1
00:00:12,320 --> 00:00:15,440
Hey, guys, welcome back to another episode on How to Hack.

2
00:00:15,650 --> 00:00:20,700
All right, so now we'll be discussing on bypass front end restrictions.

3
00:00:20,750 --> 00:00:27,050
OK, so here we are back to Web goat once again, which is a Web application penetration testing platform

4
00:00:27,290 --> 00:00:30,190
for us to learn all about Web application security.

5
00:00:30,620 --> 00:00:35,720
So in this case, on the left side, we have client site and you can go ahead and click on the bypass

6
00:00:35,720 --> 00:00:36,980
front end restrictions.

7
00:00:37,790 --> 00:00:44,660
So, once again, users have a great control of how they can manipulate the data to input the content

8
00:00:44,660 --> 00:00:51,530
we sent over into the Web application server so they can actually a man and change the way the structure

9
00:00:51,530 --> 00:00:54,710
of the values that are sent into the Web application system.

10
00:00:54,890 --> 00:00:55,220
All right.

11
00:00:55,230 --> 00:01:02,720
So as something of a basic understanding of HTML, you're able to amend and edit the HTML through web

12
00:01:02,720 --> 00:01:09,350
developer or even downloading the entire HTML page and dating the values, and then you can actually

13
00:01:09,350 --> 00:01:12,830
send it over all the way to the Web application system.

14
00:01:13,520 --> 00:01:19,160
So over here we can temper, temper and change the data and the values.

15
00:01:19,550 --> 00:01:22,360
So in this case, over here we have few restrictions.

16
00:01:22,580 --> 00:01:28,550
So sometimes some of these web developers, especially on the front end, they may create certain options

17
00:01:28,550 --> 00:01:30,300
for you to select from.

18
00:01:30,350 --> 00:01:32,510
For example, here we have a number of views.

19
00:01:33,050 --> 00:01:38,600
So the first view we have, for example, option one, which is a dropdown list, we have radio button,

20
00:01:38,990 --> 00:01:41,840
we have checkbox and we have an input feel.

21
00:01:41,870 --> 00:01:42,140
All right.

22
00:01:42,150 --> 00:01:44,320
So we have one, two, three, four.

23
00:01:44,330 --> 00:01:49,630
So we got four options for us to input and submit into the Web application system.

24
00:01:50,120 --> 00:01:54,800
So if I go in and click on Submit, of course it says, sorry, the solution is not correct.

25
00:01:54,830 --> 00:01:56,000
Please try again.

26
00:01:56,300 --> 00:01:56,550
All right.

27
00:01:56,570 --> 00:01:59,540
So what we can do right here is to go Hando Right.

28
00:01:59,540 --> 00:02:00,560
Click OK.

29
00:02:00,560 --> 00:02:04,920
And we can click on Inspect Element, as you can see over here, inspect element.

30
00:02:05,510 --> 00:02:07,760
So here we can see we have to form Closs.

31
00:02:07,830 --> 00:02:08,110
All right.

32
00:02:08,130 --> 00:02:14,990
So this is submitted into the Web application system so you can see the action slash web goats, bypass

33
00:02:15,410 --> 00:02:18,270
restrictions, few restrictions.

34
00:02:18,290 --> 00:02:21,950
OK, so we can look at the first one, which is a select.

35
00:02:22,780 --> 00:02:23,090
All right.

36
00:02:23,090 --> 00:02:26,250
So we have a select and we have a number of options right here.

37
00:02:26,360 --> 00:02:31,260
So all you got to do is do a right click and click and did as HTML.

38
00:02:31,430 --> 00:02:35,040
So what we can do is we can copy the information over here, OK?

39
00:02:35,090 --> 00:02:37,370
And we can pace it and we can change the value.

40
00:02:37,730 --> 00:02:39,770
OK, so I'm going to change this to option tree.

41
00:02:40,760 --> 00:02:41,140
All right.

42
00:02:41,360 --> 00:02:45,050
And this would give us immediately an additional option for us to select from.

43
00:02:45,380 --> 00:02:48,610
So you see over here option one, two and three.

44
00:02:48,620 --> 00:02:54,380
So now we have three options that we can submit into the Web application server by tampering with the

45
00:02:54,380 --> 00:02:59,660
data on the browser, likewise on the radio button with two possible values.

46
00:02:59,690 --> 00:03:07,880
So once again, we can change this so we can see over here we have input type, radio name, radio value

47
00:03:07,880 --> 00:03:08,780
is option one.

48
00:03:08,780 --> 00:03:11,000
And and of course, here we can see.

49
00:03:11,540 --> 00:03:17,780
All right, we have checked, OK, and now we have input type radio name, radio value, equal option

50
00:03:17,780 --> 00:03:17,930
two.

51
00:03:17,930 --> 00:03:24,740
So once again, we can do a right click and then we can click and did 60 GML so I can copy all this

52
00:03:24,740 --> 00:03:25,850
information right here.

53
00:03:26,500 --> 00:03:28,580
OK then I can put it after the break.

54
00:03:28,610 --> 00:03:28,880
All right.

55
00:03:28,880 --> 00:03:34,340
So we can click on edit as HTML and I can hit enter on that pasty information over here and I can change

56
00:03:34,340 --> 00:03:36,050
this to option number three.

57
00:03:36,740 --> 00:03:41,750
OK, so once again I can hit enter on it and we can see one additional option right here.

58
00:03:41,900 --> 00:03:45,890
OK, so we can see now we can one additional item that we can click on.

59
00:03:45,980 --> 00:03:46,190
All right.

60
00:03:46,190 --> 00:03:48,460
So we can select all the business option tree.

61
00:03:49,310 --> 00:03:51,970
Next we have to check the box.

62
00:03:52,250 --> 00:03:56,060
So again, we can see here we have the input type, which is a check box.

63
00:03:56,420 --> 00:04:01,380
And of course the name is CheckBox and we have the perimeter checked.

64
00:04:02,180 --> 00:04:07,060
So once again, you can click on to do the HTML space value.

65
00:04:07,280 --> 00:04:07,640
All right.

66
00:04:07,640 --> 00:04:09,340
And then we can put whatever value you want.

67
00:04:09,350 --> 00:04:11,520
So in this case, I can put, for example, want to tree.

68
00:04:12,080 --> 00:04:17,410
OK, so once again, we are changing the values that are being inserted into the Web application system

69
00:04:18,020 --> 00:04:20,750
and finally on the text input box.

70
00:04:20,870 --> 00:04:21,140
All right.

71
00:04:21,140 --> 00:04:24,390
So here we have max length is equal to five.

72
00:04:24,410 --> 00:04:30,170
So again, you can edit as HTML sort of restriction lies on the max length so we can change this to

73
00:04:30,170 --> 00:04:30,710
six.

74
00:04:31,270 --> 00:04:31,610
All right.

75
00:04:31,610 --> 00:04:33,410
And I can add additional value for this.

76
00:04:33,700 --> 00:04:36,080
OK, so right now, before I click, sum it.

77
00:04:36,350 --> 00:04:36,590
All right.

78
00:04:36,590 --> 00:04:38,240
So some real life scenarios.

79
00:04:38,270 --> 00:04:45,620
Why do we need to do this is because as we are sending different kind of payloads into the Web application

80
00:04:45,620 --> 00:04:52,430
system for penetration testing, whether is CROCI scripting, server site request forgery, SQL injection,

81
00:04:52,850 --> 00:04:58,220
that could be certain limitations at the browser level that we were unable to push the payload into

82
00:04:58,220 --> 00:04:59,430
the Web application system.

83
00:04:59,780 --> 00:05:05,360
So with this in mind, by changing editing and tampering with the data, we'll be able to submit it

84
00:05:05,360 --> 00:05:09,680
successfully into the Web application server, which can then get process.

85
00:05:10,100 --> 00:05:16,670
For us to run certain kind of hacking techniques and tactics against the system, so now we can go ahead

86
00:05:16,970 --> 00:05:22,760
and click onto submit and it says congratulations, you have successfully completed the assignment.

87
00:05:23,210 --> 00:05:25,250
So thank you once again for watching.

88
00:05:25,250 --> 00:05:26,960
And I hope you have learned something valuable.

89
00:05:26,990 --> 00:05:29,640
And if you have any questions, feel free to leave a comment below.

90
00:05:29,810 --> 00:05:33,920
I'll try my best to answer any of your questions and we'll like, share and subscribe to the channel

91
00:05:34,040 --> 00:05:37,280
so you can be kept abreast of the latest cybersecurity tutorial.

92
00:05:37,400 --> 00:05:38,840
Thank you so much once again for watching.