S.

No DATE Name of the Experiment Page Marks Staff Remarks

No. Awarded Signature

Analyze the difference between

1.a) HTTP vs HTTPS
Analyze the various security
mechanisms embedded with
1.b) different protocols.

Identify the vulnerabilities

2. using OWASP ZAP tool
Create simple REST API using
python for following operation
With
3. GET,PUSH,POST,DELETE
Install Burp Suite to do
following
vulnerabilities: Sql
4.a) injection
Install Burp Suite to do
4.a) following vulnerabilities:
cross-site scripting (XSS)

Attack the website using Social

5. Engineering method
Ex.No: 01 Analyze the difference between HTTP vs HTTPS

Date:

Aim:

a) To Analyze the difference between HTTP vs HTTPS

Algorithm:
Step 1: Start
Step 2: Install wireshark
Step 3: Start wireshark
Step 4: Analyze the difference between HTTP vs HTTPS
Step 5: View Server Output
Step 6: Stop

Program:
# Installing wireshark in Ubuntu:
sudo apt install wireshark
sudo usermod -aG wireshark
$USER sudo wireshark

# capture HTTP traffic: sudo tcpdump -i

<interface> -w http_traffic.pcap 'port 80' #
capture HTTP traffic:
sudo tcpdump -i <interface> -w
https_traffic.pcap 'port 443' # open captured files in
wireshark:
wireshark -r http_traffic.pcap
wireshark -r https_traffic.pcap

# Replace <interface> with your network interface.

Output:
5
6
 Result:
Thus, the experiment to analyze the difference between
HTTP vs HTTPS is executed and verified successfully.
Ex.No: 01 Analyze the various security mechanism embedded
with different protocols
Date:

Aim:
7
 b) To Analyze the various security mechanism embedded with
different
protocol
s
Algorithm:
Step 1: Start
Step 2: Start wireshark
Step 3: Analyze the various security mechanism embedded
with different protocol
Step 4: View Server Output
Step 5: Stop

Program:
#captureHTTPStraffic: sudo tcpdump-i <interface> -
w https_traffic.pcap 'port 443'

#capture IPsec traffic:

sudo tcpdump -i <interface> -w ipsec_traffic.pcap 'ip proto 50
or ip proto
51'
#capture SSH traffic:
sudo tcpdump -i <interface> -w ssh_traffic.pcap 'port 22'

#capture WPA/WPA2 traffic:

sudo tcpdump -i <wireless_interface> -w wpa_traffic.pcap
'type mgt
subtype assoc-req or type mgt subtype assoc-resp'

#capture DNSSEC traffic: sudo tcpdump -i

<interface> -w dnssec_traffic.pcap 'port 53'
#capture OAuth traffic:
sudo tcpdump -i <interface> -w oauth_traffic.pcap 'port 443
and (tcp[((tcp[12] & 0xf0) >> 2):1] = 0x16 or tcp[((tcp[12] & 0xf0)
>> 2):1] =
0x80)'
#after capturing packets , analyze them using wireshark:
wireshark -r <filename.pcap>

Replace <filename.pcap> with the name of the captured file.

This opens Wireshark with the specified packet capture file for
detailed analysis.

8
 Output:

Result:
Thus, the experiment to analyze the various security
mechanism embedded with different protocols is executed and
verified successfully.
Ex.No: 02 Identify the Vulnerabilities Using Owasp Zap Tool

Date:

9
Aim:
To Identify the Vulnerabilities Using Owasp Zap Tool

Procedure:
1.Install OWASP ZAP:
□ Download and install OWASP ZAP from the official
website.
2.Configure Browser Proxy
□ Set up your browser to use ZAP as a proxy server
(Default: localhost, Port: 8080).
Experiment Steps:
1. Launch OWASP ZAP:
□ Open the OWASP ZAP tool
2. Start ZAP Proxy:
□ In ZAP, click on the 'Quick
Start' tab. □ Start the ZAP
Proxy.
3. Set Target Application:
□ Go to the "Sites" tab.
□ Enter the URL of the target application.
□ Right-click on the URL and choose "Include in Context" >
"Default Con- text" to add it for scanning.
4. Spider the Application:
□ Go to the "Spider" tab.
□ Right-click on the target URL and select "Spider" to crawl
the application.
□ Let ZAP crawl and map the application structure.

5. Active Scan:
□ Go to the "Attack" tab.
□ Choose "Active Scan."
□ Configure the scan settings (scope,
intensity, etc.). □ Start the active scan on
the target application.

6. Review Scan Results:

□ After the scan completes, go to the "Alerts" tab.
□ View the list of vulnerabilities discovered by ZAP.

10
7. Investigate Vulnerabilities:
□ Click on each vulnerability to get detailed information.
□ Verify and understand the nature and potential impact of
each issue.

8. Prioritize and Document:

□ Prioritize vulnerabilities based on severity and potential
impact.
□ Document the identified vulnerabilities with descriptions,
severity levels, affected URLs, and possible remediation
steps.
9. Report Generation:
□ Go to the "Report" tab.
□ Generate a comprehensive report summarizing the
identified vulnerabili- ties and their details.
□ Choose the appropriate report format (HTML, PDF, etc.).
10. Remediation and Re-scan:
□ Work on fixing or mitigating the identified vulnerabilities.
□ After making changes, perform another scan using ZAP to
verify that the issues have been resolved.
11. Continuous Monitoring:
□ Schedule regular scans using ZAP to continuously monitor
the applica- tion's security posture.
□ Regularly review and update the security measures based
on new findings

11
 Result:
Thus, the experiment to identify vulnerabilities using
OWASP Zap tool is executed and verified successfully.
Ex.No: 03
Create a simple REST API using python to do the GET,
Date: POST, PUT and DELETE operations

12
Aim:
To create a simple REST API using python to do the GET,
POST, PUT and DELETE operations
Algorithm:

Step 1: Start
Step 2: Install Flask
Step 3: Start the Flask App
Step 4: Use Postman to Test Endpoints
Step 5: View Server Output
Step 6: Stop

Program:

from flask import Flask, jsonify,

request app = Flask( name ) #
Sample data data = [
{'id': 1, 'name': 'Item 1'},
{'id': 2, 'name': 'Item 2'},
{'id': 3, 'name': 'Item 3'}
]
# GET request to retrieve all
items @app.route('/items',
methods=['GET']) def
get_items(): return
jsonify({'items': data})
# GET request to retrieve a specific item
by ID @app.route('/items/<int:item_id>',
methods=['GET']) def get_item(item_id):
item = next((item for item in data if item['id'] ==
item_id), None) if item: return jsonify({'item':
item})
else:
return jsonify({'message': 'Item not found'}), 404
# POST request to add a new
item @app.route('/items',
methods=['POST']) def
add_item():

13
 new_item = {'id': len(data) + 1, 'name': request.json['name']}
data.append(new_item)
return jsonify({'item': new_item}), 201
# PUT request to update a specific item
by ID @app.route('/items/<int:item_id>',
methods=['PUT']) def
update_item(item_id):
item = next((item for item in data if item['id'] ==
item_id), None) if item: item['name'] =
request.json['name'] return jsonify({'item': item})
else:
return jsonify({'message': 'Item not found'}), 404
# DELETE request to remove a specific item
by ID @app.route('/items/<int:item_id>',
methods=['DELETE']) def
delete_item(item_id): global data data =
[item for item in data if item['id'] != item_id]
return jsonify({'message': 'Item deleted'}),
200 if name == ' main ':
app.run(debug=True)

Procedure and Output:

Step 1: Install Flask

>>>pip install
flask
Step 2: Start the Flask App
Save the code as app.py and execute
>>>python app.py
Copy the url produced http://127.0.0.1:5000

Step 3: Use Postman to Test

Endpoints 1. GET Request to

Retrieve All Items:

□ Set the request type toGET.

□ Enter the URL: http://127.0.0.1:5000/items
□ Click "Send."

14
2. GET Request to Retrieve a Specific Item by ID:
□ Set the request type toGET .
□ Enter the URL for a specific item ID, for example:
http://127.0.0.1:5000/items/1
□
Click"Send."

3. POST Request to Add a New Item:

15
 □ Set the request type toPOST .
□ Enter the URL: http://127.0.0.1:5000/items
□ Go to the "Body" tab, select "raw" and choose "JSON
(applica- tion/json)".Enter the request body
□ Click "Send."

4. PUT Request to Update an Existing Item:

□ Set the request type toPUT .
□ Enter the URL for a specific item ID, for example:
http://127.0.0.1:5000/items/1

□ Go to the "Body" tab, select "raw" and choose "JSON

(applica- tion/json)".
□ Enter the updated information
□ Click "Send."

16
5. DELETE Request to Remove a Specific Item by ID:
□ Set the request type toDELETE .
□ Enter the URL for a specific item ID, for example:
http://127.0.0.1:5000/items/1
□

Click "Send."

17
Ex.No: 04 Install Burp Suite to do following vulnerabilities:
SQL Injection
Date:

Aim:
a) To Install Burp Suite to do following vulnerabilities:
□ SQL Injection

Procedure:

1.Install Burpsuite and connect the burpsuite proxy in browser

proxy settings.
2.Turn on the intercept and search for the website which needs
to be captured.

3.Send the intercepted request to the intruder and load the

SQL Injection File from the device which is already installed.

18
4.Start the attack in the intruder and search for the requests &
responses in the render screen for SQL Injection.

5.After the attack, some response render shows the username

and password for the webpage.

19
 Result:
Thus the above vulnerability is successfully executed and
verified.
Ex.No: 04 Install Burp Suite to do following vulnerabilities:
Cross-Site Scripting (XSS)
Date:

20
Aim:
b) To Install Burp Suite to do following vulnerabilities:
□ Cross-Site Scripting (XSS)

Procedure:

1.Turn on the intercept and search for the website which needs
to be captured.
2.Add the captured request to the Target scope.

3.Go to Target section and search for the captured request in

the item field and send the target item to the repeater.

21
4.The request in the repeater section will be modified and send
to the Decoder.

22
5.Before sending the response to the browser, Copy the URL
below and paste into a browser that to configured to use
Burp as its proxy.

6.Open the browser to see the modified response. An alert

message is popup while opening the website.

23
Result:
Thus the above vulnerability is successfully executed and
verified.

24
Ex.No: 05
Attach the website using social engineering
Date: method

Aim:

To attach the website using social engineering method

Procedure & Output:

Installation of Social engineering toolkit :
Step 1: Open your Kali Linux Terminal and move to Desktop
>>>cd Desktop

Step 2: As of now you are on a desktop so here you have to

create a new directory named SEToolkit using the following
command.
>>>mkdir SEToolkit

Step 3: Now as you are in the Desktop directory however

you have created a SEToolkit directory so move to SEToolkit
directory using the following command

>>>cd SEToolkit

Step 4: Now you are in SEToolkit directory here you have to

clone SEToolkit from GitHub so you can use it.

>>>git clone https://github.com/trustedsec/social-

engineer-toolkit setoolkit/
Step 5: Social Engineering Toolkit has been downloaded in your
directory now you have to move to the internal directory of the
social engineering toolkit using the following command.

>>>cd setoolkit

Step 6: Congratulations you have finally downloaded the

social engineering toolkit in your directory SEToolkit. Now
it’s time to install requirements using the following
command.
`pip3 install -r requirements.txt

25
Step 7: All the requirements have been downloaded in your
setoolkit. Now it’s time to install the requirements that you
have downloaded
>>>python setup.py

Step 8: Finally all the processes of installation have been

completed now it’s time to run the social engineering toolkit .to
run the SEToolkit type following command.
>>>Setoolkit

Step 9: At this step, setoolkit will ask you (y) or (n). Type y and
your social engineering toolkit will start running.

Step 10: Now your setoolkit has been downloaded into your
system now it’s time to use it .now you have to choose an
option from the following options .here we are choosing
option 2

26
Website Attack Vector

Option: 2

Step 11: Now we are about to set up a phishing page so

here we will choose option 3 that is the credential
harvester attack method. Option: 3

Step 12: Now since we are creating a Phishing page so here we

will choose option 1 that is web templates.

Option: 1

Step 13: Create a google phishing page so choose option 2 for

that then a phishing page will be generated on your localhost.

27
Step 14: Social engineering toolkit is creating a phishing page
of google.

RESULT:
Thus, the experiment to attach the website using social
engineering method is executed and verified successfully.

28