Skill Name: HTTP Vulnerability Scanning - 1
Categorize Tag: HTTP
Skill Content: The VAPT uses the GET/POST method of HTTP to get information from a target Web. To avoid increasing traffic loading, some VAPT utilities might use HEAD/OPTION/TRACE methods to reduce HTTP Response size from the Web site.
Skill Description: During the VAPT(Vulnerability Assessment Penetration Testing) process, there are many different ways to gather information from a target web. Especially, the information of the Web Application(HTTP CGI) may contain important Vulnerability to offensivers. Although the GET/POST method of HTTP protocol can gather information of the Web Application(HTTP CGI), the VAPT operators might use HEAD/OPTION/TRACE methods of HTTP protocol to reduce the network impact of the target web servers as well as network environment. Therefore, if we find a lot of these special HTTP methods sending to the web site(s), it is one of the symptoms of HTTP vulnerability Scanning.
We can also observe these HTTP phenomena in a network surrounding from a network packets tool such as the Wireshark. However, in the HTTPS session, we only can trace back the log files of HTTP services since the HTTPS protocol encrypted their content of network packets. Nomatter what kind of tools, the SOC or IPS/UTM systems can detect these scanning behaviors with signatures(rules).
On the other hand, a malware offensive process rather than VAPT behavior will not generate the lots of GET/POST/HEAD/OPTION/TRACE methods of HTTP requests. A malware will hit victims directly as soon as possible to infect more web hosts in a short time. Thus, this is the different behaviors between VAPT from human and network worms(malware).
NSPA suggested display filter of Wireshark:
http.request.method in {"HEAD" "OPTION" "TRACE"}
http.request.method in {HEAD OPTION TRACE}
Online Course: https://youtu.be/Vy3p3V0Q2A4
Analytical Example: https://www.hugediamond.net/shop
------------------------------------------------------------------------
Extent Information:
Español: Web VAPT (prueba de penetración de evaluación de vulnerabilidades) utiliza el método GET / POST de HTTP para obtener información de una Web de destino. Para evitar aumentar la carga de tráfico, algunas utilidades VAPT pueden usar métodos HEAD / OPTION / TRACE para reducir el tamaño de respuesta HTTP del sitio web.
Franch: Le Web VAPT (Vulnerability Assessment Penetration Testing) utilise la méthode GET/POST de HTTP pour obtenir des informations d'un site Web cible. Pour éviter d'augmenter la charge de trafic, certains utilitaires VAPT peuvent utiliser les méthodes HEAD/OPTION/TRACE pour réduire la taille de la réponse HTTP du site Web.
German: Das Web VAPT (Vulnerability Assessment Penetration Testing) verwendet die GET/POST-Methode von HTTP, um Informationen aus einem Zielweb abzurufen. Um eine zunehmende Belastung des Datenverkehrs zu vermeiden, verwenden einige VAPT-Dienstprogramme möglicherweise HEAD/OPTION/TRACE-Methoden, um die HTTP-Antwortgröße von der Website zu reduzieren.
Chinese: Web VAPT(漏洞評估滲透測試)使用 HTTP 的 GET/POST 方法從目標 Web 獲取信息。 為了避免增加流量負載,一些 VAPT 實用程序可能使用 HEAD/OPTION/TRACE 方法來減少來自網站的 HTTP 響應大小。
Japanese: Web VAPT(Vulnerability Assessment Penetration Testing)は、HTTPのGET / POSTメソッドを使用して、ターゲットWebから情報を取得します。 トラフィックの負荷の増加を回避するために、一部のVAPTユーティリティはHEAD / OPTION / TRACEメソッドを使用して、WebサイトからのHTTP応答サイズを削減する場合があります。
Vietnamese: Web VAPT (Kiểm tra thâm nhập đánh giá lỗ hổng) sử dụng phương thức GET / POST của HTTP để lấy thông tin từ Web đích. Để tránh tăng lưu lượng tải, một số tiện ích VAPT có thể sử dụng các phương thức HEAD / OPTION / TRACE để giảm kích thước Phản hồi HTTP từ trang Web.
Thai(Siamese): Web VAPT(Vulnerability Assessment Penetration Testing) ใช้วิธี GET/POST ของ HTTP เพื่อรับข้อมูลจากเว็บเป้าหมาย เพื่อหลีกเลี่ยงการเพิ่มปริมาณการรับส่งข้อมูล โปรแกรมอรรถประโยชน์ VAPT บางอย่างอาจใช้วิธีการ HEAD/OPTION/TRACE เพื่อลดขนาด HTTP Response จากเว็บไซต์
Indonesian: Web VAPT (Vulnerability Assessment Penetration Testing) menggunakan metode GET/POST HTTP untuk mendapatkan informasi dari Web target. Untuk menghindari peningkatan pemuatan lalu lintas, beberapa utilitas VAPT mungkin menggunakan metode HEAD/OPTION/TRACE untuk mengurangi ukuran Respons HTTP dari situs Web.
Malay: Web VAPT (Ujian Penetrasi Penilaian Kerentanan) menggunakan kaedah GET / POST HTTP untuk mendapatkan maklumat dari Web sasaran. Untuk mengelakkan peningkatan muatan lalu lintas, beberapa utiliti VAPT mungkin menggunakan kaedah HEAD / OPTION / TRACE untuk mengurangkan ukuran Respons HTTP dari laman web.
Myanmar: Web VAPT (Vulnerability Assessment Penetration Testing) သည် target web တစ်ခုမှအချက်အလက်များရယူရန် HTTP ၏ GET/POST နည်းလမ်းကိုအသုံးပြုသည်။ အသွားအလာတင်ခြင်းကိုရှောင်ရှားရန်အချို့သော VAPT အသုံးအဆောင်များသည် ၀ က်ဘ်ဆိုက်မှ HTTP တုံ့ပြန်မှုအရွယ်အစားကိုလျှော့ချရန် HEAD/OPTION/TRACE နည်းလမ်းများကိုသုံးနိုင်သည်။
