From the course: Ethical Hacking: Session Hijacking
Unlock the full course today
Join today to access over 22,500 courses taught by industry experts or purchase this course individually.
Using Webscarab-NG as a web proxy - Linux Tutorial
From the course: Ethical Hacking: Session Hijacking
Using Webscarab-NG as a web proxy
- [Narrator] When testing internet sites for security vulnerabilities, it's useful to be able to act as a man in the middle. Many web testing tools provide this functionality in the form of a web proxy. WebScarab is the OWASP tool used for web proxying. As shown here on the OWASP site, WebScarab is a Java tool, so using it requires having Java installed on your computer. Web proxies are application-level devices and are often used in corporate environments to provide a point of monitoring and security enforcement. WebScarab comes preloaded in the Web Application Analysis menu in Kali. I'll click on it and shortly the WebScarab interface will appear. I'll click on the Proxy tab and the Listeners tab, and we can see that WebScarab is listening on ports 8008. I'll go back to the Summary page. I'll start Firefox and change its configuration to route through the proxy. I do this through Preferences, Advanced, Network, Settings, and Manual system proxy configuration, which I'll set to…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
Understanding web sessions4m 8s
-
Understanding WebSockets2m 41s
-
Banking on Zero1m 10s
-
Hijacking sessions using man-in-the-browser4m 32s
-
Intercepting sessions through man-in-the-middle4m 17s
-
Stripping SSL to downgrade the session1m 54s
-
Hijacking an HTTP session through cookies3m 20s
-
Using Subterfuge to hijack sessions through ARP poisoning7m 8s
-
Using Webscarab-NG as a web proxy3m 14s
-
Defeating the Hijack3m 6s
-
-
-
-
-