Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,460 --> 00:00:07,640 Now before we can use this website there is one more thing that you want to make sure that it's done 2 00:00:07,640 --> 00:00:08,950 properly. 3 00:00:08,990 --> 00:00:12,160 So I'm going to come in here on the input. 4 00:00:12,470 --> 00:00:21,830 I'm going to right click it and I'm going to click on inspect element this will show me the code that's 5 00:00:21,830 --> 00:00:26,280 used basically the same old code that we used to see when we open the text editor. 6 00:00:26,480 --> 00:00:33,020 But when I select the input and click inspect element it'll show me the code that's responsible for 7 00:00:33,020 --> 00:00:35,870 rendering this input. 8 00:00:35,930 --> 00:00:41,180 So right here as you can see I have an input tag and if I go on it it highlights the input that's being 9 00:00:41,180 --> 00:00:43,430 displayed in the web page so that's cool. 10 00:00:43,700 --> 00:00:49,700 And what we need to make sure that it exists and the web page is a forum tag. 11 00:00:49,700 --> 00:00:56,420 So if we want to make sure that these inputs the username the password on the logon button are all wrapped 12 00:00:56,750 --> 00:00:58,570 in a form tag. 13 00:00:58,970 --> 00:01:06,350 So if we look in here to show you the hierarchy of the tags in the page and if you literally just keep 14 00:01:06,350 --> 00:01:08,210 going up you want to see. 15 00:01:08,210 --> 00:01:11,570 You should see something called form in here. 16 00:01:11,660 --> 00:01:15,810 Now as you can see I don't see any of that and that's a problem. 17 00:01:15,830 --> 00:01:22,640 So if you did this if you right click your input and click on inspect element and seen that the inputs 18 00:01:22,700 --> 00:01:28,400 are being wrapped in a form in a form tag then you don't need to do what I'm going to do but I'm only 19 00:01:28,400 --> 00:01:29,720 going to do the next steps. 20 00:01:29,720 --> 00:01:36,890 Now I'm going to manually add the forum tag in my web page because it'll make it so much easier for 21 00:01:36,890 --> 00:01:43,040 us to capture the username and read it using a simple sniffer so. 22 00:01:43,150 --> 00:01:47,200 Well I'm going to do right now is I'm going to write click my index again. 23 00:01:47,390 --> 00:01:53,770 I'm going to open it with Genie like we did before and we can also do the same thing that we just did 24 00:01:53,770 --> 00:01:56,850 just to confirm to see if we have a form or not. 25 00:01:56,980 --> 00:02:00,860 I'm just going to go to the start of the document. 26 00:02:01,220 --> 00:02:07,940 I'm going to go on search find and I'm just going to look for a form toxo open the tag and just type 27 00:02:07,940 --> 00:02:09,490 in form. 28 00:02:09,530 --> 00:02:16,070 Now if I hit enter as you can see it says that there is no such thing called form in the web page therefore 29 00:02:16,310 --> 00:02:17,820 that's a problem for me. 30 00:02:17,840 --> 00:02:20,420 Again if you have a form tag then skip this video. 31 00:02:20,420 --> 00:02:21,650 You don't need to do it. 32 00:02:21,680 --> 00:02:26,690 I'm only going to do it because I don't have a form tag so I'm going to manually added. 33 00:02:26,690 --> 00:02:31,490 So it's very easy for me in the future to sniff the username and password and see it through all the 34 00:02:31,490 --> 00:02:33,850 packets now. 35 00:02:33,940 --> 00:02:40,810 Like I said the forum tag needs to wrap the username and password import and logon button so it needs 36 00:02:40,810 --> 00:02:44,550 to be placed before this import right here. 37 00:02:44,620 --> 00:02:47,900 So to look for the import you are going to look for an input tag. 38 00:02:48,160 --> 00:02:50,740 So I'm just going to put in put in here 39 00:02:54,870 --> 00:02:56,790 and I'm going to zoom in a little bit. 40 00:02:56,900 --> 00:03:00,650 And as you can see we have you can see that we have a username here. 41 00:03:00,650 --> 00:03:02,520 I'm just going to hit enter to bring it down. 42 00:03:02,780 --> 00:03:04,240 So we have the user name. 43 00:03:04,250 --> 00:03:06,190 This is what's been displayed on screen. 44 00:03:06,320 --> 00:03:11,840 And then we have the input which is basically the text box that the people enter their username that's 45 00:03:11,840 --> 00:03:12,580 in here. 46 00:03:13,860 --> 00:03:16,710 Now we also need to look for the password input. 47 00:03:16,710 --> 00:03:22,960 So again I'm just going to click on next to go to find the next input in the in the text. 48 00:03:23,250 --> 00:03:28,200 And as you can see we see the password here so this is literally the password the text that you see 49 00:03:28,200 --> 00:03:29,120 on the page. 50 00:03:29,280 --> 00:03:32,530 And then it's followed by the input tag right here. 51 00:03:34,300 --> 00:03:39,430 Now again this is the text box where users enter their password. 52 00:03:39,580 --> 00:03:43,930 The last thing that we want to look for so we already have the user name we have the password. 53 00:03:43,960 --> 00:03:49,100 The last thing that we want to look for is this button the logon button. 54 00:03:49,310 --> 00:03:54,360 So again I'm going to put my mouse here before the input the password the input going to do. 55 00:03:54,380 --> 00:03:57,060 I'm going to type in here Logan 56 00:04:01,210 --> 00:04:08,410 and again as you can see we have the log in text that stuffs the users are seen here and notice in here 57 00:04:08,680 --> 00:04:10,930 that they're actually not using a log in button. 58 00:04:10,930 --> 00:04:13,070 This is literally just a text. 59 00:04:13,240 --> 00:04:19,450 And if you analyze the hasty mail more you'll see that that they're submitting the form using javascript. 60 00:04:19,600 --> 00:04:22,540 And I'm going to modify that in a minute as well. 61 00:04:22,750 --> 00:04:26,100 So I'm just going to bring this down so it's easier for us to see. 62 00:04:26,520 --> 00:04:29,010 And as you can see this is the log in. 63 00:04:29,170 --> 00:04:30,330 This is the end of it. 64 00:04:30,340 --> 00:04:34,930 Usually when you see forwards slash something means this is the end of that tag. 65 00:04:35,320 --> 00:04:37,810 So this is the end of the in that we see. 66 00:04:37,810 --> 00:04:41,390 This is the luggin of a container that contains the logon. 67 00:04:41,530 --> 00:04:43,550 And this is just more code in here. 68 00:04:43,570 --> 00:04:51,470 So I'm just going to hit a number of new lines just so that we have our code separated so the code that 69 00:04:51,470 --> 00:04:54,380 we're interested in is right here. 70 00:04:54,920 --> 00:05:03,740 And as you can see this consists of the username text the username import the password text the password 71 00:05:03,910 --> 00:05:11,660 input and as you can see at the end we have the logon that the users press to literally log in and submit 72 00:05:11,660 --> 00:05:18,690 the username and password so the whole idea the whole thing the whole reason why I'm doing this. 73 00:05:18,690 --> 00:05:22,310 The inputs in here are not wrapped in a form tag. 74 00:05:22,440 --> 00:05:23,540 And this is what I'm going to do. 75 00:05:23,530 --> 00:05:31,400 So I'm going to manually add for I'm going to specify the method that the data will be sent. 76 00:05:31,630 --> 00:05:36,390 And we're going to send this using POST. 77 00:05:36,450 --> 00:05:41,390 This will make it easy for us to see it in Wireshark or in any sniffer later on. 78 00:05:41,670 --> 00:05:46,870 And the action this is basically the web page that the data should be sent to. 79 00:05:47,100 --> 00:05:52,020 Usually if you're actually programming a web application you want this to be sent to a program that 80 00:05:52,020 --> 00:05:54,940 will analyze the username and password and validate them. 81 00:05:55,140 --> 00:05:57,150 But in my case I don't care where it goes. 82 00:05:57,150 --> 00:06:03,470 All I want is I want this data to be sent over post so I can sniff it using my sniffer. 83 00:06:03,780 --> 00:06:09,150 So I'm literally just going to send it back to the same web page that we're in which is indexed so takes 84 00:06:09,150 --> 00:06:10,080 him out. 85 00:06:10,520 --> 00:06:17,560 So I'm going to put a forward slash index Dode HMO and we're done. 86 00:06:17,820 --> 00:06:22,870 And as you can see now when I close the tag it automatically added this for me. 87 00:06:22,980 --> 00:06:26,910 This is again like I said this is the close of detox. 88 00:06:26,940 --> 00:06:28,560 This is the end of the tag. 89 00:06:28,770 --> 00:06:31,790 That's the way TMI is for every open tag. 90 00:06:31,800 --> 00:06:34,310 It should be closed at the end. 91 00:06:34,620 --> 00:06:40,500 So I'm going to do I'm just going to copy this or cut it and I'm just going to put it after my input 92 00:06:40,500 --> 00:06:42,830 so I have my luggage put in here. 93 00:06:43,050 --> 00:06:45,440 And I'm just going to put that here at the end. 94 00:06:45,720 --> 00:06:50,220 Literally after that so I'm just going to make this prettier. 95 00:06:50,230 --> 00:06:52,490 Put that in here just so that you get the idea. 96 00:06:54,140 --> 00:06:56,160 And I'm just going to go over this again. 97 00:06:56,210 --> 00:07:03,950 So we already had all this code in here and the web page and all I wanted to do is I wanted the data 98 00:07:04,040 --> 00:07:12,830 and put it in the username and password text boxes to be sent over hasty ETP use in post so that I can 99 00:07:12,830 --> 00:07:16,650 sniff it easily and see it easily when I sniff the data. 100 00:07:17,030 --> 00:07:19,050 So I did I added a form here. 101 00:07:19,130 --> 00:07:25,840 I said the method to post and I set the action to be sent to the same web page that we're in right now. 102 00:07:26,390 --> 00:07:30,450 And then at the end we closed the form tag. 103 00:07:30,750 --> 00:07:32,130 Now one more time. 104 00:07:32,130 --> 00:07:38,230 If your web page already had the imports wrapped in form in a form tag then you don't need to do this 105 00:07:38,240 --> 00:07:43,010 I'm only doing this because of the way that my target web page was programmed. 10670