Your SlideShare is downloading. ×
0167 ataques avanzados_a_aplicaciones
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

0167 ataques avanzados_a_aplicaciones

664

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
664
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Ataques web avanzados Mauro Flores [email_address]
  • 2. Agenda
    • Manipulando Variables de sesión
    • Bypassing OTP
  • 3. Variables de sesión Servidor Cliente Espacio de Sesión: GET /ataques_avanzados/login.php HTTP/1.1
  • 4. Variables de sesión HTTP/1.1 200 OK Set-Cookie: 123456; Servidor Cliente Espacio de Sesión: 123456
  • 5. Variables de sesión POST /ataques_avanzados/login.php HTTP/1.1 (Cookie: 123456 ) Servidor Cliente Espacio de Sesión: 123456 Usuario : admin Privilegio : administrador
  • 6. Variables de sesión POST /ataques_avanzados/login.php HTTP/1.1 (Cookie: 123456 ) Servidor Cliente Espacio de Sesión: 123456 Usuario : Privilegio : administrador admin test
  • 7. Agenda
    • Manipulando Variables de sesión
    • Bypassing OTP
  • 8. Bypassing OTP Servidor Cliente
    • Man in the middle:
    • Cross Site Scripting
    • HTML Injection
    • DNS Poissoning
    • Phishing
    Intruso POST /ataques_avanzados/login.php HTTP/1.1 (OTP: 8815 )
  • 9. Bypassing OTP HTTP/1.1 200 OK Set-Cookie: 123456; Servidor Cliente Intruso HTTP/1.1 200 OK Set-Cookie: 987654;
  • 10. Bypassing OTP Servidor Cliente Intruso POST /ataques_avanzados/trans.php HTTP/1.1 (Cookie: 123456 ) POST /ataques_avanzados/trans.php HTTP/1.1 (Cookie: 123456 ) POST /ataques_avanzados/trans.php HTTP/1.1 (Cookie: 123456 )
  • 11. ¿Preguntas?

×