The livehttpheaders of Web hacking toolkit

When we test the security of a Web application, we often need to analyze and dynamically modify the HTTP traffic. In addition, gaining control over the flow of data from and into the Web application is not only helpful for security testing tasks such as the discovery and exploitation of web application security flaws, but also facilitates regular web application testing. In this article, we will explain the tools used for these purposes: Livehttpheaders, with this Firefox extension, we can easily analyze and manipulate HTTP traffic without having to set up a proxy server.

First, the installation of Livehttpheaders

Livehttpheaders is a Firefox extension for parsing HTTP traffic, which we can use to analyze and replay HTTP requests. We explain the installation steps of the plug-in in detail below. First, navigate your browser to http://LiveHTTPHeaders.mozdev.org/installation.html, and then click Install Version 0.14 of Livehttpheaders now Hyperlink to select the latest current version as shown in:

Figure 1 Click the link shown in the figure

If Firefox has blocked the installation of the extension, you can continue with the installation by clicking on the "Allow" button on the right. As shown in the following:

Figure 2 Click the "Allow" button

The "Allow" button will start the installation process, and the browser will pop up the "Software Installation" dialog box as shown below:

Figure 3 Click the Install Now button

Click the Install Now button in the Software Installation dialog box to proceed to the next installation screen, as shown in:

Figure 4 Restarting the browser

In the Attach Attachment dialog box, click the "Restart Firefox" button, and when the browser restarts, the following screen will automatically pop up:

Figure 5 End of installation

This means that we have successfully installed the livehttpheaders extension, close the dialog box, and we can see the Livehttpheaders menu item in the Tools menu and the Sidebar submenu under the View menu.

Second, livehttpheaders main window

Depending on our purpose, Livehttpheaders has two startup methods: when we want to monitor traffic only, we can choose the "sidebar" menu item from the browser's "View" menu and select the Live HTTP Headers menu item, and if you want to use all the features of the tool, You need to open it by clicking the live HTTP Headers item on the Tools menu, as shown in.

Figure 6 The main window of Live HTTP headers

There are multiple tabs in the Livehttpheaders main window, and different tabs correspond to different functions. The middle part of the window shows the requested and received responses, with horizontal lines separating each request-reply pair. The bottom of the window contains the action button for the Livehttpheaders and the Capture check box that specifies whether capturing mode is enabled. Select this button to stop livehttpheaders scrolling down in order to analyze the traffic that has been generated.

Third, the use of Livehttpheaders replay request

In addition to monitoring HTTP traffic, we can also use Livehttpheaders to replay a request, which is important for security testing of Web applications. Livehttpheaders allows us to easily read and write the previous request, so it is easy to test the weaknesses and flaws of the program by modifying the various parts of the request. To re-send, simply select one of the requests listed in the middle of the window, then click the "Replay" button at the bottom of the window to pop up the window as seen in Figure 7, where we can make various modifications to the request, for example, we could add extra headers, Change the request mode (get or post), or modify the parameters sent to the server, and so on. Once the request has been modified, click the Replay button at the bottom of the Live HTTP Replay dialog box to make the request re-sent.

Figure 7 Request Replay dialog box

Replay may be the most useful feature in livehttpheaders because it loads the results of the request directly into the browser, which is what the Web agents do not have, such as burp. With the replay window, we can further make various changes to the browsing session and view the results.

Four, modify the post parameters

As mentioned earlier, we can use the replay function to change any part of the request, including the post parameter, as shown in 8. Note that when you change the POST request, you need to be aware of the Content-length parameter in the header, because Livehttpreplay cannot dynamically provide the length value of the requested content. Although most Web servers/applications do not care about the right or wrong value, the header is required in accordance with the RFC specification. If this value is not included, an IDs alert is generated when the intrusion detection system (IDS) is used to monitor web traffic. Fortunately, Livehttpheaders provides a length counter, which is located at the bottom left of the window, and we can use it to insert our content length values.

Figure 8 Instant replay of HTTP

In addition to the Get and post requests, we can use this tool to test the Web server with trace, track, and options. For example, you can test whether a Web server allows unrestricted file uploads by providing the following commands for the replay tool.

Figure 9 simulating an HTTP PUT

Five, filter function

The final introduction is how to filter out unwanted request types, which can reduce our workload when checking large Web applications. First click the Config tab in the Live HTTP Headers main window, as shown in:

Figure livehttpheaders Configuration dialog box

With this configuration view, we can exclude and include URLs that match Special regular expression rules. Using "Filter URLs with RegExp" and "Exclude URLs with RegExp", you can specify which types of requests we want based on the URL of the request. In, requests that end with. gif,. jpg,. ico,. css, and. JS will be excluded from the headers view.

Vi. Summary

In this article, we describe in detail the functions of livehttpheaders in the area of security testing. In general, Livehttpheaders is one of the most common tools for discovering XSS defects. We can easily view the internal details of the request with a few clicks and modify and replay them. If you look at it, you'll see that the results of each request that Livehttpheaders replay will still go into the browser window. Unlike other test tools such as application proxies, Livehttpheaders provides a visual result that will help you understand them faster.

Web hack Toolbox livehttpheaders