1
00:00:12,240 --> 00:00:14,910
Hey, guys, welcome back to another episode on How to Hack.

2
00:00:15,440 --> 00:00:20,460
So here we are back to Webcke as part of a Web application penetration testing series.

3
00:00:20,790 --> 00:00:26,430
And on the right side, we have client side attacks and you can go ahead and click on to HTML tampering.

4
00:00:27,090 --> 00:00:28,470
So here we are on the lesson.

5
00:00:28,500 --> 00:00:35,140
And a concept is that browsers generally allow us to edit change information as we submit them right

6
00:00:35,220 --> 00:00:40,530
into the Web application system for processing, either inputting into a database, updating the database,

7
00:00:40,530 --> 00:00:45,750
or even removing from the database, just like your shopping cart, just like all this different data

8
00:00:45,750 --> 00:00:50,700
that you may be inputting into an e-commerce site, a social media platform, your bank account.

9
00:00:51,570 --> 00:00:57,030
So moving on to lesson number two, Orizaba accuracy's, try herself in an online store.

10
00:00:57,030 --> 00:01:02,550
You ordered a new TV trying to buy one or more TVs for a lower price.

11
00:01:02,950 --> 00:01:06,390
OK, so over here we have the quantity and we have to price.

12
00:01:06,690 --> 00:01:08,370
And of course, we have a remove button.

13
00:01:08,820 --> 00:01:11,820
And of course, it help us add into subtotal.

14
00:01:11,820 --> 00:01:15,980
And over here we can see all this different information so you can go in and click on checkout.

15
00:01:16,770 --> 00:01:18,620
And of course, you get the fulling response.

16
00:01:18,990 --> 00:01:20,730
This is too expensive.

17
00:01:20,740 --> 00:01:23,460
You need to buy at a cheaper cost.

18
00:01:23,760 --> 00:01:29,640
So what we need to do is we need to be able to amend information that is being submitted from the browser

19
00:01:29,880 --> 00:01:31,530
into the Web application system.

20
00:01:31,710 --> 00:01:32,020
All right.

21
00:01:32,050 --> 00:01:37,170
So what we can do is to make use of web developer to help us launch the attack.

22
00:01:37,950 --> 00:01:42,780
So going to the right site, OK, we can go ahead and click on our menu and you can click on the web

23
00:01:42,780 --> 00:01:49,530
developer and you can click onto network or you can use the shortcut control siff e.

24
00:01:49,770 --> 00:01:50,760
So go in and click on it.

25
00:01:51,570 --> 00:01:52,320
And over here.

26
00:01:53,080 --> 00:01:53,400
All right.

27
00:01:53,400 --> 00:01:57,960
We can see the lesson manual, don't NBC and so on, so we can easily clear all of them.

28
00:01:58,020 --> 00:01:58,430
All right.

29
00:01:58,860 --> 00:02:00,590
And you can go in and click on Chacko.

30
00:02:00,810 --> 00:02:06,930
So once you do so we will have a following task, which is a post smattered and a status two hundred

31
00:02:07,350 --> 00:02:10,350
so you can go in and click on it and we have the parameters.

32
00:02:10,350 --> 00:02:13,500
So here we can see the quantity, the total number.

33
00:02:13,860 --> 00:02:16,920
And of course we have the response and the response is feedback.

34
00:02:17,460 --> 00:02:18,720
This is too expensive.

35
00:02:18,850 --> 00:02:21,000
You need to buy at a cheaper cost.

36
00:02:21,630 --> 00:02:22,890
So what we can do is do it right.

37
00:02:22,890 --> 00:02:26,610
Click OK on the left site and click under edit.

38
00:02:26,760 --> 00:02:28,890
And we said go ahead and click on it.

39
00:02:29,640 --> 00:02:34,430
And what we can do here is we can look at the request hater's and all this different information and

40
00:02:34,530 --> 00:02:36,360
we have to request body.

41
00:02:36,390 --> 00:02:40,610
So in this case we have cut WHI, which stands for quantity and total.

42
00:02:40,920 --> 00:02:45,360
So all you going to do is change in a man, any of the values under total.

43
00:02:45,420 --> 00:02:49,210
So in this case we're going to use two nine nine nine.

44
00:02:49,350 --> 00:02:49,550
All right.

45
00:02:49,590 --> 00:02:51,330
So once you're done with this you can go ahead.

46
00:02:51,450 --> 00:02:51,650
All right.

47
00:02:51,750 --> 00:02:53,110
And click send.

48
00:02:53,550 --> 00:02:53,800
All right.

49
00:02:53,850 --> 00:02:58,350
So once you're done with it, you can click onto the new task or you can double click on it.

50
00:02:58,710 --> 00:03:00,120
And it says over here, feedback.

51
00:03:00,120 --> 00:03:00,750
Well done.

52
00:03:01,230 --> 00:03:03,480
You just bought TV at a discount.

53
00:03:03,650 --> 00:03:03,760
Right?

54
00:03:03,780 --> 00:03:10,530
So immediately we'll be able to alter the way that we're sending data to and fro between the browser

55
00:03:10,530 --> 00:03:13,170
as well as the Web application system.

56
00:03:13,530 --> 00:03:16,350
So once again, I hope you've learned something valuable in today's tutorial.

57
00:03:16,650 --> 00:03:20,190
And if you've have any questions, feel free to leave a comment below and I'll try my best to answer

58
00:03:20,190 --> 00:03:21,240
any of your queries.

59
00:03:21,450 --> 00:03:26,460
And we'll like, share and subscribe to the channel so that you can be kept abreast of the latest cybersecurity

60
00:03:26,460 --> 00:03:26,790
tutorial.

61
00:03:26,970 --> 00:03:28,560
Thank you so much once again for watching.