▒█████ █████▒ █████▒ ██████ ▓█████ ▄████▄ ██▒ █▓ ▄▄▄ █ ██ ██▓ ▄▄▄█████▓ ▒██▒ ██▒▓██ ▒▓██ ▒▒██ ▒ ▓█ ▀ ▒██▀ ▀█▓██░ █▒▒████▄ ██ ▓██▒▓██▒ ▓ ██▒ ▓▒ ▒██░ ██▒▒████ ░▒████ ░░ ▓██▄ ▒███ ▒▓█ ▄▓██ █▒░▒██ ▀█▄ ▓██ ▒██░▒██░ ▒ ▓██░ ▒░ ▒██ ██░░▓█▒ ░░▓█▒ ░ ▒ ██▒▒▓█ ▄ ▒▓▓▄ ▄██▒▒██ █░░░██▄▄▄▄██ ▓▓█ ░██░▒██░ ░ ▓██▓ ░ ░ ████▓▒░░▒█░ ░▒█░ ▒██████▒▒░▒████▒▒ ▓███▀ ░ ▒▀█░ ▓█ ▓██▒▒▒█████▓ ░██████▒▒██▒ ░ ░ ▒░▒░▒░ ▒ ░ ▒ ░ ▒ ▒▓▒ ▒ ░░░ ▒░ ░░ ░▒ ▒ ░ ░ ▐░ ▒▒ ▓▒█░░▒▓▒ ▒ ▒ ░ ▒░▓ ░▒ ░░ ░ ▒ ▒░ ░ ░ ░ ░▒ ░ ░ ░ ░ ░ ░ ▒ ░ ░░ ▒ ▒▒ ░░░▒░ ░ ░ ░ ░ ▒ ░ ░ ░ ░ ░ ▒ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░░ ░ ▒ ░░░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░░ ░ ░ ░ ░ ░ ░ ░ ░ ░
OFFENSIVE | DEFENSIVE | CTF | TOOLS | ABOUT

02.introduction

For HTTP 1.0 and HTTP 1.1, the key value (Connection: Keep-Alive) can be used to keep the connection alive for some specific time. Meaning that all request will be sent using the same connection. > common response codes: 200 OK, 301 Moved Permanently , 302 Found RFC9110 RFC2978 ASCII CODE UNICODE CHARSET -- unicode implementation, UTF-8 | UTF-16 | UTF-32 == UTF means "Unicode Transformation Format" the number means the amount of bits used to represent code points. if the HTML encoding is not defined, it will use the default one, "ISO-8859-1: 8-bit single-byte coded graphic characters sets" URL encoding reference: w3schools URL ref **** one of the most important and critical point of web application security is SAME ORIGIN POLICY this policy prevents a script or document from getting or setting properties of another document that comes from a different origin. ...ORIGIN DEFINITION it prevents javascript running on a given origin, interacting with a document from a different origin. ---> primary goal, "isolate requests coming from different origins" MAIN RULE: a document (could be an "HTML page, an iFrame embedded or a response to an AJAX request") can be accessed via (javascript) the properties of another document only if they have the same origin !!! the browser will perform the request but the results will be presented only if the SOP is respected. >>...> PROTOCOL - HOST - PORT sample: http://www.elswapt.site -site: it is the top-level domain (TLD) -elswapt: is the second level domain (SLD) -www: is the third level domain and so on.... internet explorer works differently about the SOP policy, it has two exceptions: -port: does not consider the port as a SAME ORIGIN component. -trust zone: same origin is not applied to domains that are in "highly trusted zone" (sample, corporate domains...) exceptions to SOP restrictions: -> window.location = can be used to get the current page address (URL) and to redirect the browser to a new page. -> document.domain = the property describe the domain portion of the current document. -> cross window messaging -> cross origin resource sharing (CORS) ...> a document can always update the location property of another document if they have some relationship... typical relationships: 1. document embedded via an iFrame element 2. one document is opened by other via the "window.open" DOM API NOTE: when a cookie does not contain a domain value, it is assumed that the host-only flag is set to true. A cookie with the host-only flag value will be sent only to the target domain that set it. >> SESSIONS are simple mechanism that allows websites to store variables specific for a given visit on the server side. each user session is identified by a either a session id or token, which the server assigns to the client. COOKIES ==> stored at client side. SESSION ==> stored at server side. session will expire as soon as the connection is dropped. it works by session tokens or IDs. this sessionID is assigned by the server for future refs. each development language has its own parameter name, sample: PHP -> PHPSESSID | JSP -> JSESSIONID & more. it can be customized as well. session cookie can be stored in the .jar file or it can be sent via the GET method appended to the requesting URL. sample: https://www.test.com/resource.php?sessid=W34ftn6yOc ...> firebug extension