[ Webgoat - 1 ] HTTP Proxies

# [ Webgoat - 1 ] HTTP Proxies ## 題目 : ![](https://i.imgur.com/rvlXIgE.png) - Use the intercept To intercept a request, you start by clicking the green button. This will set a break point for the next request. ![](https://i.imgur.com/qlGinog.png) Set break/intercept button NOTE: It is also possible set breakpoints that are triggered on conditions. That won’t be covered in this lesson though. You are encouraged to explore. That’s part of what hackers do … explore! Once you are intercepting requests and a request is made, it should look something like this: ![](https://i.imgur.com/zgRkHIp.png) ZAP history tab Intercept and modify a request Set up the intercept as noted above and then submit the form/request below by clicking the submit button. When you request is intercepted (hits the breakpoint), modify it as follows. ***Change the Method to GET*** ***Add a header 'x-request-intercepted:true'*** ***Change the input value 'changeMe' to 'Requests are tampered easily' (without the single quotes)*** Then let the request continue through (by hitting the play button). Note The two play buttons behave a little differently, but we’ll let you tinker and figure that out for yourself. ![](https://i.imgur.com/5eHGIS7.png) ## 解題 : 這題是要我們使用工具來攔截並修改封包，之前資安課期末CTF有用過 burp suite 來解過修改封包的題目，雖然 Webgoat 是以 ZAP 來解題，但是我覺得 burp suite 介面較清楚，且功能較多。 ### 使用工具 brup suite ![](https://i.imgur.com/dX9yO0d.png) 首先，我們會使用到 proxy 的功能，就要知道proxy是怎樣運作的。 ![](https://i.imgur.com/TEOZi0i.png) 用Proxy的話就代表你的所有流量在到達Server都會先被Proxy所接收，也就是說，如果你的流量是沒有加密的話，所有流經Proxy的流量都有可能會被攔截及竊取，也可能在被竄改後才再送到Server去。 ----- 這次我們要練習的則是以工具burp suite 來模擬出Proxy，並且來練習竄改Client送到Server的Request。 ### brup suite proxy 功能 ![](https://i.imgur.com/6zkTaf2.png) **Open Brower** : 一個能用proxy攔截並修改封包瀏覽器 **Intercept is off/on** : 攔截封包(關/開) **Forward** : 讓目前被攔截「這一個」的請求通過 **Drop** : 丟棄目前被攔截的「這一個」請求更詳細用法 : https://hackercat.org/burp-suite-tutorial/burp-suite-http-intercept-and-proxy #### 封包 : 此處重點為 POST 改 GET 必須把參數的給法要改成加在網址後面並將「x-request-intercepted:true」到Header中 ![](https://i.imgur.com/gwoEMAf.png) ``` GET /WebGoat/HttpProxies/intercept-request?changeMe=Requests+are+tampered+easily HTTP/1.1 Host: localhost:8080 Content-Length: 30 sec-ch-ua: "(Not(A:Brand";v="8", "Chromium";v="98" Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest x-request-intercepted:true sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.82 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: http://localhost:8080 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: http://localhost:8080/WebGoat/start.mvc Accept-Encoding: gzip, deflate Accept-Language: zh-TW,zh;q=0.9,en-US;q=0.8,en;q=0.7 Cookie: JSESSIONID=D6778C32EE191624DA1E30549CBB94C5 Connection: close ``` ###### tags: `webgoat` `HTTP Proxies` `CTF`