Your SlideShare is downloading. ×
  • Like
0167 ataques avanzados_a_aplicaciones
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

0167 ataques avanzados_a_aplicaciones

  • 651 views
Published

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
651
On SlideShare
0
From Embeds
0
Number of Embeds
2

Actions

Shares
Downloads
8
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Ataques web avanzados Mauro Flores [email_address]
  • 2. Agenda
    • Manipulando Variables de sesión
    • Bypassing OTP
  • 3. Variables de sesión Servidor Cliente Espacio de Sesión: GET /ataques_avanzados/login.php HTTP/1.1
  • 4. Variables de sesión HTTP/1.1 200 OK Set-Cookie: 123456; Servidor Cliente Espacio de Sesión: 123456
  • 5. Variables de sesión POST /ataques_avanzados/login.php HTTP/1.1 (Cookie: 123456 ) Servidor Cliente Espacio de Sesión: 123456 Usuario : admin Privilegio : administrador
  • 6. Variables de sesión POST /ataques_avanzados/login.php HTTP/1.1 (Cookie: 123456 ) Servidor Cliente Espacio de Sesión: 123456 Usuario : Privilegio : administrador admin test
  • 7. Agenda
    • Manipulando Variables de sesión
    • Bypassing OTP
  • 8. Bypassing OTP Servidor Cliente
    • Man in the middle:
    • Cross Site Scripting
    • HTML Injection
    • DNS Poissoning
    • Phishing
    Intruso POST /ataques_avanzados/login.php HTTP/1.1 (OTP: 8815 )
  • 9. Bypassing OTP HTTP/1.1 200 OK Set-Cookie: 123456; Servidor Cliente Intruso HTTP/1.1 200 OK Set-Cookie: 987654;
  • 10. Bypassing OTP Servidor Cliente Intruso POST /ataques_avanzados/trans.php HTTP/1.1 (Cookie: 123456 ) POST /ataques_avanzados/trans.php HTTP/1.1 (Cookie: 123456 ) POST /ataques_avanzados/trans.php HTTP/1.1 (Cookie: 123456 )
  • 11. ¿Preguntas?