Section 7: Intercepting HTTP Requests
7.1 HTTP Proxy Anatomy
Being the proxy is one of the most useful tools in web app security testing. You will learn how it works, why they are used, and finally, the different types of HTTP proxies available.
Introduction to HTTP proxies
Learn why proxies are used/needed
Note: the different types of HTTP proxies.
7.2 Introduction to mitmproxy
In this, we will introduce mitmproxy and explain why it was chosen to learn about HTTP proxy in Python.
Introduction to mitmproxy
Basic HTTP proxying with mitmproxy
Brief introduction to inline scripts.
Brief introduction to inline scripts.
7.3 Manipulating HTTP Request
The main functionality of an HTTP proxy is to intercept and manipulate traffic. In this video, we will note how to do this in mitmproxy.
Introduction to mitmproxy handlers
Write an inline script to log all the requests to a file
Write an inline script to log all the requests to a file
Write an inline script to modify all the requests that have query parameters.
7.4 Automating SQLi in mitmproxy
In the previous, we saw how mitmproxy works and how to manipulate the HTTP communication. Now, let’s take a look at how can we put together what we discussed before about SQLi in order to scan for SQLi issues while we browse.
Review the process needed to check for SQLi in mitmproxy
Review the process needed to check for SQLi in mitmproxy
Write an inline script that will search for SQLi in mitmproxy
Test the script against our vulnerable app.
7.5 Wrapping Up
In this, we’ll look at wrapping up the course.
Review what you have learned
Provide guidance on resources to continue learning Web app security
Share some final words.
Review what you have learned
Provide guidance on resources to continue learning Web app security
Share some final words.
0 Comments