HTTP Protocol
Proxy request:
CONNECT www.example.com:443 HTTP/1.1
Proxy request with authentication:
CONNECT server.example.com:80 HTTP/1.1
Host: server.example.com:80
Proxy-Authorization: basic aGVsbG86d29ybGQ=
Check open proxy request:
echo -ne "CONNECT http://$DOMAIN HTTP/1.1\r\nHost: $DOMAIN\r\n\r\n" | nc $IP 8080
Fuzzing websites and HTTP protocol
wfuzz: Web application fuzzer. Wfuzz has been created to facilitate the task in web applications assessments and it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload.
https://github.com/xmendez/wfuzz
pip install wfuzz
wfuzz -w wordlist/general/common.txt --hc 404 http://$DOMAIN/FUZZ
wfpayload -z range,0-10
wfencode -e md5 test
Fuzz HTTP methods:
wfuzz -z list,GET-HEAD-POST-TRACE-OPTIONS -X FUZZ http://$DOMAIN/
Through a proxy:
wfuzz -z file,wordlist/general/common.txt -p localhost:8080 http://$DOMAIN/FUZZ
More tools using a proxy: https://pentestwiki.org/webpentest-through-socks-proxy/
Brute-force usernames in WordPress:
wfuzz -c -z file,fsoc.dic — hs Invalid -d “log=FUZZ&pwd=aaaaa” http://$DOMAIN/wp-login.php
References:
- https://wfuzz.readthedocs.io/en/latest/
- https://securitybytes.io/wfuzz-using-the-web-brute-forcer-1bf8890db2f
JWT
JWT types:
- JWS (Signature)
- JWE (Encryption)
Debugging payloads:
- https://jwt.io/ Auth0 JSON Web Tokens (JWT) debugger (encoder/decoder)
- Unsecure JWS: Check if alg:none
SAML
- https://www.samltool.com/online_tools.php OneLogin SAML debugging
MIME types
A media type (also known as a Multipurpose Internet Mail Extensions or MIME type) is a standard that indicates the nature and format of a document, file, or assortment of bytes. It is defined and standardized in IETF’s RFC 6838.
Most common MIME types:
- text/plain
- text/html
- text/css
- text/javascript
- application/octet-stream
- image/png
- image/webp
- multipart/form-data
Interesting MIME types:
- application/dime: Direct Internet Message Encapsulation: Sending binary data with SOAP messages
- application/x-thrift or application/vnd.apache.thrift.binary: Used to serialize binary data being sent to an API
- application/x-protobuf: Used to serialize binary data being sent to an API
- application/wasm: WebAssembly streaming compilation
More on MIME types here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types