Skip to content

Activity 1.1

When a pen-tester point the URL of his Firefox browser to https://www.ibm.com

The communications between his browser and the IBM servers were captured and given in the next five slides, separate them as REQUEST or RESPONSE message.

Using the ZAP Proxy Tool, show the intercepted HTTP Request and Response Header

OWASP ZAP Proxy

  1. Ensure Kali VM is in NAT

  1. Start an OWASP ZAP Proxy Session

  1. Start a Manual Exploration

  1. Key in the website to manually explore

  1. Notice the browser information is captured by the server in the REQUEST and the RESPONSE is a redirect status code

HTTP Request

HTTP Response

  1. Notice that within the packet of the Redirect status code there is another redirect status code in the RESPONSE

  1. Notice that within the packet of the Redirect status code there is another redirect status code in the RESPONSE

  1. Notice that within the packet of the Redirect status code there is another redirect status code in the RESPONSE

  1. Notice on recieving a 200 OK status code, the server type, link and the html code is returned

Additional Resources

  1. Types of VM Network connections
  2. HTTPS Status Codes and their meanings
  3. HTTPS Server Redirection - How it works
Last update: June 11, 2023
Created: June 11, 2023