In this short tutorial, we will see how to use WebScarab
[Reference 1] to easily and transparently intercept web traffic.
This is one of the basic step in web application hacking
and analysis of web security. Even casual hackers can use it to see
what goes behind the screen while you browse particular website.
WebScarab is a framework for analysing web applications by operating
as intercepting proxy, allowing the user to review and modify HTTP
requests created by the browser before they are sent to the server,
and to review and modify responses returned from the server before
they are received by the browser. WebScarab is able to intercept
both HTTP and HTTPS communication. This makes it one of the powerful
tool when it comes to web application security.
Here we will
see how to setup WebScarab and then use it to intercept & analyze
web traffic.
Setting up
WebScarab
Before we proceed with actual game, you need to download and install
the WebScarab [Reference 1]. After you have installed the setup you will
first have to setup your browser so that WebScarab can act as proxy
server.
I am taking the example of Firefox here but similar steps
will apply to other web browsers also.
Here are the steps
Go to options => Advanced -> Network -> Settings. You will
see the dialog as shown in the above screenshot.
Then select the Manual Proxy configuration
Now enter the following values.
HTTP proxy - 127.0.0.1 and port - 8008
This sets the WebScarab to intercept any web request by acting as a
local proxy.
Intercepting
Web Traffic
Now time for real game, start your WebScarab &
you will see the screen as shown below.
In the intercept tab, select "Intercept request" and in the left
hand side menu select "Get" and "Post"
options. WebScarab is now completely
ready to intercept the HTTP Get and post requests.
Next, launch
your browser & type any URL for example, http://google.com.
You will see a
window in WebScarab that will show the intercepted HTTP Get request as
shown below. At this point
you can also click on the "Intercept Response" button so that it can
also intercept the response that is coming back from the Google web
server.
That is how simple it is. You can use
this technique to analyze any web request and response going in and out
of your browser.
But the real power of WebScarab lies in
manipulating these request and responses on the fly. Let me tell you this
can be very very deadly. If you are able to make the right moves and
changes in the HTTP request headers then you can easily modify the
headers to send invalid values to the servers. This is very useful in
web application penetration testing.
At the end, you can
click on the "Summary" tab in the main window of the
WebScarab which shows complete details of all the intercepted requests
and response as shown in the screen below.
Conclusion
In this startup guide, you have seen how to use WebScarab to intercept
the HTTP traffic and analyse them. Rest is upto you how far you can take
it.
