Same Origin Policy

• Javascript on one page can only modify javascript on another page if they share the same
origin – that is the same domain.
• Exception to SOP: set location of document, but can't change content;

HTTP Cookies and Session

• Firefox addon – firebug; can look at script, analyzing the network traffic, etc [like see GET
requests, the response from the server, etc.
• Firebug – cookies panel: inspect and manipulate cookies. Can see if cookie is httponly, etc.
• If httponly is not set, can access cookie from javascript – write in console:
“document.cookie”;

Burpe Suite

• target tab: site map & scope [refine scope of tests];

• burpe proxy: intercept and modify requests;
• spider: crawl target web application;
• repeater: manually maniplate http requests to see how application responds;

• reset configurations to get rid of prior: burpe → restore defaults → all options [new clean
environment];
• config proxy → options → edit proxy listener → check intercept server responses → firefox
preferences [configure proxy – 127.0.0.1: 8080];
• Proxy intercept → intercept is on → [see GET request] → forward OR [action → “send
to...”]
• target tab starts populating with sitemap, requests and responses, etc.
• [scope] → right click item in sitemap list on target and → add to scope;
• [scope] → copy URL and then paste in “target scope” and url will be added;
• on target tab → press filter button → show only inscope items;
• outside of scope intercept will ignore;
• when you've been on the site, the burpe site map will start gathering info: grey objects is
what burpe collects itself, and black objects is what you've browsed to;
• spider → options → form submission → prompt for guidance;
• start spider with “spider is paused”;

• repeater → right click on login page; send to repeater → see username & password
parameters and can manually manipulate them from here;

OWASP Zap

• Web proxy tool;

• tools → options [plethora of options];
• ice weasel [default in kali] → configure proxy [use this proxy server for all protocols]
• settings → options → dynamic ssl certificate → generate → save → import into ice weasel
→ preferences → certificate → view certificate → import the certificate; trust this CA to
navigate websites;
• on left is tree window to navigate domains [each in folder]; by right clicking on element we
can choose specific options to run;
• right side is workspace window to see and manage requests and responses;
• header and body separated
• break tab allows us to edit requests and responses;
• spider → select domain →
• URL's in scope → right click “include in context” → new session → set name and in scope
or not → exclude URIs in context so can set list outside of scope;
• click on target URI → change from safe mode to protected mode;
• click the two red arrows facing one another to intercept every response to and from server
that is in scope [will appear in break tab]; → forward with the little arrow OR edit the
responses in “break”;
•