1
00:00:00,230 --> 00:00:07,080
Generally, a web penetration test is conducted as a black box test, that means that you're only going

2
00:00:07,080 --> 00:00:13,530
to have an IP range or your URL and then you will display the application in your browser.

3
00:00:14,440 --> 00:00:20,680
And then start the test, so that point, you don't have the code and any of the other resources of

4
00:00:20,680 --> 00:00:26,350
the application, so it's not even possible to view and analyze the code in a situation like that.

5
00:00:27,950 --> 00:00:36,020
And let's say even if it is possible a person won't be able to have a comprehensive information on the

6
00:00:36,020 --> 00:00:42,620
applications code because Web developers can build an application over several different languages,

7
00:00:42,620 --> 00:00:47,530
frameworks and databases for technologies.

8
00:00:48,200 --> 00:00:54,210
So it is rare to have knowledge about all the technologies that the application is built on.

9
00:00:54,540 --> 00:00:55,070
OK.

10
00:00:56,290 --> 00:01:02,830
So that's why I said before, while conducting a web penetration test, we will need to understand the

11
00:01:02,830 --> 00:01:06,660
basic web technologies, but we don't need to be masters in them.

12
00:01:07,450 --> 00:01:11,890
But it is why in the next few minutes, we are going to cover some of these technologies.

13
00:01:13,480 --> 00:01:19,290
Web browsers, the web browser or simply browser is software, right.

14
00:01:19,510 --> 00:01:20,990
Takes you anywhere on the Internet.

15
00:01:21,490 --> 00:01:22,210
It's great.

16
00:01:22,210 --> 00:01:23,300
It's better than a limo.

17
00:01:23,740 --> 00:01:28,110
I love it because, of course, you're watching this course right now in a browser.

18
00:01:28,390 --> 00:01:37,220
Now, they request Web pages over HTTP and display them into a human readable content, will call it.

19
00:01:37,810 --> 00:01:43,720
So despite the fact that they're used every day, a lot of people don't really care to understand how

20
00:01:43,720 --> 00:01:44,290
they work.

21
00:01:44,710 --> 00:01:47,470
I mean, it's kind of like driving a car for the most part.

22
00:01:47,470 --> 00:01:51,640
Everybody gets in a car and turns a key and vroom, off they go.

23
00:01:52,000 --> 00:01:57,640
No, what he thinks about the engine or what's happening in it or any of the other systems because they

24
00:01:57,640 --> 00:01:58,600
don't have to.

25
00:01:59,260 --> 00:02:01,240
It makes sense for regular users.

26
00:02:01,870 --> 00:02:03,340
However, what if you're a mechanic?

27
00:02:04,000 --> 00:02:04,360
All right.

28
00:02:04,360 --> 00:02:08,280
So it's pretty much the same for us as a web penetration tester.

29
00:02:08,290 --> 00:02:15,640
We need to know more about browsers because they are the first point that we touch in a Web application.

30
00:02:17,230 --> 00:02:19,300
In fact, I believe they're like a battlefield.

31
00:02:20,350 --> 00:02:21,400
I mean, stick with me here.

32
00:02:22,210 --> 00:02:29,170
We've got privacy, interface security, all kinds of other options that are very important while using

33
00:02:29,170 --> 00:02:29,680
a browser.

34
00:02:30,220 --> 00:02:36,370
But in this video, I'm just going to show you how they work and how to use them in a penetration test.

35
00:02:36,370 --> 00:02:36,640
Right.

36
00:02:36,880 --> 00:02:42,370
So, anyway, Web browsers, they come in many different flavors and they're designed to run on different

37
00:02:42,370 --> 00:02:43,600
operating systems.

38
00:02:43,870 --> 00:02:47,550
Now, you've probably heard of the most popular Web browsers.

39
00:02:47,560 --> 00:02:53,290
We've got Google Chrome, Mozilla, Firefox, Microsoft Edge or Explorer Opera.

40
00:02:53,620 --> 00:02:57,370
And then in addition to these big players, some many others exist.

41
00:02:57,700 --> 00:03:02,110
Max Thorn and Vivaldi, brave torch epic.

42
00:03:03,250 --> 00:03:10,690
And they all have different features with their pros and cons, so for me, I've been using Firefox

43
00:03:10,690 --> 00:03:15,910
from the very first day that I started pen testing, but and I'm still using it today.

44
00:03:16,710 --> 00:03:18,280
I like working with Firefox.

45
00:03:19,030 --> 00:03:23,260
It has a simple interface that you can control almost anything from.

46
00:03:24,280 --> 00:03:30,280
And also, it has many useful add ons, and I'm going to use them while I conduct a penetration test.

47
00:03:31,460 --> 00:03:38,600
Now, when you install an ad on generally, you will get an icon on the toolbar like I have here, or

48
00:03:38,600 --> 00:03:40,820
you can go to an ad on this list.

49
00:03:41,880 --> 00:03:44,070
And in this window, you can manage your add ons.

50
00:03:45,630 --> 00:03:52,410
But for you, you can choose any of the known browsers that you want to for this course, you probably

51
00:03:52,410 --> 00:03:53,160
already have.

52
00:03:54,470 --> 00:03:59,330
But now let's come to the main question, how does a Web browser actually work?

53
00:04:00,890 --> 00:04:03,350
All right, so I'm going to tell you briefly.

54
00:04:05,050 --> 00:04:10,990
Basically, a browser uses a protocol such as HTP to retrieve data from a network.

55
00:04:12,070 --> 00:04:18,850
The browser can point this data from the URL, which is the address of a specific page or any other

56
00:04:18,850 --> 00:04:19,240
asset.

57
00:04:20,170 --> 00:04:26,710
And to be viewed by a Web browser, this data should be presented in HTML success and JavaScript.

58
00:04:28,190 --> 00:04:29,810
Now, right, click on the page.

59
00:04:30,940 --> 00:04:32,920
Click view page source.

60
00:04:34,360 --> 00:04:36,610
And here is the source of the page.

61
00:04:38,030 --> 00:04:41,840
Of course, this is not the actual code of the developer.

62
00:04:42,760 --> 00:04:48,190
We'll get to that topic a little later, but for now, pretty much you can think of what you're looking

63
00:04:48,190 --> 00:04:52,600
at on the screen as a translation of the code of the developer.

64
00:04:53,740 --> 00:04:55,130
So let's have a look at it.

65
00:04:55,150 --> 00:04:58,780
It consists of HTML, she says JavaScript.

66
00:05:00,090 --> 00:05:03,690
Now, another super feature is web developer tools.

67
00:05:05,580 --> 00:05:12,210
Now, all pretty much all known browsers have this feature, I don't want to go out on a limb and say

68
00:05:12,210 --> 00:05:13,050
every single one.

69
00:05:14,340 --> 00:05:18,360
It's mostly developer oriented, as the name would suggest.

70
00:05:19,510 --> 00:05:26,960
So we're going to use this as well, especially when we're viewing the HTTP messages and dealing with

71
00:05:26,980 --> 00:05:28,570
document object models.

72
00:05:29,890 --> 00:05:37,510
So I don't want to make an advertisement for Firefox, but my point is that all browsers have a long

73
00:05:37,510 --> 00:05:37,990
story.

74
00:05:39,590 --> 00:05:46,420
I won't tell you or go into the browser history or you, yeah, what's also called the browser wars,

75
00:05:46,430 --> 00:05:48,450
you can figure that out for yourself.

76
00:05:48,470 --> 00:05:51,080
You probably already have a favorite browser.

77
00:05:52,070 --> 00:05:58,760
But obviously these days, the browser market is still developing and I think it will continue to develop,

78
00:05:59,870 --> 00:06:01,630
at least for my lifetime anyway.

79
00:06:02,580 --> 00:06:06,960
Point to that story is features are constantly being added.

80
00:06:08,520 --> 00:06:13,170
So, of course, you can visit the website called The Evolution of the Web.

81
00:06:14,130 --> 00:06:16,410
So you can view these improvements.

82
00:06:18,120 --> 00:06:24,320
Unfortunately, it's not updated as frequently as perhaps you might want, but at least it'll give you

83
00:06:24,320 --> 00:06:29,060
a pretty good idea as to how these improvements all came to be.

84
00:06:29,940 --> 00:06:35,970
It also shows the evolution of the Web browsers, but also I just wanted to have a look at the page.

85
00:06:37,690 --> 00:06:45,700
At the moment, so if so, you do want to have a look at browser's more carefully, the general design

86
00:06:45,700 --> 00:06:49,870
of the browser is explained in these documents and it's very good.

87
00:06:51,970 --> 00:06:56,350
Well, it's long, but it's a pretty well explained document, so let's scroll down.

88
00:07:01,740 --> 00:07:05,130
And I want to talk about this image a little bit more.

89
00:07:07,730 --> 00:07:09,770
So let's analyze this figure a little bit.

90
00:07:11,790 --> 00:07:19,050
User interface, this includes the address bar, the back forward button bookmark menu, all this and

91
00:07:19,050 --> 00:07:25,110
every part of the browser display except the window where you see the requested page.

92
00:07:26,120 --> 00:07:31,430
The browser engine marshals' actions between the UI and the rendering engine.

93
00:07:32,540 --> 00:07:39,230
The rendering engine is responsible for displaying the requested content, for example, if the requested

94
00:07:39,230 --> 00:07:47,270
content is HTML, the rendering engine parses e-mail access and it'll display the parsed content on

95
00:07:47,270 --> 00:07:47,750
the screen.

96
00:07:49,020 --> 00:07:56,430
And different browsers use different rendering engines, for example, Firefox uses Geko now for networking,

97
00:07:57,180 --> 00:08:04,040
for network calls such as HTTP requests using different implementations for different platforms behind

98
00:08:04,050 --> 00:08:12,120
a platform independent interface JavaScript interpretor that's used to parse and execute JavaScript

99
00:08:12,120 --> 00:08:12,510
code.

100
00:08:13,110 --> 00:08:13,980
And guess what?

101
00:08:13,980 --> 00:08:16,650
Each browser has its own JavaScript interpreter.

102
00:08:17,280 --> 00:08:19,710
For example, Firefox uses Spider Monkey.

103
00:08:20,550 --> 00:08:27,720
What about the UI back end used for drawing basic widgets like combo boxes and windows?

104
00:08:28,680 --> 00:08:36,120
Data storage, this is a persistent layer, so the browser may need to save all sorts of data locally.

105
00:08:36,900 --> 00:08:44,310
For instance, cookies and browsers also support storage mechanisms such as local storage index, DB,

106
00:08:44,310 --> 00:08:46,520
Web ESKIL and filesystem.

107
00:08:47,280 --> 00:08:51,630
We're going to get into some of the local storage attacks later in some of the other sections.

108
00:08:52,030 --> 00:09:01,320
OK, so it's important to choose the right browser for you while we test due to the different rendering

109
00:09:01,320 --> 00:09:09,300
engines, each browser can sometimes treat HTML success and just codes in different ways.

110
00:09:09,300 --> 00:09:14,790
So that's why it's important to figure that out is can affect obviously accomplishing some of the web

111
00:09:14,790 --> 00:09:15,330
attacks.

112
00:09:15,790 --> 00:09:22,440
So this point, I want to emphasize that it's always good to know which Web browser is, well, the

113
00:09:22,440 --> 00:09:27,430
most widely used in whatever the target users environment is.

114
00:09:27,810 --> 00:09:34,350
I remember several times and some of my customers use a much older browser versions due to some compatibility

115
00:09:34,350 --> 00:09:34,810
reasons.

116
00:09:35,040 --> 00:09:41,080
So that means that if I test this application with a newer Web browser, I might get different results.

117
00:09:41,190 --> 00:09:41,570
Right.

118
00:09:41,580 --> 00:09:47,140
And I won't be able to accomplish some of the attacks that I wanted to purvey.