C EH

S e s s i o n

H

Lab

M a n u a l

i j a c k i n g
M o d u le

11
M o d u le 11 - S e s s io n H ija c k in g

H ija c k in g

S e s s io n s

Session hijacking refers to the exploitation ...
M o d u le 11 - S e s s io n H ija c k in g

■

S 7Tools
dem onstrated in
this lab are
available in
D:CEHToolsCEHv8
Module...
M o d u le 11 - S e s s io n H ija c k in g

Lab

S e s s io n
P r o x y

H ija c k in g

U s in g

Z e d

A t t a c k

(Z...
M o d u le 11 - S e s s io n H ija c k in g

c o n n e c tio n s to o c a n b e u s e d to sta y s a fe a n d a d v is e u...
M o d u le 11 - S e s s io n H ija c k in g

2.

1 1 1 W i n d o w s 8 Y irU ia l M a c h i n e , f o l l o w t h e w i z ...
M o d u le 11 - S e s s io n H ija c k in g

O n c e y o u have
c o n f ig u r e d Z A P as y o u r
b r o w s e r 's p r o...
M o d u le 11 - S e s s io n H ija c k in g

‫וי ד‬

O p tio n s

rOptions
u a

A

c enmr.aies

Active 3can
*‫«־‬CSRF TOK&...
M o d u le 11 - S e s s io n H ija c k in g

Untitled Session ‫ ־‬OWASP 7A
P
£ile Cdit View Maiy5e Report Toaa Help
‫ נ‬U
...
M o d u le 11 - S e s s io n H ija c k in g

»‫ ■ ־ ־‬C
»
*
Chrome

Li r^rorr*//chrom
e/settings/
Settings
Ocoy't ihc'H o ...
£ Q

I t s h o u ld b e n o t e d

t h a t d ie r e is m i n im a l
s e c u r it y b u i l t i n t o t h e A P I ,
w h i c...
M o d u le 11 - S e s s io n H ija c k in g

U tiM Sessio ‫ ־‬O ASP 7 P
n rd
n W
A
£de Euit VtaA Anaiyfc* Ropoil Tools H«p...
M o d u le 11 - S e s s io n H ija c k in g

UntitledSessio ‫ ־‬O ASP 7 P
n W
A
£ile Edit Vie* Analyte Report Tools H*p

I...
M o d u le 11 - S e s s io n H ija c k in g

U tiM Sessio ‫ ־‬O ASP 7 P
n rd
n W
A
[ £«e Ejii view

Analyte Ropoil

Tos
ol...
P L E A S E TALK T O Y O U R I N S T R U C T O R IF YOU H A V E Q U E S T I O N S
R E L A T E D T O T H I S LAB.

Q u e s ...
Upcoming SlideShare
Loading in...5
×

Ceh v8 labs module 11 session hijacking

404

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
404
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
110
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Ceh v8 labs module 11 session hijacking

  1. 1. C EH S e s s i o n H Lab M a n u a l i j a c k i n g M o d u le 11
  2. 2. M o d u le 11 - S e s s io n H ija c k in g H ija c k in g S e s s io n s Session hijacking refers to the exploitation o f a valid com puter session, ))herein an a tta c h r takes over a session between two computers. I C O N & K E Y V a lu a b le in f o r m a t io n T e s t y o u r k n o w le d g e H W e b e x e r c is e m W o r k b o o k r e v ie w L a b S c e n a r io S o u rc e : h ttp : / /k r e b s o n s e c u r i t v .c o m / 2 0 1 2 / 1 1 / y a h o o -e m a il-s te a lin g -e x p lo itf e t c h e s - 7 ()(!) A c c o r d i n g t o K r e b s o n S e c u r i t y n e w s a n d i n v e s t i g a t i o n , z e r o - d a v v u l n e r a b i l i t y 111 y a h o o . c o m t h a t le t s a t t a c k e r s h i j a c k Y a h o o ! e m a i l a c c o u n t s a n d r e d i r e c t u s e r s t o m a lic io u s w e b s ite s o tt e r s a fa s c in a tin g g lim p s e in t o th e u n d e r g r o u n d m a r k e t f o r la r g e - s c a l e e x p lo i ts . The e x p lo it, b e in g s o ld fo r S700 by an E g y p tia n hacker on an e x c lu s iv e c y b e r c r i m e f o r u m , t a r g e t s a “ c r o s s - s i t e s c r i p t i n g ” (X S S ) w e a k n e s s i n v a h o o . c o m t h a t le t s a t t a c k e r s s t e a l c o o k i e s f r o m Y a h o o ! w e b m a i l u s e r s . S u c h a f l a w w o u l d le t a tta c k e r s s e n d o r r e a d e m a il f r o m t h e v i c t i m ’s a c c o u n t . 111 a ty p i c a l X S S a t t a c k , a n a t t a c k e r s e n d s a m a l i c i o u s li n k t o a n u n s u s p e c t i n g u s e r ; i f t h e u s e r c lic k s t h e li n k , t h e s c r i p t is e x e c u t e d , a n d c a n a c c e s s c o o k i e s , s e s s i o n t o k e n s , o r o t h e r s e n s i t i v e i n f o r m a t i o n r e t a i n e d b y t h e b r o w s e r a n d u s e d w i t h t h a t s ite . T h e s e s c r ip ts c a n e v e n re w rite th e c o n te n t o f th e H T M L p a g e . K r e b s O n S e c u r ity .c o m a le r te d Y a h o o ! to s a y s i t is r e s p o n d i n g t o th e v u ln e r a b ility , a n d th e c o m p a n y t h e is s u e . R a m s e s M a r t i n e z , d i r e c t o r o f s e c u r i t y a t Y a h o o ! , s a i d t h e c h a l l e n g e n o w is w o r k i n g o u t t h e e x a c t v a h o o . c o m U R L t h a t t r i g g e r s t h e e x p l o i t , w h i c h is d i f f i c u l t t o d i s c e r n f r o m w a t c h i n g t h e v i d e o . T h e s e t y p e s o t v u l n e r a b i l i t i e s a r e a g o o d r e m i n d e r t o b e e s p e c i a ll y c a u t i o u s a b o u t c li c k in g li n k s 1 1 1 e m a i ls f r o m s t r a n g e r s o r 1 11 m e s s a g e s t h a t y o u w e r e n o t e x p e c tin g . B e in g a n d a d m in is tr a to r y o u s h o u ld im p le m e n t s e c u r ity m e a s u r e s a t A p p lic a tio n le v e l and N e tw o rk le v e l to p ro te c t y o u r n e tw o rk fro m s e s s io n h ij a c k in g . N e t w o r k l e v e l h ij a c k s is p r e v e n t e d b y p a c k e t e n c r y p t i o n w h i c h c a n b e o b t a i n e d b y u s i n g p r o t o c o l s s u c h a s I P S E C , S S L , S S H , e tc . I P S E C a ll o w s e n c r y p t i o n o f p a c k e ts o n s h a r e d k e y b e tw e e n th e tw o s y s te m s in v o lv e d 111 c o m m u n ic a tio n . A p p l i c a t i o n - l e v e l s e c u r i t y is o b t a i n e d b y u s i n g s t r o n g s e s s i o n I D . S S L a n d S S H a ls o p ro v id e s s tro n g e n c ry p tio n u sin g SSL c e rtif ic a te s to p re v e n t s e s s io n h ij a c k in g . L a b O b j e c t iv e s T h e o b j e c t i v e o f th i s l a b is t o h e l p s u i d e n t s l e a r n s e s s i o n h i j a c k i n g a n d t a k e n e c e s s a r y a c t i o n s t o d e f e n d a g a i n s t s e s s i o n h ij a c k in g . 1 1 1 th i s l a b , y o u w ill: ■ C E H La b M anual Page 716 I n t e r c e p t a n d m o d i tv w e b t r a f f i c E th ic a l H ack in g and Countem ieasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
  3. 3. M o d u le 11 - S e s s io n H ija c k in g ■ S 7Tools dem onstrated in this lab are available in D:CEHToolsCEHv8 Module 11 Session Hijacking S i m u l a t e a T r o j a n , w h i c h m o d i f i e s a w o r k s t a t i o n 's p r o x y s e r v e r s e t t i n g s L a b E n v ir o n m e n t T o c a r r y o u t tin s , v o u n e e d : ■ A c o m p u t e r m i m i n g W indows Server 2012 as host m achine ■ T liis la b w ill m n o n W indows 8 v ir tu a l m a c h i n e ■ W e b b r o w s e r w ith I n te r n e t acc e ss ■ A d m in i s t r a ti v e p riv ile g e s t o c o n f i g u r e s e ttin g s a n d m n to o l s L a b D u r a t io n T im e : 2 0 M i n u te s O v e r v ie w o f S e s s io n H ija c k in g m . TASK 1 O verview S e s s io n h ija c k in g r e f e r s t o th e exploitation o f a v a lid c o m p u t e r s e s s io n w h e r e a n a tt a c k e r takes over a s e s s io n b e t w e e n t w o c o m p u t e r s . T h e a tt a c k e r steals a v a lid s e s s io n I D , w h i c h is u s e d t o g e t i n t o th e s y s te m a n d sniff th e d a ta . 111 TC P session lu ja c k in g , a n a tt a c k e r ta k e s o v e r a T C P s e s s io n b e t w e e n tw o m a c h i n e s . S in c e m o s t authentications o c c u r o n ly a t t h e s t a r t o f a T C P s e s s io n , th is a llo w s t h e a tt a c k e r t o gain access t o a 1 1 1 a c lim e . Lab T asks P ic k a n o r g a n i z a ti o n d i a t y o u fe e l is w o r t h y o f y o u r a tt e n ti o n . T in s c o u l d b e a n e d u c a t io n a l in s ti tu t io n , a c o m m e r c i a l c o m p a n y , o r p e r h a p s a n o n p r o t i t c h a n ty . R e c o m m e n d e d la b s t o a s s is t y o u 111 s e s s io n lu ja c k m g : ‫י‬ S e s s io n lu ja c k in g u s i n g Z A P L a b A n a ly s is A n a ly z e a n d d o c u m e n t d ie r e s u lts r e l a te d t o th e la b e x e rc is e . G iv e y o u r o p i n i o n o n y o u r ta r g e t’s s e c u r ity p o s m r e a n d e x p o s u r e . P L E A S E T A L K T O Y O U R I N S T R U C T O R R E L A T E D C E H La b M anual Page 717 T O T H I S I F Y O U H A V E Q U E S T I O N S L A B . E th ic a l H ack in g and Counterm easures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
  4. 4. M o d u le 11 - S e s s io n H ija c k in g Lab S e s s io n P r o x y H ija c k in g U s in g Z e d A t t a c k (Z A P ) The O W A S P Z ed A tta c k P roxy (Z A P ) is an easy-to-use integratedpenetration testing toolfo r fin d in g vulnerabilities in n ‫׳‬eb applications. 1 C < N O K E Y (7 ~ / V a l u a b l e in fo r m a tio n L a b S c e n a r io A tta c k e rs a re c o n tin u o u s ly w a tc h in g f o r w e b s ite s to h a c k a n d d e v e lo p e rs m u s t b e p r e p a r e d to c o u n te r - a t ta c k m a lic io u s h a c k e r s b y w r itin g s tr o n g s e c u r e c o d e s . 5 Test yo ur A c o m m o n f o r m o f a t t a c k is s e s s i o n h i j a c k i n g , i.e ., a c c e s s i n g a w e b s i t e u s i n g k n o w le d g e y s o m e o n e e l s e ’s s e s s i o n I D . A s e s s i o n I D m i g h t c o n t a i n c r e d i t c a r d d e ta i ls , = W e b e x e r c is e m W o r k b o o k r e v ie w p a s s w o r d s , a n d o th e r s e n s itiv e i n f o r m a t io n th a t c a n b e m is u s e d b y a h a c k e r. S e s s io n h ija c k in g a tta c k s a re p e r f o r m e d e ith e r b y s e s s io n I D g u e s s in g 0 1‫ ־‬b y s to le n s e s s io n I D c o o k ie s . S e s s io n I D g u e s s in g in v o lv e s g a th e r in g a s a m p le o f s e s s i o n I D s a n d “ g u e s s i n g ” a v a l i d s e s s i o n I D a s s i g n e d t o s o m e o n e e ls e . I t is a lw a y s r e c o m m e n d e d n o t t o r e p l a c e A S P . N E T s e s s i o n I D s w i t h I D s o f y o u r o w n , a s t h i s w ill p r e v e n t s e s s i o n I D g u e s s in g . S t o l e n s e s s i o n I D c o o k i e s s e s s i o n h ija c k in g a tta c k c a n b e p r e v e n t b y u s in g S S L ; h o w e v e r, u s in g c ro s s -s ite s c r ip tin g a tta c k s a n d o th e r m e t h o d s , a tta c k e r s c a n s te a l th e s e s s io n I D c o o k ie s . I f a n a t t a c k e r g e t s a h o l d o f a v a li d s e s s i o n I D , t h e n A S P . N E T c o n n e c t s t o t h e c o r r e s p o n d in g s e s s io n w ith 110 f u r th e r a u th e n tic a tio n . T h e r e a r e m a n y t o o l s e a s ily a v a il a b le n o w t h a t a t t a c k e r s u s e t o h a c k i n t o w e b s i t e s 0 1 ‫ ־‬u s e r d e ta i ls . O n e o f t h e t o o l s is F i r e s h e e p , w h i c h is a n a d d - 0 1 1 f o r F i r e f o x . W h i l e y o u a r e c o n n e c t e d t o a n u n s e c u r e w i r e l e s s n e t w o r k , ti n s F i r e f o x a d d - 0 1 1 c a n s n i f f t h e n e t w o r k tr a f f i c a n d c a p t u r e a ll y o u r i n f o r m a t i o n a n d p r o v i d e i t to t h e h a c k e r 111 t h e s a m e n e t w o r k . T h e a t t a c k e r c a n n o w u s e tin s in f o r m a tio n a n d lo g in as y o u . A s a n e t h i c a l h a c k e r , p e n e tr a tio n te s te r, 0 1 s e c u r i t y a d m i n is tr a t o r , y o u s h o u ld b e fa m ilia r w ith n e tw o r k a n d w e b a u th e n tic a tio n m e c h a n is m s . I n y o u r ro le o f w e b s e c u r ity a d m in is tr a to r , y o u n e e d to te s t w e b s e r v e r tr a ffic f o r w e a k s e s s i o n ID s , i n s e c u r e h a n d l i n g , i d e n t i t y t h e f t , a n d i n f o r m a t i o n l o s s . A lw a y s e n s u r e t h a t y o u h a v e a n e n c r y p t e d c o n n e c t i o n u s i n g h t t p s w h i c h w ill m a k e t h e s n iffin g o f n e tw o r k p a c k e ts d if f ic u lt f o r a n a tta c k e r. A lte r n a tiv e ly , Y P N C E H La b M anual Page 718 E th ic a l H ack in g and Countem ieasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
  5. 5. M o d u le 11 - S e s s io n H ija c k in g c o n n e c tio n s to o c a n b e u s e d to sta y s a fe a n d a d v is e u s e r s to lo g o f f o n c e th e y a r e d o n e w i t h t h e i r w o r k . 111 t i n s la b y o u w ill l e a r n t o u s e Z A P p r o x y t o i n t e r c e p t p r o x i e s , s c a n n i n g , e tc . L a b O b j e c t iv e s T h e o b j e c t i v e o f ti n s l a b is t o h e l p s t u d e n t s l e a r n s e s s i o n l n j a c k n i g a n d h o w t o t a k e n e c e s s a r y a c t i o n s t o d e f e n d a g a i n s t s e s s i o n l n j a c k n ig . 1 1 1 t i n s l a b , y o u w ill: ■ ■ Tools dem onstrated in this lab are available in D:CEHToolsCEHv8 Module 11 Session Hijacking I n t e r c e p t a n d m o d i f y w e b tr a f f i c S i m u l a t e a T r o j a n , w h i c h m o d i f i e s a w o r k s t a t i o n 's p r o x y s e r v e r s e t ti n g s L a b E n v ir o n m e n t T o c a n y o u t th e la b , y o u n e e d : ■ P a r o s P r o x y l o c a t e d a t D :C E H -T o o lsC E H v 8 M o d u l e 1 1 S e s s i o n H i j a c k i n g S e s s i o n H ij a c k i n g T o o l s Z a p r o x y ■ Y o u c a n a ls o d o w n l o a d t h e l a t e s t v e r s i o n o f Z A P f r o m t h e li n k h ttp : / / c o d e .g o o g le .c o m /p /z a p r o x y /d o w n lo a d s /lis t ■ I f y o u d e c id e to d o w n lo a d th e l a t e s t v e r s io n , th e n s c r e e n s h o ts s h o w n 111 t h e la b m i g h t d if f e r ■ A s y s te m w i t h r u n n i n g W i n d o w s S e r v e r 2 0 1 2 H o s t M a c l n n e ‫י‬ R u n tin s t o o l m W i n d o w s 8 Y n t u a l M a c h i n e ‫י‬ A w e b b ro w s e r w ith I n te r n e t access ‫י‬ A d m in i s t r a ti v e p riv ile g e s t o c o n f i g u r e s e ttin g s a n d m n to o l s ‫י‬ E n s u r e t h a t J a v a R u n T im e E n v i r o n m e n t ( J R E ) 7 ( o r a b o v e ) is n is ta lle d . I f n o t , g o t o h t t p : / / i a v a . s u n . c o m / i 2 s e t o d o w n l o a d a n d n is ta ll it. L a b D u r a t io n T n n e : 2 0 M i n u te s O v e r v ie w o f Z e d A t t a c k P r o x y ( Z A P ) Z e d A t t a c k P r o x y ( Z A P ) is d e s i g n e d t o b e u s e d b y p e o p l e w i t h a w id e r a n g e o f s e c u r ity e x p e r i e n c e a n d a s s u c h is id e a l f o r d e v e lo p e r s a n d f u n c t i o n a l te s te r s w h o a re n e w t o p e n e t r a t i o n te s ti n g a s w e ll a s b e n ig a u s e f u l a d d it io n t o a n e x p e n e n c e d p e n t e s t e r ’s t o o l b o x . I t s f e a t u r e s m c l u d e m t e r c e p t n i g p r o x y , a u t o m a t e d s c a n n e r , p a s s iv e s c a n n e r , a n d s p id e r. Lab T asks m . TASK 1 1. L o g 111 t o y o u r W i n d o w s 8 Y ir t u a l M a c h in e . Setting-up ZAP C E H La b M anual Page 719 E th ic a l H ack in g and Counterm easures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
  6. 6. M o d u le 11 - S e s s io n H ija c k in g 2. 1 1 1 W i n d o w s 8 Y irU ia l M a c h i n e , f o l l o w t h e w i z a r d - d r i v e n i n s t a l l a t i o n s te p s to in s ta ll Z A P . 3. T o la u n c h Z A P a fte r in s ta lla tio n , m o v e y o u r m o u s e c u r s o r to th e lo w e rl e f t c o r n e r o f y o u r d e s k t o p a n d c li c k S t a r t . £ 7 Y o u c a n a ls o d o w n lo a d Z A P h t t p : / / c o d e . g o o g le . c o m / p / z a p r o s y / d o w n lo a d s / lis t F I G U R E 2 .1 : P a r o s p r o s y m a in w i n d o w !2 2 C li c k Z A P 1 .4 .1 1 1 1 t h e S t a r t m e n u a p p s . A t it s h e a r t Z A P S i n a n in t e r c e p t in g p r o s y . Y o u n e e d t o c o n f ig u r e y o u r b r o w s e r t o c o n n e c t t o d ie A d m in i-P C £ w e b a p p lic a t io n y o u w is h t o te s t th r o u g h Z A P . I f r e q u ir e d y o u c a n a ls o c o n f ig u r e Z A P t o c o n n e c t th r o u g h a n o th e r p r o s y t h is is o f t e n n e c e s s a r y i n a c o r p o r a t e e n v ir o n m e n t . ZAP 1.4.1 m 4S S iftt kyO Mozilla Firefox * ‫י‬ jr © Microsoft Excel 2010 S tlim w ‫־ ־׳ ־‬ Safari ‫| ן‬ Microsoft PowerPoint 2010 Microsoft Publisher 2010 (2 I f y o u k n o w h o w to F I G U R E 2 .2 : P a r o s p r o s y m a in w i n d o w s e t u p p r o s ie s i n y o u r w e b b ro w s e r th e n g o ahead a nd g iv e i t a g o ! 5. s c re e n s h o t. I f y o u a re u n s u r e t h e n h a v e a l o o k a t t h e C o n f ig u r in g p r o s ie s s e c tio n . C E H La b M anual Page 720 T h e m a in in te r f a c e o f Z A P a p p e a r s , as s h o w n 111 th e fo llo w in g 6. I t w ill p r o m p t y o u w i t h S S L R o o t C A c e r t i f i c a t e . C li c k G e n e r a t e to c o n tin u e . E th ic a l H ack in g and Countenneasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
  7. 7. M o d u le 11 - S e s s io n H ija c k in g O n c e y o u have c o n f ig u r e d Z A P as y o u r b r o w s e r 's p r o x y t h e n t r y t o c o n n e c t t o d ie w e b a p p lic a t io n y o u w i l l b e t e s t in g . I f y o u c a n n o t c o n n e c t to it th e n c h e c k y o u r p r o s y s e ttin g s a g a in . Y o u w ill n e e d to c h e c k y o u r b r o w s e r 's p r o x y s e tt in g s , a n d a ls o Z A P 's p r o x y s e ttin g s . ‫ט‬ • . . a t t e m p t s t o f i n d p o t e n t ia l ‘ F I G U R E 2.3 : P a ro s p r o x y m a in w in d o w Active scanning r y v l e a i i i s by using unrblte ^ O p t i o n s w i n d o w , s e l e c t D y n a m i c S S L c e r t i f i c a t e s t h e n c lic k r ‫י‬ G e n e r a t e t o g e n e r a t e a c e r t i f i c a t e . T h e n c li c k S a v e . k n o w n a tta c k s a g a in s t t h e s e le c te d ta r g e ts . ‫־‬D I Options A c t i v e s c a n n in g is a n a tt a c k ' Options Active Scan Arti c s r f T0K3ns o n th o s e ta r g e ts . Y o u s h o u ld N O T u s e i t o n w e b cem n c aie s Root CA certificate API Applicators Authertc330n a p p lic a t io n s t h a t y o u d o n o t ow n. Ernie Force certncate Check Fee l!p<iates I t s h o u ld b e n o t e d t h a t Connection a c tiv e s c a n n in g c a n o n ly Dat3D3se D i P p< i5ay a_____ f i n d c e r t a in ty p e s o f v u ln e r a b ilit ie s . L o g ic a l Er code t)e ccde Extensions Fuzier Language Local prar Passive Scar Pon Scan Session Tokors v u ln e r a b ilit ie s , s u c h as b r o k e n a c c e s s c o n t r o l, w i l l ‫ך‬ n o t b e f o u n d b y a n y a c tiv e o r a u t o m a te d v u ln e r a b ilit y s c a n n in g . M a n u a l Sp er id p e n e t r a t io n t e s t in g s h o u ld a lw a y s b e p e r f o r m e d i n a d d it io n t o a c tiv e s c a n n in g t o f i n d a ll ty p e s o f v u ln e r a b ilit ie s . (_ 1 2!L F I G U R E 2 .4 : P a r o s p r o x y m a in w i n d o w 8. S a v e th e c e rtif ic a te 111 th e d e f a u lt lo c a tio n o f Z A P . I f th e c e rtif ic a te a l r e a d y e x is ts , r e p l a c e i t w i t h t h e n e w o n e . C E H La b M anual Page 721 E th ic a l H ack in g and Counterm easures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
  8. 8. M o d u le 11 - S e s s io n H ija c k in g ‫וי ד‬ O p tio n s rOptions u a A c enmr.aies Active 3can *‫«־‬CSRF TOK&aS 1 API Actficaions RoolCAcaitncate ■p■ Generate j Anvag,__ ^t can r 11 a le r t is a p o t e n t ia l MI 103:CCAsaaAwIBAal:JMz •♦ur JK02 .hv cly H 9 0 NTp CBHh ;«U Jv H j-Jn v C I|r lc XV 0 FlZ 3 d a V c H » V 9 d B O Z H < C u t» M0 X t'K < (w T *a:!‘ D 3 :0 O T 7 M a C ^ C 3 N l . ‫ן‬ v u ln e r a b ilit y a n d is tit II a 1, a inn! t 1 > a s s o c ia te d w i t h a s p e c if ic Look m: I B A d r tn iP C r e q u e s t. A r e q u e s t c a n h a v e m o r e t h a n o n e a le r t. IB Contacts □ e s to p I B Music IB Downloads IB Videos IB Favorites jy u ic s I B OV/ASP ZAP IB Saved Games MPictures 1 ^ Documents Pie Name‫־‬ Flos DfTypo |Q | owasp_zap_root_ca.cer 1 IB S e a r s e s |owasp_zap_roct_ca cer | A IFios_______________ . "‫1־‬ew ‫ן‬ . 3dre F I G U R E 2 .5 : P a r o s p r o x y m a in w i n d o w 9. C li c k O K i n t h e O p t i o n s w i n d o w . Q ‫ ־‬J A n t i C S R F t o k e n s a re (p s e u d o ) ra n d o m p a ra m e te rs u s e d t o p r o te c t a g a in s t C r o s s S ite R e q u e s t F o r g e r y ( C S R F ) a tta c k s . H o w e v e r t h e y a ls o m a k e a p e n e t r a t io n te s te r s jo b h a r d e r , e s p e c ia lly i f t h e t o k e n s a re r e g e n e r a te d e v e r y t im e a f o r m is re q u e s te d . 1 0 . Y o u r P a r o s p r o x y s e r v e r is n o w r e a d y t o i n t e r c e p t r e q u e s t s . C E H La b M anual Page 722 E th ic a l H ack in g and Countenneasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Strictly Prohibited.
  9. 9. M o d u le 11 - S e s s io n H ija c k in g Untitled Session ‫ ־‬OWASP 7A P £ile Cdit View Maiy5e Report Toaa Help ‫ נ‬U ] id ,‫ ־‬sji D 0 V © «‫» ־‬ s « Q_ »§_ ► 0 | KsquMI | Nespcrs*v= JBrea* . j H 3« •t ▼ B d : I•t _▼ l ‫־‬l i ©c r x J o y x ) T ActvoScan $ f SpidorS^; Brute Force ^ ) Port Scan : } Fuzzsri,^ ] PararrtSLj [ A9t J:3 B a P in v-i re k o ts 3utput Filter.CFF Aieits ^ 0 k-0 . 0 ao m current scans ft 0_ 0 0 Z A P d e te c ts a n t i C S R F t o k e n s p u r e ly b y F I G U R E 2 .7 : P a r o s p r o x y m a in w i n d o w a t t r i b u t e n a m e s - t h e l is t o f a t t r i b u t e n a m e s c o n s id e r e d 1 1 . L a u n c h a n y w e b b r o w s e r , 1 11 t h i s k b w e a r e u s i n g t h e C h r o m e b r o w s e r . t o b e a n t i C S R F t o k e n s is c o n f ig u r e d u s in g t h e O p t io n s A n t i C S R F s c re e n . W h e n Z A P d e t e c ts th e s e 12. Y o u r V M w o rk s ta tio n s h o u ld h a v e C h ro m e v e r s io n 2 2 .0 o r la t e r in s ta l le d . t o k e n s i t r e c o r d s d ie t o k e n v a lu e a n d w h i c h U R L g e n e r a te d t h e t o k e n . 1 3 . C h a n g e t h e P r o x y S e r v e r s e t t i n g s 1 1 1 C h r o m e , b y c li c k in g t h e C u s t o m i z e a n d c o n t r o l G o o g l e C h r o m e b u t t o n , a n d t h e n c lic k S e ttin g s . Tab M C ‫י‬ Foi q k c c ; p ycur bsotrnarfa hr* an Sie t n t r o t i bs‫׳‬ uick lace N tab ew N vw d w ew o o N in n w o r*■ ccg iro ind w Bocfcm iria EM C C ut op, P»ae - ‫- .להגו‬ Q S«vt p « »9 Fd in ... Td os r«T | S nint« C n**.. ig hio 0‫ •>0זי‬W«b S:c‫#׳‬ ‫יי‬ F I G U R E 2.8 : I E I n t e r n e t O p t io n s w in d o w 1 4 . O n t h e G o o g l e C h r o m e S e t t i n g s p a g e , c li c k t h e S h o w a d v a n c e d s e t t i n g s . . . l i n k b o t t o m o f t h e p a g e , a n d t h e n c lic k t h e C h a n g e p r o x y L U s i Z A P p r o v id e s a n s e t t i n g s ... b u tto n . A p p l i c a t i o n P r o g r a m m in g In te rfa c e ( A P I) w h ic h a llo w s y o u t o in t e r a c t w i t h Z A P p r o g r a m m a t ic a lly . T h e A P I is a v a ila b le i n JS O N , H T M L and X M L fo r m a ts . T h e A P I d o c u m e n t a t io n is a v a ila b le v ia t h e U R L h t t p : / / z a p / w h e n y o u a re p r o x y in g v ia ZAP. C E H La b M anual Page 723 E th ic a l H ack in g and Countenneasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
  10. 10. M o d u le 11 - S e s s io n H ija c k in g »‫ ■ ־ ־‬C » * Chrome Li r^rorr*//chrom e/settings/ Settings Ocoy't ihc'H o 1&ngj cuf tcnpvtar't 1, 111‫ !״‬prw 1« !‫״‬ji tocenntct(0tht nctw i y M o I Ch»»91 p>**y 1«1‫» י‬ | LtnguigK C t * • CN0(*«►Tjk; Md to t*> ‫־‬Unguises *v*«0 x • Mx • p 5 l»9< ‫׳‬u»9««td ifx - t1 <<*dings... a< « k ( « Cfltris t»*n a»cr»IKx irm'l in1 L n u g I re d / *i*te agae a D lc*dk-n& C 1 e1’.A rT 1 Eo n fe svm ott '.C r d w w lc«< [I *•4 n t10 »^ C ang h e.. «K fifcMc‫׳‬i d l< ) » c*‫ ״‬w1"9 < HTTPVSSL M«^e(0t1Aul6_ Chedtforseva certrfieaterrw cjb n o o Google Ooud Pnnt G og C u Mrs las you seeettth« e » p jte 5p te fromanyv.h C toe a o le lo d e n « r rin rs ere lick n b B30tg‫־‬ w,‫־‬d apes • Co‫ ׳ ׳‬v* v « 9 t v91- -‫׳‬Jt i .* ‫־‬ i >‫־‬ * ‫ ״‬j‫ ־‬f - f«n0ocgl«Ch1cn c Hide *‫,?*ז$ » י * ג‬ . ‫׳*ז* נ > ׳‬ F I G U R E 2 .9 : P a r o s p r o x y m a in w i n d o w 1 5 . 111 I n t e r n e t P r o p e r t i e s w i z a r d , c lic k C o n n e c t i o n s a n d c li c k L A N S e ttin g s . Internet Properties General Security Privacy Content |"Connections [ Prpgram *dvanced e Toset up an Interne: connection, dek Setup. Setup Dial-up and Virtual Private Network settings Settirg c % Never da a ccmeoon C) O a whenever a networkc n ection i notpresent ii on s 4‫־‬Always dal my defait c n ection ' cn Cure‫*־‬ None Set d f u t eal Local Area Network (LAN) settings LAS Settrtgsdo not apoly to dialup connections. Choose Settngs aoove for dal ■psettngs. u | LAN settings | F I G U R E 2 .1 0 : I E I n t e r n e t O p t io n s w in d o w w i t h C o n n e c tio n s ta b 1 6 . C h e c k U s e a p r o x y s e r v e r f o r y o u r L A N , ty p e 1 2 7 . 0 . 0 1 1 1 1 t h e A d d r e s s , e n t e r 8 0 8 0 1 1 1 t h e P o r t ti e ld , a n d c li c k O K . Q =a! C li c k O K s e v e r a l t im e s u n t i l a ll c o n f ig u r a t io n d ia l o g b o x e s a re c lo s e d . C E H La b M anual Page 724 E th ic a l H ack in g and Countem ieasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Strictly Prohibited.
  11. 11. £ Q I t s h o u ld b e n o t e d t h a t d ie r e is m i n im a l s e c u r it y b u i l t i n t o t h e A P I , w h i c h is w h y i t is d is a b le d M o d u le 11 - S e s s io n H ija c k in g b y d e f a u lt . I f e n a b le d t h e n t h e A P I is a v a ila b le t o a ll m a c h in e s t h a t a re a b le t o u s e Z A P as a p r o x y . B y Local Area Network (LAN) Settings d e f a u lt Z A P lis t e n s o n l y o n 'lo c a lh o s t ' a n d s o c a n o n ly Automatic configuration b e u s e d fr o m th e h o s t Automatic configuration may override manual settings. To ensure the use of manual settings, disable automatic configuration. m a c h in e . T h e A P I p r o v id e s a c ce ss t o @ Automaticaly detect settings t h e c o r e Z A P fe a tu r e s s u c h □ Use automatic configuration script as d ie a c tiv e s c a n n e r a n d Ades drs s p id e r . F u t u r e v e r s io n s o f Z A P w i l l in c re a s e t h e Proxy server f u n c t i o n a l i t y a v a ila b le v ia raLlse a proxy server for your LAN (These settings w not apply to ill LJdial-up or VPN connections). th e A P i. Address: 127.0.0.1 Port: | 8080| | Advanced Bypass proxy server for local addresses Cancel F I G U R E 2 1 1 : I E I n t e r n e t O p t io n s W i n d o w w i d i P r o x y S e ttin g s W i n d o w 1 7 . C li c k S e t b r e a k o n a l l r e q u e s t s a n d S e t b r e a k o n a l l r e s p o n s e s t o o TASK 2 H ij a c k i n g V i c t i m ’s S e s s io n t r a p a ll t h e r e q u e s t s a n d r e s p o n s e s f r o m t h e b r o w s e r . 5------------- Untitled S m sioo - OWASP 7AP £ 11• EJlt V l r AJUlyb• R»po!l T0 Jt* H*p 'f* pybiifci g o / ► e ~ J Sites(*‫ ׳‬j ________________ Request-^ ] Response*- [ Break X ] m Z A P a llo w s y o u t o t r y _ Sites [Header Icxi * jtoay: Text ▼ j PI t o b r u t e f o r c e d ir e c t o r ie s a n d file s . A s e t o f f ile s a re p r o v id e d w h i c h c o n t a in a la rg e n u m b e r o f f ile a n d d ir e c t o r y n a m e s . A tive Scan A c Spdet | Brute Force v~ ‫^ז‬ ‫ד‬ j F rre W u r . Param sLJ Current Scans £ 0 • * 0 0 ‫״‬ m A b r e a k p o i n t a llo w s F I G U R E 2 .1 2 : P a r o s p r o x y m a in w i n d o w y o u t o in t e r c e p t a r e q u e s t f r o m y o u ! b ro w s e r a n d to c h a n g e i t b e f o r e is is 18. N o w n a v ig a te to a c h r o m e b r o w s e r , a n d o p e n w w w .b in g .c o m . s u b m it t e d t o d ie w e b a p p lic a t io n y o u a re te s t in g . 19. S ta r t a s e a r c h f o r “ C a r s .” Y o u c a n a ls o c h a n g e t h e re s p o n s e s r e c e iv e d f r o m 2 0 . O p e n Z A P , w h i c h s h o w s f i r s t t r a p p e d i n c o m i n g w e b tr a f f i c . t h e a p p lic a t io n T h e r e q u e s t o r re s p o n s e w i l l b e 2 1 . O b s e r v e th e firs t fe w lin e s o f th e t r a p p e d tr a ffic 111 th e t r a p w in d o w s , d is p la y e d i n t h e B r e a k ta b w h i c h a llo w s y o u t o c h a n g e d is a b le d o r h id d e n f ie ld s , a n d k e e p c li c k in g S u b m i t a n d s t e p t o n e x t r e q u e s t o r r e s p o n s e u n t i l y o u s e e c a r s 111 t h e G E T r e q u e s t 111 t h e B r e a k ta b , a s s h o w n 111 t h e a n d w i l l a llo w y o u t o b y p a s s c lie n t s id e v a lid a t io n fo llo w in g s c r e e n s h o t. ( o f t e n e n f o r c e d u s in g ja v a s c r ip t) . I t is a n e s s e n tia l p e n e t r a t io n t e s t in g t e c h n iq u e . C E H La b M anual Page 725 E th ic a l H ack in g and Counterm easures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
  12. 12. M o d u le 11 - S e s s io n H ija c k in g U tiM Sessio ‫ ־‬O ASP 7 P n rd n W A £de Euit VtaA Anaiyfc* Ropoil Tools H«p to k i ‫ ו־ו‬u i v ‫ כי‬Q | Sites* ‫ן‬ m F ilt e r s a d d e x tr a CP 4-‫© >| >£ ׳‬ Request-v | Response‫ ־*־‬Break >41 F Giles ® (3 ‫ א‬r«1 *w a n g con p/‫־‬ fe a t u r e s t h a t c a n b e a p p lie d Metr.03 Heoaer: re*1 * j uoav:‫ו‬e t x ▼J hctp://wvw.blng.com/*»arch?q=5»Kgos&qa-nfcrcim =0BlJUfllt-alltpg^c4^).*e^0-0 43p‫:- ־‬sak- HTTP/1.1 Hose: wvw.Mng.cox Proxy-Connection: keep-alive U3er A;er.‫ : ־‬Mozilla/S.G !Windows NT 6.2; KOW AcpleWecKit/S37.4 (KHTHL, 64) . .lire secJc:. cnrone/22.0.1229.94 saran/537.4 Accept: te x t /h e r! , appl i cation/xhtml■*•xml f appl ic a tio n / xml; q-0.9, * / * ; q- 0 . 8 Rererer: http://vw v.b1ng. con/ Accept-Encoding: 3tier. Irrrr.T-:j-.rsr.;/cv - rn -"^ rn-n-H P ,______ ___________________________________ I t o e v e ry re q u e s t a n d re s p o n s e . B y d e f a u lt n o f ilt e r s a re in i t i a l l y e n a b le d . E n a b lin g a ll o f t h e f ilt e r s m a y s lo w d o w n d ie p r o x y . F u t u r e v e r s io n s o f d ie Z A P U s e r G u id e w il l d o c u m e n t Sidw p ffi t h e d e f a u lt f ilt e r s i n d e ta il. Al&its f t Searcn * » »c 1 ‫׳ 1 0 י‬ 1m 1 Current Scans £ 0 # 1 »-0 0 F I G U R E 2 .6 : P a ro s P r o x y w i t h T r a p o p t io n c o n te n t 2 2 . N o w c h a n g e th e q u e ry te x t f r o m C a r s to C a k e s in th e G E T re q u e s t. llntiWea Session -OWASP 7AP £4e Ealt V Analyk• Ropoit Toole H«p I«* J S sI* |_ ite , f t R Sites .‫ :־‬mtp/'A^.otngcom Q Request-v | Response^ [ Break M etioO I * j [Header. Ted )■] |Body Tot G ET hctp:// w » . ting.com/ search ?q=fcake3^go=tq3=n* rorm=QBI.Htf 1lc-al l*pq^Calcesfrsc-0 -:43p—l&ak- HTTP/1.1 L y = i F u z z in g is c o n f ig u r e d Hose: vw.Di n g , cox Proxy-Coonection: lreep-alive Uaer-Asenz: Mozilla/S.O !Windows NT 6.2; KCW 64) AcpleWeCK1537.4/ ‫( ־‬KHTML, l i t ‫ ־‬Geclccj CHzone/22.0.1229.94 SaEan/537.4 Acccpt: te x t/h tm l, app li cation/xhtm l‫ ־‬xml, appl ica tion /xm l; q-0.9, * / * ; q— 6 !‫־‬ C. Rererer: £ tt p : // v ‫־.־‬ ‫״‬v.bxr.g.con/ u s in g t h e O p t io n s F u z z in g s c re e n . A d d i t i o n a l f u z z i n g f ile s c a n b e a d d e d v ia t h is s c re e n o r c a n b e p u t . Accept-Encoding: sdcfc I r r . - r . T ‫ ־‬rn-T.^ r n ‫־‬n-a P . m a n u a lly i n t o t h e " f ii z z e r s " . 1 d ir e c t o r y w h e r e Z A P w a s in s t a lle d - t h e y w i l l t h e n *JfcltS f t Searcn -v b e c o m e a v a ila b le a f t e r r e s t a r t in g Z A P . 504 catowav n m o . 504 Gateway Time. . . 388mc 389ms, A «1te ‫0 י 0 מ‬ 1 ‫1 1׳ ז‬ ■ 2 3 . C li c k S u b m i t a n d s t e p t o n e x t r e q u e s t o r r e s p o n s e . 2 4 . S e a r c h f o r a ti tl e i n t h e R e s p o n s e p a n e a n d r e p l a c e C a k e s w i t h C a r s a s s h o w n 111 fo llo w in g fig u re . L y j ! T h e re q u e s t o r r e s p o n s e w i l l b e d is p la y e d i n t h e B r e a k t a b w h ic h a llo w s y o u t o c h a n g e d is a b le d o r h id d e n f ie ld s , a n d w i l l a llo w y o u t o b y p a s s c lie n t s id e v a lid a t io n ( o f t e n e n f o r c e d u s in g ja v a s c r ip t) . I t is a n e s s e n tia l p e n e t r a t io n t e s t in g t e c h n iq u e . C E H La b M anual Page 726 E th ic a l H ack in g and Counterm easures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
  13. 13. M o d u le 11 - S e s s io n H ija c k in g UntitledSessio ‫ ־‬O ASP 7 P n W A £ile Edit Vie* Analyte Report Tools H*p I. ‫ ־‬u b .‫־‬I la ‫0 פ‬ Request■* |Response^- [ Break I 3«m1» I ‫ ׳‬ft FG s ®ile (3‫ א‬rwp/‫־‬ *w»ngcom ltea:c‫ ־‬l i • e• U3c- l i *j e! 1 1[ I HTTP/1.1 200 O K C*ch*‫ ־‬Concrol: p riva te , nax-age-0 Ctntent ‫־‬Type: texc/h snl; ch arae t-utf8‫־‬ Expirea: Mon, IS Oct 2012 12:30:19 G T M P2P: CF--NOS UST C M W 3TA LOC CURa DFVa PSAa P3Da O R IND" O AV U s 3_ce a,‫׳‬ rccuse down‫,״‬run0 t1 0 n(n! {s __ t 1st>1e.;event .srcElexer.t :a .ta rge t) >,0! . )<)‫״‬ * //) jx/ s c r 1 p t x c 1 cle|cakea| - B 1 ng</t1 t l e X l m k r.ref="/s/vlflag. icc• ze~"lc2 n”/xlir.t r rer— . ■ /3earth?(j-C ake34a1nc;Q -fiturp;q3‫*־‬n r»p forrc-O C Sa ; BL!lSan,p; file— ollSanr^EQ-Cakesfian p;3c=0-043Ex?3p=-l«axp;31c=iaap;format=r33" rel="alternace" t1rle="XML• rype= PortScan ‫־‬ j Furzer Breakpoints & [ B u eFo c rt re Search 1 GET 3 GET rlp f l N C n corV rtS f M . i g ncpv^w.cir^ co‫״‬ v A eIs PO . 0 l t 1 504 Gateway Tine . 504 Gateway‫׳‬ Tim©. . . 389ms ■ 389ms C r e tScans £ 0 ^ 0 ^ 0 urn ‫י‬ .0 ‫ת‬a , J S«‫| »( ״‬ R«qb»»tw~] R>spons*~ [ ▼ l£ I■ i e S:* Qj f HMpftktwwb n con! t ig 0*0 IJntiflf'd Session OWASP 7AP £0Edit View Analyse Report Tools Help 1 1 L Ul : ! Params Oufcut j ______ Alerts f t _____ X 1 |Hm»l.T«11 » B0O).T«l » | □ IJ | HTTP/1.1 20a O K Cache-Consrel: p riva te , nax-acre-0 ccntent-Type: text/r.tm i; cnars«t*ut1-8 Expires: Mon, 15 Get 2012 12:30:19 G T M P2P: C?-‫״‬SO TOI C0K HAV STA LO CURa DEVa PSAa PSDa O R HID" S C U ‫. -־‬ -. ■■ W.i. I L ■i i.mwfc.' ii .!arm * ; ,uaLun1.il‫ ■ ׳‬iuin ‫. .׳‬iuulliuu ‫׳‬ ■ . iw .■ ‫׳‬ 3j_bc _d, "wzusedown", fu n ctio n (nI <3i_ct (3b_ie?event•srcEleraent:n.target) >,0) ) ) (); / / J j x 3‫ ׳‬c r : . p r x 1 - ‫- ־‬e' jcars| - Sir.g</t1tlex11nic hrer="/ 3/v llla g .1co" re I s ‫ ־‬ic o n V x lin k h re f•/3sarch?3=Cake3£arx;gc=£a1np;q3=n£anp‫׳‬forrt=Q3LH£artp; f11c=all£anp;cq=Cake3£ar: • p;sc=o-04ar2:;sp=-liaxp;3Jc=iaa3?;rormat=r3s" rel="altemate" t1tle="XML• :ype= ActvsScan A Historj“ [ Spide ^ | r B u eForced rt [ PortScan: ] FuzzerW ‫ ן‬ParamsO Otu -c: |_______ Search _______ J __________ Breakpoints ^ __________1 ______ Alerts f t _____ h »*n 1 tin c rn ltp‫ ׳‬n g o f ' n / V V rqco tp ‫׳‬A k ,.c ‫״‬v A eis P0 . 0 l t 504 GatewayTime 504 catowa‫׳‬ Tine. . . 389ms 389ms 0*0 CurientScans £ 0 ^ 0 1*‫ו‬ F I G U R E 2 .7 : P a r o s P r o x y s e a r c h s t r in g c o n t e n t 2 5 . 111 t h e s a m e R e s p o n s e p a n e , r e p l a c e C a k e s w i t h C a r s a s s h o w n i n t h e fo llo w in g fig u re a t th e v a lu e s h o w n . ■ Untitled Session * OWASP ZAP T l i i s f u n c t io n a lit y is b a se d o n c o d e f r o m th e O W A S P J B r o F u z z p r o je c t a n d in c lu d e s f ile s f r o m t h e f u z z d b p r o je c t . N o t e t h a t s o m e f u z z d b f ile s h a v e b e e n l e f t o u t as t h e y c a u s e c o m m o n a n t i v ir u s s c a n n e r s t o f la g t h e m as c o n t a in i n g v ir u s e s . Y o u c a n r e p la c e t h e m (a n d u p g r a d e f u z z d b ) b y d o w n lo a d in g - I - U 2 J File Eon View Analyse Repoit Tools H«p la» id l‫־‬l & G O J Sites1 | * 'ft PSlles 4 H ■ ! ^ 0 Retjues♦“ * ] Response^ ! Break Heaser T r ‫״‬ en Bog :T x * y ci 0 r1napjfw M oing.com 'M . HIT*/1.1 i0 ‫׳‬u or. Cacr.e-Conrrcl: p r m : e , nax-age=o Ccntent-Type: texc/htm l; charset— tf-8 u Expirea: Mon, IS Cct 2012 12:30:19 G T M P3P: CF-'KON‫ ־‬tJKI C K HRV STi. LOC C Ra DFVa PSAa PSDa C IND" O U tJR ‫ ־ ■ ! ! ״‬s‫!_^׳‬j _5iA sua:.‫ .__׳‬ijuj. ‫׳‬ ‫ב‬a=‫3״‬v_cta■>3eca> ‫׳‬ . ‫ ׳‬dxvxdzv clas3 n w ci"> d v clas3=',3v_bn 1a=‫ ״‬swjD‫><״‬npuw.1 = 3 _b < ^ _ m *class—3 w q o ia="9b Com q* n " fe x" arae= n t.ltle="En1;er your search cera• :vp "q te x t* va l * ‫^ ־‬afceaf* or.focuoa=— ■‫ . ז פ912 =0ב‬ge-Elenentsyia ‫3 ' ן‬w b ‫ . ן י‬style .to rd e rco lo r = ' #3366‫= ״ ;יםש‬cn riu r ‫ד‬ docunent.qetElenentByld I ’ 3w_bt I .s ty le •borderColor - '4999'; " / X d iir • ‫ס‬la - 3— ‫3 ״‬v_dvar‫ ״‬x / d 1 v x input id - "sb_£orrt_go" cla33="3w_qbtn" t i t l e - *Search" t h e la t e s t v e r s io n o f f u z z d b a n d e x p a n d in g i t i n t h e Brjte Force j*• PortScan‫־‬ _____| Furrer | Paramsn | Output A itsft lfe Search ,f u z z e r s ' lib r a r y . 504 GatewayTine. 504 Gat»w3y lino. " ■ 389m$ 389msr Curient Scans v 0 4 t 0 1 />0 C E H La b M anual Page 727 0%>0 E th ic a l H ack in g and Counterm easures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
  14. 14. M o d u le 11 - S e s s io n H ija c k in g U tiM Sessio ‫ ־‬O ASP 7 P n rd n W A [ £«e Ejii view Analyte Ropoil Tos ol H#p ► rl w 0 ‫ס‬ ti J S«Ufr 1_ Request■** | Response^ leaser leu ‫״‬ Break v ‫׳‬ Uo«y: T«a1 i HTTP/1.1 200 OK T lu s t o o l k e e p s t r a c k o f t h e e x is t in g H t t p C*ch*‫ ־‬C o n c ro l: p r iv a c a , r*ax-aga-0 C cnccn ‫״ ־‬Type: c e x c /h s n l; c h a r a e t - u t f 8‫־‬ S e s s io n s o n a p a r t i c u la r S ite Expirea: Xor., IS Oct 2012 12:30:19 GMT P2P: CF--NOS UST COM WAV STR LOC CURa DEVa PSAa P3Da OUR IND" a n d a llo w s t h e Z a p r o x y .5 w c t a*>B*c»</davx<11v Clas3 "= 3=‫3'׳‬w bd"><cl1v :ias3=‫ ״‬sw 6 " :2=‫ 3 ׳‬u f x 1 .:pu ‫־‬ . -la33-"3v_qfcox"id-"3b_Eonn_q" name-"q" title— "Enter your search tern1 type: u s e r t o f o r c e a ll re q u e s ts t o = text■ value=' 3 b e o n a p a r t ic u la r s e s s io n . B a s ic a lly , i t a llo w s t h e u s e r t o e a s ily s w it c h b e t w e e n Sp d-f £ t o c r e a te a n e w S e s s io n [ T u s e r s e s s io n s o n a S ite a n d w it h o u t " d e s tro y in g " th e 3nf ocua, tocunent.ge!‫ —־‬Elenenc3yId|,aw b 1).9tyle.borderColor='#3366fcb,;w onblur ' docunent.getElenentByld I*sw_b' J .style•borderColor' - ‫/";י 999#י‬X d i ▼ class— ‫3י‬v_dv:1r "></cL.v><input rd="sb_forrt_go" class="sw_qbtn" t!tle="Search" 1 3 GET GET Port Scan ' ] Furzer Break Points & B1 Force ‫*־׳‬e Search rlp f l N C n corV rtS f M . i g 9‫ י י - * * * ס ז‬co‫״‬v **‫׳£׳יי‬ jjf 504 Gateway Time . 504 Gateway Time. Params G j j________ Alerts Oufcut ______ 389ms 389ms e x is t in g o n e s . Current Scans £ 0 # 0 F IG U R E Z8: P a ro s w i t h ^ 0 _ 0 y o m o d if ie d tra p o p t io n c o n te n t N o te : H e r e w e a re c h a n g in g th e te x t C a k e s to C a rs ; th e b in g s e a r c h s h o w s C a rs , w h e r e a s th e re s u lts d is p la y e d a re f o r C a k e s. 2 6 . O b s e r v e t h e B in g s e a r c h w e b p a g e d i s p l a y e d 1 1 1 t h e b r o w s e r w i t h search q u e ry as “ C a k e s .” ‫ב ד‬ X WEB L y d J I t is b a s e d o n d ie H 2) www.bing.corn/search?q=cars&go=&qs‫־־‬n&form =Q BLH&filt=all&pq=cars&sc=0 IMAGES VDEOS HEWS MORE t> 1n q Beta c o n c e p t o f S e s s io n T o k e n s , w h i c h a re H T T P m e s s a g e 357.00 0 0 ‫ נ‬RESULTS p a r a m e t e r s ( f o r n o w o n ly l-naaes cflcakesl C o o k ie s ) w h ic h a llo w a n tnrq com/maces H T T P s e rv e r to c o n n e c t a re q u e s t m essage w ith a ny p r e v io u s re q u e s ts o r d a ta s t o r e d . I n t h e ca se o f Z a p r o x y , c o n c e p t u a lly , s e s s io n t o k e n s h a v e b e e n C a ke c la s s if ie d i n t o 2 c a te g o r ie s : W ikipo d ia th o fro o encyclopedia en w k p*da o‫־‬g Wkt/Cake Varieties Special-purpose cakes Shapes Cake flout Cake decorating Cake ts a forrr cf bread ot bread-like food In its modern forms, it is typically a sweet ba«od dessert In As oldest forms, cakoc •voro normally fnod broadc or d e f a u lt s e s s io n t o k e n s a n d s ite s e s s io n t o k e n s . T h e d e f a u lt s e s s io n t o k e n s a re F I G U R E 2 .6 : S e a rc h r e s u lt s w i n d o w a f t e r m o d if y in g t h e c o n t e n t th e o n e s th a t th e u s e r ca n s e t i n d ie O p t io n s S c re e n a n d a re t o k e n s t h a t a re , b y d e f a u lt , a u t o m a t ic a lly c o n s id e r e d s e s s io n t o k e n s 2 7 . T h a t 's it. Y o u j u s t f o r c e d a il u n s u s p e c t i n g w e b b r o w s e r t o g o t o a n y p a g e o f }7o u r c h o o s i n g . f o r a n y s ite (e g . p h p s e s s id , js e s s io n id , e tc ) . T h e s ite L a b A n a ly s is s e s s io n t o k e n s a re a s e t o f t o k e n s f o r a p a r t i c u la r s ite a n d a re u s u a lly s e t u p u s in g t h e p o p u p m e n u s a v a ila b le A n a ly z e a n d d o c u m e n t d i e r e s u lts r e l a te d t o d ie la b e x e rc is e . G iv e y o u r o p i n i o n o n y o u r ta r g e t’s s e c u n t y p o s t u r e a n d e x p o s u r e . in th e P a ra m s T a b . T o o l/U tility I n f o r m a tio n C o lle c te d /O b je c tiv e s A c h ie v e d ■ S S L c e rtif ic a te to h a c k in to a w e b s ite ■ R e d i r e c t i n g t h e r e q u e s t m a d e i n B in g Z e d A tta c k P ro x y C E H La b M anual Page 728 E th ic a l H ack in g and Counterm easures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
  15. 15. P L E A S E TALK T O Y O U R I N S T R U C T O R IF YOU H A V E Q U E S T I O N S R E L A T E D T O T H I S LAB. Q u e s t io n s 1. E v a lu a t e e a c h o f t h e f o llo w in g P a r o s p r o x y o p ti o n s : a. T ra p R eq u est b. T ra p R esp o n se c. C o n tin u e B u tto n d. D r o p B u tto n I n te r n e t C o n n e c tio n R e q u ire d 0 Y es □ No P la tfo rm S u p p o rte d 0 C E H La b M anual Page 729 C la s s ro o m □ !L ab s E th ic a l H ack in g and Countem ieasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.

×