Testing HTTP Servers
Install beSTORM and an HTTP server on two separate machines that are not otherwise in use or on a network.
Assign IP addresses to beSTORM server and target server like: 192.168.1.2 and 192.168.1.1
Connect the beSTORM server directly to the machine running the HTTP server with a network cable, and no switch in the middle.
Start beSTORM on the client machine and click on the New Project button:
Give the project a name, accept all other defaults and click Next
From the list of modules, select HTTP (Simple), HTTP/1.0 or HTTP/1.1. Set the Target Host Settings to be the IP of the HTTP server and the Remote Port to the HTTP port (usually 80).
(Optional) set the environment variables if needed.
If the HTTP server is a Windows server, install the beSTORM monitor on it, run the monitor on the HTTP server machine, attach it to the HTTP Server process and put the IP of the remote machine on the Monitor Configuration page and select Remote Debugger.
Alternatively, if the HTTP server is not accessible, on the ‘Monitor configuration’ page, select ICMP Echo and TCP Echo, and accept all other defaults.
Click ‘Finish’ to end the wizard and save settings as a Project. The testing will start automatically if the Auto-Start box is checked.
If an exception happens (an attack is successful) a message will pop up briefly to let you know the remote server is not responding.
This indicates a possible vulnerability. Testing will resume in 5 seconds unless Pause Test is pressed.
When the testing is finished, click on ‘Report’ to see a short report:
You can also select Report->Generate Report from the menu to generate a more complete report of the testing:
- PDF Fuzzing with beSTORM
- Testing HTTP with beSTORM
- Testing SSL with beSTORM
- Testing IPSEC with beSTORM
- Testing SSH with beSTORM
- Testing ICMP with beSTORM
- Testing Examples Main Page