HTTP Protocol & Common Web Security Vulnerabilities

<h5><center>The Islamic University of Gaza<br>Engineering Faculty<br>Department of Computer Engineering</center></h5> <h1 style='border: none'><center>HTTP Protocol & Common Web Security Vulnerabilities</center></h1> <h6>Author: Mohammad M. owda</h6> ### **Introduction** In this lab, we will talk about networks a little then we will jump to HTTP protocol as it’s the most familiar protocol we use, then we will talk about common security vulnerabilities in websites. ---- ### Some basic Cool commands All of us played PUBG or CS 1.6, and even if you suck and you were aiming at the sky you claim that it was a headshot but you have high PING, how could you check your PING? - PING command ![](https://i.imgur.com/y1mgufz.png) *Could I trace my packet?* Yes, you can, not like 100% sure that every computer in the network will tell you “YES HERE I AM”, you will just send a message using the ICMP to ask politliy every point to send you if it fails to send your message (And you will give your message 1 hope to fail, the router will receive it and decrement it, then your router will tell you I can’t send the message), if we repeat this message say from 1 to 30, every router in the route will fail once and tell us that it fails to send the message (If the router want to send you this), now enough theoretical stuff, if you want to trace the route from your computer to some ip destination, you will find a tool for this task in every operating system, for example in windows you will find “tracert”, and in Linux you will find “traceroute”, these programs have a lot of options, but for a simple use you can just run it and give it an ip or a domain. - Tracert command ![](https://i.imgur.com/tLN0yiG.png) The netstat (Network Statistics) tool displays statistics for all network connections. When using the netstat tool, you can list active network connections and listening ports. You can view network adapter and protocols statistics. You can even display the current routing table and much more. - netstat command ![](https://i.imgur.com/twMfCYS.png) arp (Address Resolution Protocol) table, which stores IP to Media Access Control (MAC) entries that the system has resolved. The arp tool lets you view the entire table, modify the entries, and use it to determine a remote computer's MAC address. Usually, you do not need to worry about MAC addresses, but there are scenarios when this information may come in handy. For example, when troubleshooting network problems at the data link layer (switching), or when restricting access or filtering content through the network for specific devices. - ARP command ![](https://i.imgur.com/fTgwoIU.png) --- ### HTTP Protocol The HTTP protocol is an application protocol that is packed inside a TCP protocol, the HTTP protocol itself is text-based protocol, so everything in this protocol is just a character, for example the length of the response is just written as a string (e.g. “232”), and you need to parse that string to integer (unlike other protocols that send the stuff as regular data types e.g. a 4 bytes integer for content length). As this is not a networking class, what I need you to understand is that everything inside this protocol is just a text (Ah not that accurate), and the main two parts in this protocol is the headers, and the body of each request or response, another thing that I do want you to understand is how we send data inside the request, there’s a lot of method for sending data, but for now I just want you to understand POST, and GET, ooh and Cookies. --- ### Common Web Security Vulnerabilities In this part of this section, we will talk about common web security vulnerabilities, according to Wikipedia the most common web vulnerable is XSS, then followed by SQL Injection, so in this section, we will talk about these vulnerable, but I will assume that you know a little about HTML, and about Databases. After that, we will talk about stupid mistakes that web developer usually forget about, so if you’re a web developer you should gain a lot of knowledge about how to protect your application. #### Cross-site scripting (XSS) In a short description, if you have a blog that allows users to post stuff (e.g. comments), and you didn’t validate if this user added some HTML in his comment, all the users who view this comment will have this custom new HTML parsed in your browser. Now imagine if this code contains some Javascript code (will be executed by the browser), will allow the hacker to steal anything you wrote in this site (or your session and cookies). #### SQL Injection Now in SQL Injection it’s the same way, the problem is that you don’t validate the data you receive from the user, but this time his code will be executed by your DBMS (Database Management System), now imagine if you do this in PHP (A scriptable language that isn’t a strong typed): ``` $id = $_GET['id']; $query = mysqli::query ("select * from posts where id = " . $id); ``` This code will get the id of the post from the user (as a GET variable), but the problem here that you didn’t verify if this id, for example, is just an integer, so basically a hacker could write a string to id and this variable will be concatenated with your SQL query! Now imagine if your posts table has 3 columns (id, title, post), and you display the title of the first post you find, the user could do a union select to select data from other tables and get for example the administrators password, for example: ``` $id = "-1 union select 1,2,3 from admins"; ``` This will make your final SQL query like this: ``` "select * from posts where id = -1 union select 1,2,3 from admins" ``` #### Weak Validation: All the security vulnerabilities occur because of your weak validation, from buffer overflow to a simple voting system. ---- #### **Lab Task** In this task, you should try to hack this custom made server (There’s a lot of errors in it ), the first thing you should do is hacking the login page, then you should try to XSS this site using the comments section, this will give you a key, you should send it to me if you want to get this task mark. *https://tech.io/playgrounds/58859/iug-ecom-5401-lab-02* **note:** you could try to hack my generated key if you want (I will give you a bonus, also its a bit differant than the last year one 😉). Please submit this to my email address: mohammad.owda.98@gmail.com ##### This lab text is heavily adapted from **[Mohammed Nafiz ALMadhoun](https://www.facebook.com/moh97)** ❤