Hack Web Applications by Intercepting HTTP request/response using WebScarab

Hello Friends,

Today we will understand how we can intercept the HTTP request we send to a website and how we can analyse the response header.For this purpose we will use WebScarab which you can download by searching it on google.

After you have installed the setup you will first have to set your browser so that WebScarab can intercept the request and response.
I am taking the example of Firefox here. Go to options > Advanced > Network > Settings > Then select the Manual Proxy configuration and enter the following values.
HTTP proxy – 127.0.0.1 and port – 8008
This sets the webscarab to intercept the request by acting as a localhost proxy .

Now you start your webScarab by clicking on the icon.
The screen will appear wired and somthing like as shown in the figure. Click on the figure to enlarge it .
In the intercept tab , select “Intercept request” and in the left hand side menu select “Get” and “Post” options .
This makes your webScarab completely ready to intercept the HTTP Get and post requests .Now in your browser type any url , for e.g , google.com and you will get a window that will show the intercepted HTTP Get request. Now if you click on the “Intercept Response” button then it will also intercept the response that is coming back to the browser from the google server.

You can use this technique to analyse the the various request and response headers and let me tell you this can be very very deadly . If you are able to make the right moves and changes in the Headers then you can easily modify the headers to send invalid valuse to the servers .
In the main window of the webScarab , the “Summary” tab shows you the details of all the intercepted requests and response.This is a short tutorial on webScarab that will give you a basic understanding of how to use webscarab to intercept the HTTP values and analyse them > Rest is upto you how far you can take it .

Some Linux Commands

Date and time

  • date (show system date)
  • cal 9 1751( show calendar)
  • date mmddhhmmssyy ( set date & time)
  • date 12051145302008

Find

  • find / -name sam.txt (find a file)
  • find / -iname sam.txt (search with capital & small)
  • find / -size 1 mb (find files with 1 mb size)
  • find / -size +1mb (find files > then 1 mb)
  • find / -size -1 mb (find files <then 1 mb)
  • find / -usr marc (find  user marc,s files )
  • find / home –user marc (find user march in home )
  • stat /data/sam.txt (displays file properties)
  • touch /data/sam.txt (update the time)
  • touch logitech
  • find / -atime +10
  • find / – atime -10
  • find / -mtime +10
  • find / -mtime -10
  • find / -name india.txt –not –user mann
  • find / -name kashmir.txt –not user root
  • find / -name india.txt –not –size -10mb
  • find / -name india.txt –and –user mann –not –size +10mb

Linux – File And directories

  • rm abc  (can remove a file)
  • mkdir abc (create a directory)
  • rmdir abc (remove an empty directory)
  • rm –r abc (delete directory recursively)
  • mkdir /data (create a directory)
  • mkdir /data/abc (create sub directory)
  • pwd (print working directory)
  • cd /data ( change the directory)
  • cd (change to home directory)
  • cd / (change to / directory)
  • cd .. (come back one directory)
  • cd – ( back to previous directory)
  • tree /root ( to display directory structure)
  • rm –rf  abc ( to delete a directory forcefully & recursively)
  • ls (list of files and folders in current directory)
  • ls –l (long listing of files & folders)
  • ls –a (list all with hidden files & folders)
  • ls /  (list files & folders )
  • ls /abc/xyz (will list subdirectories)
  • cp –rvf /abc/xyz  (copy recursively)
  • ls *.txt (list .txt files)
  • history (displays last inserted commands)
  • !10 (run number 10th command)
  • !cal (run last command started with cal)
  • history –c (Clear all history)
  • man/info date (manual files)
  • makewhatis (creates what is database)
  • whatis cal (displays use of cal command)
  • cal > abc ( send output of cal  to file abc)
  • date >> abc (append to abc file)
  • more sales.txt (displays page contents page wise)
  • history | more (displays history page wise)
  • history | less (———— can up and down)
  • history | tail -20 ( displays last 20 inserted lines)
  • History > history.txt (send history to a file)
  • tr ‘a-d ‘ ‘A-D’ < sam.txt ( display small to capital)
  • tr ‘A-D ‘a-d’ < sam.txt (displays capital to small)