FOOTPRITING,SCANNING,ENUMERATION

HTTP
After a user inputs the URL (www.example.com) which the user wants, that page will be shown directly. Packet processing in computer network is the process that the user needs not to know. In a computer network, almost of them was built by distributed system. That is one of the critical think that should be fulfilled by distributed system, which is user transparency. A packet is sent from a local host to a server, server decapsulates it, and then server sends another packet as a feedback. There are seven layers in an OSI Model. Every packet must through all of the layers, both the client and server.

HTTP distributes, collaborates hypermedia and as hypermedia information system to open the web page. HTTP acts as the basic protocol to control the request and response on a unicast network. Client is the end-user and server is the accessed website.

To access the resource,HTTP needs URIs (Uniform Resource Identifiers) or URLs (Uniform Resource Locators). URLs are more specific than URIs. Basically, client sends a packet to the server in order making a communication. If the server is correct, then server sends feedback packet immediately.

The content of the packet request from client is:
-Request line, like GET /images/logo.gif HTTP/1.1, which needs resource from server /images/logo,gif
-header, like Accept-Language: en
-an empty line
-the packet body

HTTP uses eight request methods which refer to “verb”. They represent the server process by client. These are eight request methods: HEAD, GET, POST, PUT, DELETE, TRACE, OPTIONS, and CONNECT.

Some methods like HEAD, GET, OPTIONS, and TRACE are considered as secure method, because only reading the server and not to write. In the other hand, POST, PUT, and DELETE are not secure, they can be executed to know financial transaction or e-mail validation.

Footprinting, Scanning, and Enumeration
At least three penetration tests are used to know how vulnerably website is. Footpriting is an easy way, just print the network packet, and get the location of the source. There is a tool like this in MS-DOS (Disk Operating System), by typing nslookup (website URL or IP address ), and then capturing network packet.

By scanning, enumerating a network, finding security hole is not so hard.

If you want to know more just download full e-book at here. This can be used as your reference book, it contains only for educational purpose.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: