How to Attack Session Management and Web Technologies
- Ethical Hacking
- Project length: 1h 58m
In this project we will learn that what are the basics of Web Technologies because before attacking a Webapplication you should have the knowledge of basics that how the request works what are those 200 OK Status codes means etc. Many people doesn't have the knowledge of HTTP Protocols and how it works as well. So we will cover all the basics in this project. After that we will move ahead to Attacking Session Management Issues as well and we will learn that how a application manages a session and how you can look for some loopholes in that.
This tutorial will cover all the details (resources, tools, languages etc) that are necessary to learn basics of web technologies protocols and how the application responds to a request, which headers are included and for which purpose. After that we will learn that what are some issue in the session managements of a website.
What are the requirements?
- Basics knowledge of Burp Suite and its modules
- Basics Knowledge about websites like how to submit a request
- And the most important is: desire to learn
What is the target audience?
- Those who want to start a career in Bug Bounties.
- Learners who want to enhance their knowledge
- Anyone who is interested in learning a new hobby
Session 1: Installing bWAPP
In this session are going to setup bWAPP as our testing environment as bWAPP has some vulnerabilities which we are going to describe in this project
Session 2: Installing DVWA
In this session, we will go ahead with DVWA installation as it has some good vulnerabilities like weak session id etc.
Session 3: What is Request and Response
In this session, we are going to cover some of the basics of the Web apps like what is request and response and what is the work on headers in request and response.
Session 4: HTTP methods
In this session, we are going to learn about different type of HTTP methods, why they are used and the difference between GET and POST in a detailed manner.
Session 5: HTTP Status Codes
In this session, we are going to learn about different type of status codes
Session 6: What are cookie
In this session, we will learn that what is cookies, why they are being used and different attributes that are being used in a cookie.
Session 7: Attacking Session Management
After covering all the basics we will move ahead and learn about attacking session management.
Sesion 7: Attacking Session Management Continued
In this session, we will cover some other methods which you can use to find bugs or flaws in the session management.
Session 7: Attacking Session Management Continued
In this session, we will learn some other techniques of attacking session management and we will wrap up this project as well.