Intro Webapp

From pentestwiki.org

HTTP Protocol

Proxy request:

CONNECT www.example.com:443 HTTP/1.1

Proxy request with authentication:

CONNECT server.example.com:80 HTTP/1.1 
Host: server.example.com:80 
Proxy-Authorization: basic aGVsbG86d29ybGQ=

Check open proxy request:

$echo -ne "CONNECT http://google.com HTTP/1.1\r\nHost: google.com\r\n\r\n" | nc $IP 8080


Fuzzing

wfuzz: Web application fuzzer. Wfuzz has been created to facilitate the task in web applications assessments and it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload.

$pip install wfuzz


$wfuzz -w wordlist/general/common.txt --hc 404 http://$DOMAIN/FUZZ


$wfpayload -z range,0-10


$wfencode -e md5 test


Fuzz HTTP methods:

$wfuzz -z list,GET-HEAD-POST-TRACE-OPTIONS -X FUZZ http://testphp.vulnweb.com/


Through a proxy:

$wfuzz -z file,wordlist/general/common.txt -p localhost:8080 http://$DOMAIN/FUZZ


Brute-force usernames in Wordpress:

$wfuzz -c -z file,fsoc.dic — hs Invalid -d “log=FUZZ&pwd=aaaaa” http://$DOMAIN/wp-login.php


References:


JWT

JWT types: JWS (Signature) and JWE (Encryption)

  • Unsecure JWS: Check if alg:none