17. Protocolo HTTP
GET /index.html HTTP/1.1 Requisicao> GET metodo HTTP, HTTP
URI, 1.1 Versao
Host: www.example.com Valores no cabecalho (nome: valor)
18. Protocolo HTTP
HTTP/1.1 200 OK Resposta> HTTP/1.1 protocolo e versao, 200 status, OK
mensagem
Date: Mon, 23 May 2005 22:38:34 GMT Valores no cabecalho (nome: valor)
Server: Apache/1.3.3.7 (Unix) (Red-Hat/Linux) Last-Modified: Wed, 08 Jan 2003 23:11:55 GMT
ETag: "3f80f-1b6-3e1cb03b" Content-Type: text/html; charset=UTF-8
Content-Length: 131 Accept-Ranges: bytes Connection: close
<html> Corpo da mensagem
<head>
<title>An Example Page</title>
</head>
<body>
Hello World, this is a very simple HTML document.
</body>
</html>
29. Heartbleed
In 2011, one of the RFC's authors, Robin Seggelmann, then a Ph.D. student at
the University of Duisburg-Essen, implemented the Heartbeat Extension for
OpenSSL. Following Seggelmann's request to put the result of his work into
OpenSSL,[19][20][21] his change was reviewed by Stephen N. Henson, one of
OpenSSL's four core developers. Henson apparently failed to notice a bug in
Seggelmann's implementation,[22] and introduced the flawed code into
OpenSSL's source code repository on December 31, 2011. The vulnerable
code was adopted into widespread use with the release of OpenSSL version
1.0.1 on March 14, 2012. Heartbeat support was enabled by default, causing
affected versions to be vulnerable by default.[23][24][25]
30. Heartbleed
In 2011, one of the RFC's authors, Robin Seggelmann, then a Ph.D. student at
the University of Duisburg-Essen, implemented the Heartbeat Extension for
OpenSSL. Following Seggelmann's request to put the result of his work into
OpenSSL,[19][20][21] his change was reviewed by Dr. Stephen N. Henson, one of
OpenSSL's four core developers. Henson apparently failed to notice a bug in
Seggelmann's implementation,[22] and introduced the flawed code into
OpenSSL's source code repository on December 31, 2011. The vulnerable
code was adopted into widespread use with the release of OpenSSL version
1.0.1 on March 14, 2012. Heartbeat support was enabled by default, causing
affected versions to be vulnerable by default.[23][24][25]
36. Look at code examples
http://en.wikipedia.org/wiki/Taint_checking
37. not so live demo
Hacking DVWA
- XSS (ultimos 2 minutos do video)
http://www.youtube.com/watch?v=-H1qjiwQldw
- SQL Injection
http://www.youtube.com/watch?v=7NCpvG7nY
b
38. not so live demo
Hacking DVWA
- remote command execution
http://www.youtube.com/watch?v=6hnCGsS-
V0Y
- Cookie hijacking
http://www.youtube.com/watch?v=qB9c01R3a
QU
39. not so live demo
Hacking DVWA
- CSFR (Cross-Site Request Forgery)
http://www.youtube.com/watch?v=2Y7IywV1YB
Q