SBM Labs

Cyber Security Collaboration Project

HTTP Verb Tampering
14 Dec 2013

The aim of this lab is bypass HTTP Basic authentication.

For this lab you will need:
1. Web browser Mozilla Firefox.
2. Software Burp Suite.

Run Burp Suite and check its configuration.

Then you should configure web browser Mozilla Firefox for work with Burp Suite.

Go to the lab HTTP Verb Tampering. HTTP request will be sent to the server using method GET.

As a result you will see authentication window (HTTP Basic Authentication).

Enter any login and password.

Then you should find your GET request in Burp Suite and change its method. For example, you can use method HACK.

As a result you will get access to the web page.

Access to this web page was restricted only for the method GET. All another HTTP methods were allowed. You should use security principles and deny all except you need.