30 Days of Security Testing – Day Eight

The challenge for Day Eight is – Use a proxy tool to observe web traffic in a web or mobile application.

For this challenge I could look back at using Burp Suite as that has a Proxy function, but another couple I’ve used are Fiddler and Charles Proxy.

I’m more familiar with Charles and have used it on various test cycles in uTest where they give a pretty decent tutorial on how to set up the service and record logs.

A proxy allows you to view and record the requests between a users’ browser and the web application server.

It can highlight GET, POST and other useful information that identifies how the application works, and how data is sent/stored.

As demonstrated with Burp, it is possible to intercept and modify requests between a client and a server.  This makes it possible to do some pretty hairy stuff such as changing quantities in orders, or to copy a user’s cookie and impersonate them at a later stage.

 


 

Thanks for reading my post and following my progress through the 30 Days of Security Testing.

For more on Security Testing please visit here  or any of my other ramblings visit here

Feel like joining in? Sign into the WeTest Slack group and get involved!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: