Tag: http

Penetration Testing

Intercept, Inspect, Modify and Replay HTTP traffic

mitmproxy is an interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers. mitmproxy allows HTTP traffic flows to be intercepted, inspected, modified and replayed. Installation To get started hacking on mitmproxy, make sure you have Python 2.7.x with virtualenv installed (you can find installation instructions for virtualenv here). Then do the following: git …

C#

How to make a Http Web Request properly using C#

//.. private HttpWebRequest _httpwebrequest; //..//.. private HttpWebRequest _httpwebrequest; //.. private void button1_Click(object sender, EventArgs e) { Thread t = new Thread(new ThreadStart(Test)); t.IsBackground = true; t.Start(); }private void button1_Click(object sender, EventArgs e) { Thread t = new Thread(new ThreadStart(Test)); t.IsBackground = true; t.Start(); } public void Test() { Dictionary<String, String> dict = new Dictionary<String, String>(); …

C++

HTTP POST and GET Requests with WinInet and C++

InternetOpenA InternetConnectA HttpOpenRequestA HttpSendRequestA InternetCloseHandle Method to make POST or GET requests: void Request(int Method, LPCSTR Host, LPCSTR url, LPCSTR header, LPSTR data) { try{ //Retrieve default http user agent char httpUseragent[512]; DWORD szhttpUserAgent = sizeof(httpUseragent); ObtainUserAgentString( 0, httpUseragent, &szhttpUserAgent );   char m[5];   if(Method == GET) strcpy(m, "GET"); else strcpy(m, "POST");   //http://msdn.microsoft.com/en-us/library/windows/desktop/aa385096%28v=vs.85%29.aspx …

C++

Retrieve the User-Agent HTTP

ObtainUserAgentString retrieves the User-Agent HTTP request header string that is currently being used. //.. #pragma comment (lib, "urlmon.lib") //.. char httpUseragent[512]; DWORD szhttpUserAgent = sizeof(httpUseragent); ObtainUserAgentString( 0, httpUseragent, &szhttpUserAgent ); printf("%sn", httpUseragent); //..//.. #pragma comment (lib, "urlmon.lib") //.. char httpUseragent[512]; DWORD szhttpUserAgent = sizeof(httpUseragent); ObtainUserAgentString( 0, httpUseragent, &szhttpUserAgent ); printf("%sn", httpUseragent); //..

Python

HTTP basic authentication with Python

import urllib2, base64, sys   username = "user_name" password = "pass_word"   http_request = urllib2.Request("http://mywebsite.com/") base64string = base64.encodestring(’%s:%s’ % (username, password)).replace(’n’, ”) http_request.add_header("Authorization", "Basic %s" % base64string)   try: result = urllib2.urlopen(http_request) if(result): print "i am in" else: print "username or password is wrong" except IOError, e: print "username or password is wrong" sys.exit(1)import urllib2, …

Sniffing, Wireshark

Capturing HTTP traffic using Wireshark

1. First of all download and install Wireshark from here. 2. Run Wireshark as administrator or root. 3. Select from the menu Capture > Interfaces. 4. Choose your interface and click options. 5. In the capture filter textbox type: tcp port http. 6. Select a file to save the traffic by clicking the browse button. …

C#, Microsoft Windows

Get HTTP headers with C#

If you would like to get HTTP headers in C#, you can do it with a few lines of code! 1 2 3 4 5 6 7 8 9 String url = "http://www.site.com";   WebRequest webrequest = HttpWebRequest.Create(url); WebResponse webresponse = webrequest.GetResponse();   foreach (String key in webresponse.Headers) Console.WriteLine("{0}: {1}", key, webresponse.Headers[key]);   webresponse.Close();String url …

Linux, Netcat, Tools

Banner grabbing with netcat!

To gather more information about a service running on a system’s open port we are going to use a known technique, known as banner grabbing and netcat network tool.  nc -nvv x.x.x.x 80 -n        Suppress name/port resolutions -v        Verbose You will get an answer like this: Connection to 85.25.132.39 80 port [tcp/*] succeeded! …