Web

The interwebs? You can hack that?.


Programs

  • Postman
    Postman is the swiss-army knife communicating with websites.
    With Postman you can hand-craft every packet sent to a web server, so you can exploit to your hearts desire.
    NOTE: The original Postman was a google chrome app but was deprecated and made into a standalone program.
    Along with this extension was Interceptor, a google chrome app that would allow postman to use all the real requests you make to websites and allow you to edit them directly.
    This takes a lot of hassle out of making the packet yourself, the only downside is the new-flashy postman doesn't support it.
    FYI, I use both.

  • Burp Suite
    If Postman is the swiss-army knife of communicating with websites, then Burp-Suite is the swiss-army knife of intercepting web traffic.
    Burp Suite does everything you've ever wanted to do to a website. It's got a proxy, web-crawler, brute-forcer, spider etc.
    The most used tool for CTF challenges is it's proxy. You can get pretty far with just intercepting your own web traffic and manipulating it on the fly.

References

  • URL Encoding
    When delving deeper into web you'll come across URL Encoded strings.
    This is a quick reference guide for getting some use out of em'.

  • HTML Entities
    HTML Entities are another form of encoding you'll eventually see.

  • html5sec
    Html5sec is a great reference for all kinds of web hacking.

Guides/Writeups