HTTP/S (Hypertext Transfer Protocol / Secure) #
At a Glance #
Default Ports
- HTTP: 80
- HTTPS (HTTP over TLS or SSL): 443
HTTP is an application-level protocol for distributed hypermedia information systems. It is the standard protocol that defines how messages are formatted and sent across the web.
HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, Secure Sockets Layer (SSL). Therefore, the protocol is also referred to as HTTP over TLS or HTTP over SSL.
Banner Grabbing #
HTTP
Netcat #
nc example.com 80
HTTPS
openssl 1 #
openssl s_client -connect example.com:443
Parameters
s_client: SSL/TLS client program.
Directory Enumeration #
Enumerate files and directories. Look for unlinked content, temporary directories, and backups. Widely used tools include dirbuster, gobuster, dirb, and Burp Suite.
Wordlists #
Included in Kali’s wordlists package
under /usr/share/wordlists.
/dirbuster/directory-list-2.3-medium.txt( 1.9M - 220560 lines )/dirbuster/directory-list-2.3-small.txt( 709K - 87664 lines )/dirb/common.txt( 36K - 4614 lines )/dirb/big.txt( 180K - 20469 lines )
Other lists.
- Jhaddix’s
content_discovery_all.txt( 5.9M - 373535 lines ) - Daniel Miessler’s Web Content Discovery.
Note: For more wordlists refer to Wordlists and Wordlist Generaion.
gobuster 2 #
gobuster dir -t 30 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u https://10.0.0.3/
Parameters
dir: directory brute-forcing mode.-t <n>: number of concurrent threads (default 10).-w <wordlist>: path to the wordlist.-u <URL>: target URL.
Note:
- Iterate over the results.
- Include status code 403 (Forbidden Error) and brutefoce these directories.
- Add more file extensions to search for; In
gobuster:-x sh,pl.
Source Code #
Inspect #
It is a good habit to take a quick look at the pages' source code, scripts, and console outputs.
To active View Source, context-click on the page and select View Page Source or with the Ctrl+U or Cmd+U shortcut.
Note: Many browsers include a powerful suite of tools, also known as devtools, to inspect and interact with the target website.
Download #
If the target uses an open-source app, downloading its codebase will provide helpful information about configuration files, open resources, default credentials, etc.
OpenSSL Foundation, Inc. “/Docs/Manmaster/Man1/Openssl.Html.” OpenSSL.Org, https://www.openssl.org/docs/manmaster/man1/openssl.html. ↩︎
Reeves, OJ. “GitHub - OJ/Gobuster.” GitHub, https://github.com/OJ/gobuster. ↩︎