👊RECONOCIMIENTO ACTIVO

• BURP SUITE --------------------------------->https://portswigger.net/web-security --->PDF-TOOL

  REQUEST:
  
  POST /post/comment HTTP/1.1
  Host: 0a9f006203c52313803221f800f20052.web-security-academy.net
  Cookie: session=gVRGbyObaBk8uOuMZCOyN6GCDLL89rnM
  Content-Length: 171
  Cache-Control: max-age=0
  Sec-Ch-Ua: "Chromium";v="118", "Google Chrome";v="118", "Not=A?Brand";v="99"
  Sec-Ch-Ua-Mobile: ?0
  Sec-Ch-Ua-Platform: "Linux"
  Upgrade-Insecure-Requests: 1
  User-Agent: Mozilla/5.0 (X11; Li
  nux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
  Origin: https://0a9f006203c52313803221f800f20052.web-security-academy.net
  Content-Type: application/x-www-form-urlencoded
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
  Sec-Fetch-Site: same-origin
  Sec-Fetch-Mode: navigate
  Sec-Fetch-User: ?1
  Sec-Fetch-Dest: document
  Referer: https://0a9f006203c52313803221f800f20052.web-security-academy.net/post?postId=1
  Accept-Encoding: gzip, deflate, br
  Accept-Language: es-419,es;q=0.9,en;q=0.8
  Connection: close
  
  csrf=5aGK2T2ryPOp8qacwVPwWi9aaiShRntn&postId=1&comment=hola+tu+hermana+rica&name=PAIMON&email=P4IM0N%40hotmail.com&website=https%3A%2F%2Fp4imon-d-m-python.herokuapp.com%2F
  
  
  -----
  
  
  GET /post/comment/confirmation?postId=1 HTTP/2
  Host: 0a9f006203c52313803221f800f20052.web-security-academy.net
  Cookie: session=gVRGbyObaBk8uOuMZCOyN6GCDLL89rnM
  Cache-Control: max-age=0
  Upgrade-Insecure-Requests: 1
  User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
  Sec-Fetch-Site: same-origin
  Sec-Fetch-Mode: navigate
  Sec-Fetch-User: ?1
  Sec-Fetch-Dest: document
  Sec-Ch-Ua: "Chromium";v="118", "Google Chrome";v="118", "Not=A?Brand";v="99"
  Sec-Ch-Ua-Mobile: ?0
  Sec-Ch-Ua-Platform: "Linux"
  Referer: https://0a9f006203c52313803221f800f20052.web-security-academy.net/post?postId=1
  Accept-Encoding: gzip, deflate, br
  Accept-Language: es-419,es;q=0.9,en;q=0.8
  
  
  

  • CONCLUSION: CORROBORAMOS UNA PRIMER VISTA DE COMO SE MANEJAN LAS REQUEST AL ENVIAR COMENTARIOS