iistapp wrote:So where would I get an intercepting proxy for background use to log all traffic as suggested? Is this a simple google and two click download, or does it take quite some skill to set this up?
Normally I would tell you to Google it, but you seem like a decent enough guy. Paros Proxy is the most simple in terms of setup and usage, but also has less features than the next two. Burp Proxy and Webscarab are both more functional, but the learning curve is steeper as a result. They are also written in Java, which means you will need to have a JRE (Java Runtime Environment) installed to use them. You probably have this already.
In any case, you have to configure your browser to use your intercepting proxy for all connections. It varies by browser, but this is something that Google can easily help you with.
iistapp wrote:Also, what would you suggest to learn to know and see what can be attacked?
The best advice I can give here is to test everything (within reason; don't go probing the FBI quite yet). If you wanna know what to study in order to actually understand these attacks and be able to pull them off, then you should probably start by learning a programming language. Python is easy for beginners to pick up, PHP is used in a ton of websites, C is used for a lot of applications/programs. If your focus is going to be on web security, then I would definitely suggest PHP first. Learn how to build websites with it (meaning you will need to learn HTML as well). Learn how you can access a database with it. Learn about the common security flaws programmers introduce, as well as how to exploit and fix them.
It might help to set up a webserver of your own for testing. If you are reading this right now, you already have everything you need. You can install what's called XAMPP (Cross-platform Apache MySQL PHP and Perl) on your machine and you will have a fully-functional webserver in minutes. If you are more ambitious, you can either dedicate an old machine or create a virtual machine, and install a LAMP (Linux Apache MySQL PHP/Perl/Python) server that way. I'd go with this option because then you have the benefit of learning Linux as well.
iistapp wrote:If I were to do a walk through of HTS to find vulnerabilities, where would you suggest me to start? And how would you suggest me to start off? Would it be the same way for every page, or does it depend on what programming language is used on the page or what?
Not to dissuade you, but you probably won't find anything this early. Just trying to be realistic here. That said, if I were to do it I would probably be attacking the main site as opposed to the forum. The forum is PHPBB3, which is a public and very well-written open-source application, meaning many people can review it for code. HTS, on the other hand, does not have the benefit of being open-source - as a side note, this will be changing soon - which means that, at least in theory, there is a bigger chance of bugs being found.
Things to look for include login forms, upload forms, picture galleries, cookies, search bars, chat areas, pretty much anything where you can control the information that the server receives. There is a lot more of this than you would think.
iistapp wrote:Loads of questions, I apologise for that, but I feel like you guys are honest people and can aid me with the best answers on topics like this
Do me a favor, and
never apologize for asking a question again. You'd be doing yourself a favor, too.