Tuesday, June 9, 2020

How to check Methods in web Application vulnerability Assesment

Hi Friends  today I will explain you about how to check the Methods while performing the Web Application vulnerability Assessment using Burp Suite.



1) First setup proxy to your Browser and connect with burp.

2) Now intercept the request of your URL.

3) Send that Request to Repeater.

4) Now you have to Replace all the Methods that are available and check the response if you are getting 200 ok as response code then it means the server accepted if not rejected.


The Methods that should not be allowed or disabled in the Application are following.


1)PUT

2)DELETE

3)CONNECT

4)TRACE

If any of the above methods are enabled then it might be vulnerable.


If you want to know what all methods are enabled then you need to check with  OPTIONS  method that it will list all the methods that are enabled in the web server.


How to check the Arbitrary HTTP Methods:


use HEAD, JEFF and CATS sometimes it would be treated as a GET request if these methods are allowed then it is Vulnerable.

I hope this will be very useful to you Thankyou.  If you have any doubt you can comment me there I will reply you.

2 comments:


  1. This professional hacker is absolutely reliable and I strongly recommend him for any type of hack you require. I know this because I have hired him severally for various hacks and he has never disappointed me nor any of my friends who have hired him too, he can help you with any of the following hacks:

    -Phone hacks (remotely)
    -Credit repair
    -Bitcoin recovery (any cryptocurrency)
    -Make money from home (USA only)
    -Social media hacks
    -Website hacks
    -Erase criminal records (USA & Canada only)
    -Grade change

    Email: cybergoldenhacker at gmail dot com



    ReplyDelete
  2. CONTACT: onlineghosthacker247 @gmail. com
    -Find Out If Your Husband/Wife or Boyfriend/Girlfriend Is Cheating On You
    -Let them Help You Hack Any Website Or Database
    -Hack Into Any University Portal; To Change Your Grades Or Upgrade Any Personal Information/Examination Questions
    -Hack Email; Mobile Phones; Whatsapp; Text Messages; Call Logs; Facebook And Other Social Media Accounts
    -And All Related Services
    - let them help you in recovery any lost fund scam from you
    onlineghosthacker Will Get The Job Done For You
    onlineghosthacker247 @gmail. com
    TESTED AND TRUSTED!

    ReplyDelete

Top 10 Free AI Tools in 2024: Boost Your Productivity and Creativity

In today's rapidly evolving digital landscape, artificial intelligence (AI) has become an indispensable asset for professionals, creativ...