Testing HTTP Servers

Step 1:

Install beSTORM and an HTTP server on two separate machines that are not otherwise in use or on a network.

Assign IP addresses to beSTORM server and target server like: 192.168.1.2 and 192.168.1.1

Connect the beSTORM server directly to the machine running the HTTP server with a network cable, and no switch in the middle.

Step 2:

welcome_bestorm_002.jpg

Start beSTORM on the client machine and click on the New Project button:

Step 3:

Give the project a name, accept all other defaults and click Next

Step 4:

From the list of modules, select HTTP (Simple), HTTP/1.0 or HTTP/1.1. Set the Target Host Settings to be the IP of the HTTP server and the Remote Port to the HTTP port (usually 80).

Step 5:

(Optional) set the environment variables if needed.

Step 6:

If the HTTP server is a Windows server, install the beSTORM monitor on it, run the monitor on the HTTP server machine, attach it to the HTTP Server process and put the IP of the remote machine on the Monitor Configuration page and select Remote Debugger.

Alternatively, if the HTTP server is not accessible, on the ‘Monitor configuration’ page, select ICMP Echo and TCP Echo, and accept all other defaults.

Step 7:

Click ‘Finish’ to end the wizard and save settings as a Project. The testing will start automatically if the Auto-Start box is checked.

cnfg_cmplt_008.jpg

Step 8:

If an exception happens (an attack is successful) a message will pop up briefly to let you know the remote server is not responding.

rprt_exptn_info_009.jpg

This indicates a possible vulnerability. Testing will resume in 5 seconds unless Pause Test is pressed.

When the testing is finished, click on ‘Report’ to see a short report:

tst_info_rprt_010.jpg

You can also select Report->Generate Report from the menu to generate a more complete report of the testing:

shw_dtct_vulrn_011.jpg

Testing Examples