HTTPRecon Lab

[toggle_content title="Transcript"] Hi Leo Dregier here. I want to talk to you about http recon it is really, really easy and simple tool to use basically just load the tool in this case I have the tool in my toolkit http recon you just open it up and basically your target and http or https port 80 and then analyze the traffic and basically run through a script here with all of these different parameters. These parameters are set basically in a configuration which you can do when the scan in not running. So just let the tool run and then you will get a summary and in this case it is going to guess that it is an apache server. So send http request 1.1 you got 200 it guesses it the web server has apache 2.2.2 is using php 5.4 it has got a php session id so I pull the session id and try making sense out of that and pull some different cash it is on the XML RPC - it has a link. It tries to find the encoding and then it is in the character set UTF-8. Now specifically what I like doing with this tool is - one you can open the website in the web browser. So you can go directly to it here without typing that is always nice. And in the reporting to generate the report go ahead and select all of this and use this as HTML. You could realistically do it as any other reports but watch what happens when you do a HTML. We are going to save this to our desktop. Save it and it opens it up and this is perfect, perfect documentation to add into a web application pen testing report. It has got all of your screen shots and pictures and embedded into this and so it is just real nice and easy just to see exactly what went back and forth to and from the server for each of the connection request and then you can analyze this. So just having basically the pictures here is absolutely priceless in terms of documentation. So other than that it is really simple - the tool – now you can basically set it up to finger print - basically putting your server set it and forget it boom it goes. So really easy tool to use - again thanks for watching my name is Leo Dregier and I am sure you have checked this out by now on Facebook, LinkedIn, YouTube and Twitter. [/toggle_content] This next lab in the Web Applications series examines HTTP reconnaissance aspect of Penetration Testing and Ethical Hacking. The HTTPRecon lab demonstrates the HTTP/HTTPS URL traffic scanner. This lab is a very straightforward tool that gives you all the parameters and statistics for HTTP and HTTPS server traffic monitoring at the “server” session level.  
Recommended Study Material
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?