutshell

7
00:00:19,680 --> 00:00:26,130
will be understanding the flow of a certainty so that it would help us to understand what other security

8
00:00:26,130 --> 00:00:32,100
challenges with it and how we can probably exploit different application accordingly.

9
00:00:32,370 --> 00:00:35,590
OK, so what is exactly SCDP?

10
00:00:35,700 --> 00:00:39,700
In a nutshell, SCDP is a sort of four methods, are it?

11
00:00:39,960 --> 00:00:41,250
It's burring.

12
00:00:41,310 --> 00:00:50,280
You get a speech and each of the text that you see on and on a Web page, it is linked to another Web

13
00:00:50,280 --> 00:00:55,010
page and that Web beach having a text.

14
00:00:55,020 --> 00:00:59,840
And again, the text, each of the text can be linked to another Web page.

15
00:00:59,850 --> 00:01:00,260
Right.

16
00:01:00,630 --> 00:01:08,970
So that when you have a chain off of Web pages connected to text and that's possible because of hypertext.

17
00:01:09,300 --> 00:01:09,760
All right.

18
00:01:10,320 --> 00:01:17,070
So that is that is SCDP, something which is now used everywhere on the Internet.

19
00:01:17,070 --> 00:01:19,800
Without this, the government can not even exist.

20
00:01:19,820 --> 00:01:20,150
Right.

21
00:01:20,760 --> 00:01:23,340
And let's understand the flow.

22
00:01:23,940 --> 00:01:31,470
But so in this situation, you can see the user and the server user.

23
00:01:31,680 --> 00:01:38,910
The first thing that anybody do, once they are ready to surf the Internet, they just open the browser

24
00:01:38,910 --> 00:01:40,740
and type the name of the site.

25
00:01:40,740 --> 00:01:40,980
Right.

26
00:01:41,190 --> 00:01:48,750
Maybe up Google dot com, stop initiating the net method, making use of NetBank while going by going

27
00:01:48,750 --> 00:01:51,840
through their bank account and all those stuff.

28
00:01:51,840 --> 00:01:52,050
Right.

29
00:01:52,680 --> 00:01:58,200
So the first thing the very first thing that happened is users sent a request.

30
00:01:58,440 --> 00:01:58,880
Right.

31
00:01:59,490 --> 00:02:03,960
And that request goes to the Web server like this.

32
00:02:03,960 --> 00:02:06,900
And that is basically SCDP request.

33
00:02:07,770 --> 00:02:12,240
And on response to it, the server sends the S&amp;P response.

34
00:02:13,260 --> 00:02:16,980
It's that easy, but is it really that easy?

35
00:02:17,730 --> 00:02:26,370
I'll tell you what it is if you understand it in a different way, when means and the request is that

36
00:02:26,370 --> 00:02:29,790
you send the request to somebody as well.

37
00:02:29,940 --> 00:02:36,120
It's your Web browser who is the which is the basically the interface to the digital world.

38
00:02:36,570 --> 00:02:44,400
Your Web browser is doing selecting the selecting the request and receiving the response.

39
00:02:44,790 --> 00:02:47,940
There are many, many different types of requests.

40
00:02:47,940 --> 00:02:48,270
Right.

41
00:02:48,660 --> 00:02:50,220
But you never select that.

42
00:02:50,220 --> 00:02:54,780
It's on your Web browser who decide where to put which kind of response.

43
00:02:54,780 --> 00:02:55,000
Right.

44
00:02:55,350 --> 00:03:01,830
So your Web browser, take care of all those activities and now and even your Web browser, take care

45
00:03:01,830 --> 00:03:02,890
of the response as well.

46
00:03:03,270 --> 00:03:06,780
So it's the job of your Web browser to take care of it.

47
00:03:06,990 --> 00:03:13,710
But in order to in order for us to understand and exploit and possibly hack the Web application, we

48
00:03:13,710 --> 00:03:19,440
need to understand how Web application exchange the data back and forth with the Web servers.

49
00:03:19,440 --> 00:03:21,200
Right, with the Web browsers.

50
00:03:22,260 --> 00:03:23,690
So let's get started.

51
00:03:23,700 --> 00:03:30,870
Let's understand both the points SCDP request and the response one by one SCDP request.

52
00:03:30,870 --> 00:03:33,150
The first type of request is to get requests.

53
00:03:33,660 --> 00:03:39,390
Now, get requests is pretty similar to asking for, hey, I want to get the resources on this.

54
00:03:39,390 --> 00:03:41,640
You are probably on the site.

55
00:03:41,650 --> 00:03:42,950
Let's say I want to get there.

56
00:03:42,960 --> 00:03:53,280
So I want to get the want to get the list of all capped list of all images in the world.

57
00:03:53,280 --> 00:03:53,540
Right.

58
00:03:53,550 --> 00:03:58,770
So what I want to do, you just go to the Google and the search engines.

59
00:03:58,770 --> 00:04:00,480
Is Digance right gappy me?

60
00:04:00,480 --> 00:04:05,750
Just what's going to happen is you will get the list of all the images on your browser.

61
00:04:06,270 --> 00:04:12,390
So what basically happened is if you if you search that you see on the browser, on the on the top and

62
00:04:12,390 --> 00:04:13,380
the you are the side.

63
00:04:13,380 --> 00:04:23,220
You see, you have been moved to some directory to Google dot com slash, maybe search and then some

64
00:04:23,220 --> 00:04:29,000
some time into question mark and then slash and then Gantt's and multiple results.

65
00:04:29,250 --> 00:04:29,590
Right.

66
00:04:30,420 --> 00:04:36,990
So you basically asking for all the resources under that you are and that's going to get requests that

67
00:04:36,990 --> 00:04:38,710
are doing the data from the server.

68
00:04:39,090 --> 00:04:40,500
There's one more request.

69
00:04:40,520 --> 00:04:50,490
SCDP request is just a post be post is pretty similar to uploading any data or upload method, but not

70
00:04:50,490 --> 00:04:51,060
exactly.

71
00:04:51,060 --> 00:04:52,880
But it's all about submission of your.

72
00:04:53,490 --> 00:04:54,990
So what kind of situation?

73
00:04:54,990 --> 00:04:59,940
Let's say you have a login form and you submit your username and password.

74
00:05:00,280 --> 00:05:07,460
That's where the post metaphor comes in, what method, but method is pretty similar to post it just

75
00:05:08,440 --> 00:05:15,250
in spite of sending a whole new data you just beat when your browser need to update any existing data

76
00:05:15,250 --> 00:05:20,200
you make use of put update date already present on that server.

77
00:05:21,310 --> 00:05:24,280
Delete, delete is all about deleting the data from the server.

78
00:05:24,610 --> 00:05:25,400
It's that easy.

79
00:05:25,630 --> 00:05:28,690
These are some of the well-known SCDP request.

80
00:05:29,170 --> 00:05:35,610
If you find anything other than this, probably you can exploit those requests as well.

81
00:05:35,620 --> 00:05:42,640
I'll show you how can how can we exploit such request methods to retrieve some confidential information

82
00:05:42,640 --> 00:05:45,010
or probably give the access to the Web services.

83
00:05:45,020 --> 00:05:54,520
But these methods has to be open and working on the Web servers in order for for the Web servers to

84
00:05:54,520 --> 00:05:56,340
serve on the users.

85
00:05:56,350 --> 00:05:56,650
Right.

86
00:05:57,820 --> 00:06:00,550
Let's understand the EDP response now.

87
00:06:01,600 --> 00:06:03,020
SCDP response rate.

88
00:06:03,580 --> 00:06:11,530
So when you see the SCDP response for everything, for every request, there are different SCDP response

89
00:06:11,530 --> 00:06:16,810
which has been built, so it ranges from one thousand to 5000.

90
00:06:17,140 --> 00:06:23,730
So understand anything which starts with one exec says it could be any random number.

91
00:06:23,740 --> 00:06:26,310
It could be 100 as well, one zero one as well.

92
00:06:26,710 --> 00:06:32,350
But anything that starts with this, it's always information that could be notification on the stuff,

93
00:06:32,650 --> 00:06:35,130
request, receive process and all the stuff.

94
00:06:35,830 --> 00:06:38,720
What is really important is the 206 number.

95
00:06:39,550 --> 00:06:47,290
So if you see 200, this means, okay, you would you would get a promising 200, OK, that means you

96
00:06:47,290 --> 00:06:49,290
ask for something and yes, it is there.

97
00:06:49,750 --> 00:06:51,160
So there's no problem with that.

98
00:06:51,160 --> 00:06:53,850
Successfully receive, understood and accepted.

99
00:06:54,280 --> 00:07:01,840
So you will always see 200 or 300 OK, created that's gotten that kind of response coming in from a

100
00:07:01,840 --> 00:07:02,230
website.

101
00:07:02,500 --> 00:07:05,110
That's the response rate 300.

102
00:07:05,210 --> 00:07:10,990
It's always redirect for their action must be taken very, very clear to all the stuff could be moved

103
00:07:10,990 --> 00:07:12,330
to a new Rivara.

104
00:07:12,340 --> 00:07:19,120
So if you have reached out to some site and that has been redirected to some else, nowadays it is being

105
00:07:19,120 --> 00:07:23,980
used a lot because many site make use of papers and all the stuff.

106
00:07:23,980 --> 00:07:29,860
So maybe you make use, you go to any, any, any travel site.

107
00:07:30,430 --> 00:07:36,880
The moment you make a payment, you go to another site, you from there you go to another e-commerce

108
00:07:36,880 --> 00:07:41,060
site or probably from there to maybe fired and more site as well.

109
00:07:41,230 --> 00:07:42,730
This is when this happened.

110
00:07:42,730 --> 00:07:47,590
You get a response saying, OK, we are moving, we are moving your request to another site and you

111
00:07:47,590 --> 00:07:54,930
get a response saying it's a three to one and three to four as well in case it's not modified 400.

112
00:07:54,940 --> 00:08:01,810
It's pretty, pretty difficult, pretty difficult and pretty critical for most of the network, our

113
00:08:02,200 --> 00:08:09,100
application admin as well, because if you see a prompting for 04, that becomes a challenge.

114
00:08:09,100 --> 00:08:15,130
That means you ask for something you send let's say you send a request on a certain you are to maybe

115
00:08:15,400 --> 00:08:21,050
images on a specific maybe e-commerce site and there is no got images available.

116
00:08:21,400 --> 00:08:23,890
I'm not talking about Google search engine.

117
00:08:23,890 --> 00:08:32,250
Let's say you are online or on any Amazon, maybe, let's say, and you search for any requests for

118
00:08:32,250 --> 00:08:36,460
resources, maybe got address.

119
00:08:36,460 --> 00:08:41,290
So if Amazon don't sell it, the page won't be available or maybe any sort of stuff.

120
00:08:41,290 --> 00:08:41,520
Right.

121
00:08:41,830 --> 00:08:47,770
So if that resource is not available, you will get a response saying four zero four on maybe.

122
00:08:48,370 --> 00:08:50,980
And there is a support page on any website.

123
00:08:51,340 --> 00:08:54,280
You thought that, OK, I don't get any response.

124
00:08:54,280 --> 00:08:55,600
I'm not happy with their service.

125
00:08:55,600 --> 00:08:58,210
Let's click on Support Page.

126
00:08:58,210 --> 00:09:04,510
And they might they might not be having the support beat and they just might have mentioned it.

127
00:09:04,540 --> 00:09:04,900
Right.

128
00:09:05,290 --> 00:09:11,170
So if they don't have the resources available, you would get a problem saying for Xeroform, that's

129
00:09:11,170 --> 00:09:11,620
a challenge.

130
00:09:11,620 --> 00:09:15,430
That means they're not available for that request download stuff.

131
00:09:15,430 --> 00:09:15,730
Right.

132
00:09:16,120 --> 00:09:22,810
So that's the kind of major barometer's available then.

133
00:09:22,810 --> 00:09:24,460
Of course, you have celebrator.

134
00:09:24,460 --> 00:09:32,930
If you have 500 CD's response coming in, it could be several failed to fulfill in about and about apparent

135
00:09:32,970 --> 00:09:34,010
valid requests.

136
00:09:34,500 --> 00:09:38,110
And you would probably get up and done a server in those situations.

137
00:09:38,740 --> 00:09:46,150
And this is all about how the SCDP works in terms of request and the response rate.

138
00:09:46,480 --> 00:09:52,060
We have seen different dippie request methods so as to keep your request.

139
00:09:52,060 --> 00:10:00,280
And of course, the institute response as well in the next session will be practically looking at how

140
00:10:00,310 --> 00:10:07,240
this works from the browser site and when while you browse and look for different Gath images, what

141
00:10:07,240 --> 00:10:10,570
exactly your browser doing at that moment of your time.

142
00:10:10,660 --> 00:10:12,880
All right, Will got you in the next session then.

143
00:10:12,880 --> 00:10:13,360
Thank you.