Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Lab
M a n u a l
S e s s i o n
i j a c k i n g M o d u le 11
M o d u le 11 - S e s s io n H ija c k in g
H ija c k in g
S e s s io n s
Session hijacking refers to the exploitation o f a valid com puter session, ))herein an a tta c h r takes over a session between two computers.
I C O N K E Y
L a b S c e n a r io
S o u rc e : h ttp : / /k r e b s o n s e c u r i t v .c o m / 2 0 1 2 / 1 1 / y a h o o -e m a il-s te a lin g -e x p lo itf e t c h e s - 7 ()(!) A c c o r d i n g t o K r e b s o n S e c u r i t y n e w s a n d i n v e s t i g a t i o n , z e r o - d a v v u l n e r a b i l i t y 111 y a h o o . c o m t h a t le t s a t t a c k e r s h i j a c k Y a h o o ! e m a i l a c c o u n t s a n d r e d i r e c t u s e r s t o m a lic io u s w e b s ite s o tt e r s a fa s c in a tin g g lim p s e in t o th e u n d e r g r o u n d m a r k e t f o r la r g e - s c a l e e x p lo i ts . The e x p lo it, b e in g s o ld fo r S700 by an E g y p tia n hacker on an e x c lu s iv e
&
V a lu a b le in f o r m a t io n
T e s t y o u r k n o w le d g e
W e b e x e r c is e
W o r k b o o k r e v ie w
s a y s i t is r e s p o n d i n g t o
t h e is s u e . R a m s e s M a r t i n e z , d i r e c t o r o f s e c u r i t y a t
Y a h o o ! , s a i d t h e c h a l l e n g e n o w is w o r k i n g o u t t h e e x a c t v a h o o . c o m U R L t h a t t r i g g e r s t h e e x p l o i t , w h i c h is d i f f i c u l t t o d i s c e r n f r o m w a t c h i n g t h e v i d e o . T h e s e t y p e s o t v u l n e r a b i l i t i e s a r e a g o o d r e m i n d e r t o b e e s p e c i a ll y c a u t i o u s a b o u t c li c k in g li n k s 1 1 1 e m a i ls f r o m s t r a n g e r s o r 1 11 m e s s a g e s t h a t y o u w e r e n o t e x p e c tin g . B e in g a n d a d m in is tr a to r y o u s h o u ld im p le m e n t s e c u r ity m e a s u r e s a t A p p lic a tio n le v e l and N e tw o rk le v e l to p ro te c t y o u r n e tw o rk fro m s e s s io n h ij a c k in g . N e t w o r k l e v e l h ij a c k s is p r e v e n t e d b y p a c k e t e n c r y p t i o n w h i c h c a n b e o b t a i n e d b y u s i n g p r o t o c o l s s u c h a s I P S E C , S S L , S S H , e tc . I P S E C a ll o w s e n c r y p t i o n o f p a c k e ts o n s h a r e d k e y b e tw e e n th e tw o s y s te m s in v o lv e d 111 c o m m u n ic a tio n . A p p l i c a t i o n - l e v e l s e c u r i t y is o b t a i n e d b y u s i n g s t r o n g s e s s i o n I D . S S L a n d S S H a ls o p ro v id e s s tro n g e n c ry p tio n u sin g SSL c e rtif ic a te s to p re v e n t s e s s io n h ij a c k in g .
L a b O b j e c t iv e s
T h e o b j e c t i v e o f th i s l a b is t o h e l p s u i d e n t s l e a r n s e s s i o n h i j a c k i n g a n d t a k e n e c e s s a r y a c t i o n s t o d e f e n d a g a i n s t s e s s i o n h ij a c k in g .
1 1 1 th i s l a b , y o u w ill:
I n t e r c e p t a n d m o d i tv w e b t r a f f i c
E th ic a l H ack in g and Countem ieasures Copyright by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
M o d u le 11 - S e s s io n H ija c k in g
S i m u l a t e a T r o j a n , w h i c h m o d i f i e s a w o r k s t a t i o n 's p r o x y s e r v e r s e t t i n g s
S 7Tools dem onstrated in this lab are available in D:\CEHTools\CEHv8 Module 11 Session Hijacking
L a b E n v ir o n m e n t
T o c a r r y o u t tin s , v o u n e e d : A c o m p u t e r m i m i n g W indows Server 2012 as host m achine T liis la b w ill m n o n W indows 8 v ir tu a l m a c h i n e W e b b r o w s e r w ith I n te r n e t acc e ss A d m in i s t r a ti v e p riv ile g e s t o c o n f i g u r e s e ttin g s a n d m n to o l s
L a b D u r a t io n
T im e : 2 0 M i n u te s
O v e r v ie w o f S e s s io n H ija c k in g
m .
TASK
O verview
S e s s io n h ija c k in g r e f e r s t o th e exploitation o f a v a lid c o m p u t e r s e s s io n w h e r e a n a tt a c k e r takes over a s e s s io n b e t w e e n t w o c o m p u t e r s . T h e a tt a c k e r steals a v a lid s e s s io n I D , w h i c h is u s e d t o g e t i n t o th e s y s te m a n d sniff th e d a ta . 111 TC P session lu ja c k in g , a n a tt a c k e r ta k e s o v e r a T C P a llo w s t h e a tt a c k e r t o gain access t o a 1 1 1 a c lim e . s e s s io n b e t w e e n tw o
m a c h i n e s . S in c e m o s t authentications o c c u r o n ly a t t h e s t a r t o f a T C P s e s s io n , th is
Lab T asks
P ic k a n o r g a n i z a ti o n d i a t y o u fe e l is w o r t h y o f y o u r a tt e n ti o n . T in s c o u l d b e a n e d u c a t io n a l in s ti tu t io n , a c o m m e r c i a l c o m p a n y , o r p e r h a p s a n o n p r o t i t c h a n ty . R e c o m m e n d e d la b s t o a s s is t y o u 111 s e s s io n lu ja c k m g :
S e s s io n lu ja c k in g u s i n g Z A P
L a b A n a ly s is
A n a ly z e a n d d o c u m e n t d ie r e s u lts r e l a te d t o th e la b e x e rc is e . G iv e y o u r o p i n i o n o n y o u r ta r g e ts s e c u r ity p o s m r e a n d e x p o s u r e .
P L E A S E
T A L K
T O
Y O U R
I N S T R U C T O R T O T H I S
I F
Y O U
H A V E
Q U E S T I O N S
R E L A T E D
L A B .
E th ic a l H ack in g and Counterm easures Copyright by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
M o d u le 11 - S e s s io n H ija c k in g
Lab
S e s s io n P r o x y
H ija c k in g
U s in g
Z e d
A t t a c k
(Z A P )
The O W A S P Z ed A tta c k P roxy (Z A P ) is an easy-to-use integratedpenetration testing toolfo r fin d in g vulnerabilities in n eb applications.
1 C < O N K E Y
L a b S c e n a r io
A tta c k e rs a re c o n tin u o u s ly w a tc h in g f o r w e b s ite s to h a c k a n d d e v e lo p e rs m u s t b e p r e p a r e d to c o u n te r - a t ta c k m a lic io u s h a c k e r s b y w r itin g s tr o n g s e c u r e c o d e s . A c o m m o n f o r m o f a t t a c k is s e s s i o n h i j a c k i n g , i.e ., a c c e s s i n g a w e b s i t e u s i n g s o m e o n e e l s e s s e s s i o n I D . A s e s s i o n I D m i g h t c o n t a i n c r e d i t c a r d d e ta i ls , p a s s w o r d s , a n d o th e r s e n s itiv e i n f o r m a t io n th a t c a n b e m is u s e d b y a h a c k e r. S e s s io n h ija c k in g a tta c k s a re p e r f o r m e d e ith e r b y s e s s io n I D g u e s s in g 0 1 b y s to le n s e s s io n I D c o o k ie s . S e s s io n I D g u e s s in g in v o lv e s g a th e r in g a s a m p le o f s e s s i o n I D s a n d g u e s s i n g a v a l i d s e s s i o n I D a s s i g n e d t o s o m e o n e e ls e . I t is a lw a y s r e c o m m e n d e d n o t t o r e p l a c e A S P . N E T s e s s i o n I D s w i t h I D s o f y o u r o w n , a s t h i s w ill p r e v e n t s e s s i o n I D g u e s s in g . S t o l e n s e s s i o n I D c o o k i e s s e s s i o n h ija c k in g a tta c k c a n b e p r e v e n t b y u s in g S S L ; h o w e v e r, u s in g c ro s s -s ite s c r ip tin g a tta c k s a n d o th e r m e t h o d s , a tta c k e r s c a n s te a l th e s e s s io n I D c o o k ie s . I f a n a t t a c k e r g e t s a h o l d o f a v a li d s e s s i o n I D , t h e n A S P . N E T c o n n e c t s t o t h e c o r r e s p o n d in g s e s s io n w ith 110 f u r th e r a u th e n tic a tio n . T h e r e a r e m a n y t o o l s e a s ily a v a il a b le n o w t h a t a t t a c k e r s u s e t o h a c k i n t o w e b s i t e s 0 1 u s e r d e ta i ls . O n e o f t h e t o o l s is F i r e s h e e p , w h i c h is a n a d d - 0 1 1 f o r F i r e f o x . W h i l e y o u a r e c o n n e c t e d t o a n u n s e c u r e w i r e l e s s n e t w o r k , ti n s F i r e f o x a d d - 0 1 1 c a n s n i f f t h e n e t w o r k tr a f f i c a n d c a p t u r e a ll y o u r i n f o r m a t i o n a n d p r o v i d e i t to t h e h a c k e r 111 t h e s a m e n e t w o r k . T h e a t t a c k e r c a n n o w u s e tin s in f o r m a tio n a n d lo g in as y o u . A s a n e t h i c a l h a c k e r , p e n e tr a tio n te s te r, 0 1 s e c u r i t y a d m i n is tr a t o r , y o u s h o u ld b e fa m ilia r w ith n e tw o r k a n d w e b a u th e n tic a tio n m e c h a n is m s . I n y o u r ro le o f w e b s e c u r ity a d m in is tr a to r , y o u n e e d to te s t w e b s e r v e r tr a ffic f o r w e a k s e s s i o n ID s , i n s e c u r e h a n d l i n g , i d e n t i t y t h e f t , a n d i n f o r m a t i o n l o s s . A lw a y s e n s u r e t h a t y o u h a v e a n e n c r y p t e d c o n n e c t i o n u s i n g h t t p s w h i c h w ill m a k e t h e s n iffin g o f n e tw o r k p a c k e ts d if f ic u lt f o r a n a tta c k e r. A lte r n a tiv e ly , Y P N
(7 ~ / V a l u a b l e in fo r m a tio n
Test yo ur k n o w le d g e
W e b e x e r c is e
W o r k b o o k r e v ie w
E th ic a l H ack in g and Countem ieasures Copyright by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
M o d u le 11 - S e s s io n H ija c k in g
L a b O b j e c t iv e s
T h e o b j e c t i v e o f ti n s l a b is t o h e l p s t u d e n t s l e a r n s e s s i o n l n j a c k n i g a n d h o w t o t a k e n e c e s s a r y a c t i o n s t o d e f e n d a g a i n s t s e s s i o n l n j a c k n ig .
1 1 1 t i n s l a b , y o u w ill:
I n t e r c e p t a n d m o d i f y w e b tr a f f i c S i m u l a t e a T r o j a n , w h i c h m o d i f i e s a w o r k s t a t i o n 's p r o x y s e r v e r s e t ti n g s
Tools dem onstrated in this lab are available in D:\CEHTools\CEHv8 Module 11 Session Hijacking
L a b E n v ir o n m e n t
T o c a n y o u t th e la b , y o u n e e d : P a r o s P r o x y l o c a t e d a t D :\C E H -T o o ls\C E H v 8 M o d u l e 1 1 S e s s i o n H i j a c k i n g \ S e s s i o n H ij a c k i n g T o o l s \ Z a p r o x y Y o u c a n a ls o d o w n l o a d t h e l a t e s t v e r s i o n o f Z A P f r o m t h e li n k h ttp : / / c o d e .g o o g le .c o m /p /z a p r o x y /d o w n lo a d s /lis t I f y o u d e c id e to d o w n lo a d th e l a t e s t v e r s io n , th e n s c r e e n s h o ts s h o w n
111 t h e la b m i g h t d if f e r
L a b D u r a t io n
T n n e : 2 0 M i n u te s
O v e r v ie w o f Z e d A t t a c k P r o x y ( Z A P )
Z e d A t t a c k P r o x y ( Z A P ) is d e s i g n e d t o b e u s e d b y p e o p l e w i t h a w id e r a n g e o f s e c u r ity e x p e r i e n c e a n d a s s u c h is id e a l f o r d e v e lo p e r s a n d f u n c t i o n a l te s te r s w h o a re n e w t o p e n e t r a t i o n te s ti n g a s w e ll a s b e n ig a u s e f u l a d d it io n t o a n e x p e n e n c e d p e n t e s t e r s t o o l b o x . I t s f e a t u r e s m c l u d e m t e r c e p t n i g p r o x y , a u t o m a t e d s c a n n e r , p a s s iv e s c a n n e r , a n d s p id e r.
Lab T asks
m .
TASK
1.
L o g 111 t o y o u r W i n d o w s 8 Y ir t u a l M a c h in e .
Setting-up ZAP
C E H La b M anual Page 719 E th ic a l H ack in g and Counterm easures Copyright by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
M o d u le 11 - S e s s io n H ija c k in g
2.
1 1 1 W i n d o w s 8 Y irU ia l M a c h i n e , f o l l o w t h e w i z a r d - d r i v e n i n s t a l l a t i o n
Y o u c a n a ls o
d o w n lo a d Z A P h t t p : / / c o d e . g o o g le . c o m / p / z a p r o s y / d o w n lo a d s / lis t
F I G U R E 2 .1 : P a r o s p r o s y m a in w i n d o w
!2 2
A t it s h e a r t Z A P S i n
C li c k Z A P 1 .4 .1 1 1 1 t h e S t a r t m e n u a p p s .
A d m in i-P C
m
Mozilla Firefox
4S
S kyO iftt Microsoft Excel 2010
jr
*
tlim w Microsoft PowerPoint 2010
S |
Microsoft Publisher 2010
(2
I f y o u k n o w h o w to s e t u p p r o s ie s i n y o u r w e b b ro w s e r th e n g o ahead a nd g iv e i t a g o ! I f y o u a re u n s u r e t h e n h a v e a l o o k a t t h e C o n f ig u r in g p r o s ie s s e c tio n . F I G U R E 2 .2 : P a r o s p r o s y m a in w i n d o w
5. 6.
E th ic a l H ack in g and Countenneasures Copyright by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
M o d u le 11 - S e s s io n H ija c k in g
Active scanning
y ^
F I G U R E 2.3 : P a ro s p r o x y m a in w in d o w
a t t e m p t s t o f i n d p o t e n t ia l
v u l n e r a b i l i t i e s by using
k n o w n a tta c k s a g a in s t t h e s e le c te d ta r g e ts .
O p t i o n s w i n d o w , s e l e c t D y n a m i c S S L c e r t i f i c a t e s t h e n c lic k
G e n e r a t e t o g e n e r a t e a c e r t i f i c a t e . T h e n c li c k S a v e .
Options
D I
Dat3D3se D i
P i5 p a < _____ a y
Er code t)e ccde Extensions Fuzier Language Local prar Passive Scar Pon Scan Session Tokors
Sp id er
(_ 2!L 1
F I G U R E 2 .4 : P a r o s p r o x y m a in w i n d o w
8.
E th ic a l H ack in g and Counterm easures Copyright by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
M o d u le 11 - S e s s io n H ija c k in g
O p tio n s
rOptions
u a
JK02 .hv cly
c enmr.aies
RoolCAcaitncate p Generate j
MI 103 :CCAsaaAwIBAal:JMz ur
11 a le r t is a p o t e n t ia l
A ^ n t r v c a a g n ,__
Look m: I B A d r tn iP C IB Contacts e s to p IB Downloads IB Favorites jy u ic s 1 ^ Documents
H lc 9 X 0 V N 0 T F p lZ C 3 B d H a h V ; c U H Jv H V j-Jn 9 v d C B I|r
O D Z 3 H :0 < O C T u 7 t M M a 0 C X ^ t'K C < 3 (w N T l*a:! .
v u ln e r a b ilit y a n d is a s s o c ia te d w i t h a s p e c if ic r e q u e s t. A r e q u e s t c a n h a v e m o r e t h a n o n e a le r t.
MPictures
|Q | owasp_zap_root_ca.cer 1
. "1ew
. 3dre
F I G U R E 2 .5 : P a r o s p r o x y m a in w i n d o w
9.
C li c k O K i n t h e O p t i o n s w i n d o w .
1 0 . Y o u r P a r o s p r o x y s e r v e r is n o w r e a d y t o i n t e r c e p t r e q u e s t s .
E th ic a l H ack in g and Countenneasures Copyright by EC-Council A ll Rights Reserved. Reproduction is Strictly Prohibited.
M o d u le 11 - S e s s io n H ija c k in g
s Q _ _
JBrea* .
H 3 c r x t J B o d y : I x t _ ) l Tl i
ActvoScan $
SpidorS^;
Brute Force ^
Port Scan :
Fuzzsri,^
B re a kP o in tsv-i
Filter.CFF
PararrtSLj [ A J 9 : t 3
3utput
Aieits ^ 0 k-0 . 0 ao
m Z A P d e te c ts a n t i C S R F t o k e n s p u r e ly b y a t t r i b u t e n a m e s - t h e l is t o f a t t r i b u t e n a m e s c o n s id e r e d t o b e a n t i C S R F t o k e n s is c o n f ig u r e d u s in g t h e O p t io n s A n t i C S R F s c re e n . W h e n Z A P d e t e c ts th e s e t o k e n s i t r e c o r d s d ie t o k e n v a lu e a n d w h i c h U R L g e n e r a te d t h e t o k e n .
current scans
ft
0_
F I G U R E 2 .7 : P a r o s p r o x y m a in w i n d o w
M C
EM Svt p 9 F in d ...
C ut C op, Pae - . Q
T o d s
rT |
00> Wb S:c#
F I G U R E 2.8 : I E I n t e r n e t O p t io n s w in d o w
1 4 . O n t h e G o o g l e C h r o m e S e t t i n g s p a g e , c li c k t h e S h o w a d v a n c e d s e t t i n g s . . . l i n k b o t t o m o f t h e p a g e , a n d t h e n c lic k t h e C h a n g e p r o x y
L U s i Z A P p r o v id e s a n A p p l i c a t i o n P r o g r a m m in g In te rfa c e ( A P I) w h ic h a llo w s y o u t o in t e r a c t w i t h Z A P p r o g r a m m a t ic a lly . T h e A P I is a v a ila b le i n JS O N , H T M L and X M L fo r m a ts . T h e A P I d o c u m e n t a t io n is a v a ila b le v ia t h e U R L h t t p : / / z a p / w h e n y o u a re p r o x y in g v ia ZAP.
s e t t i n g s ... b u tto n .
E th ic a l H ack in g and Countenneasures Copyright by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
M o d u le 11 - S e s s io n H ija c k in g
*C Chrome
LtnguigK C *v*0 t* x CN0(* M T x jk ; Md to p t*> 5 Unguises l9< u9td ifx a < t1 < k < ( *dings... / Cfltris t*n *i*teacrIKx irm'l in1 L a n g u a g eI re a d
C h ang e..
[I
*4 n ^ t10
HTTPVSSL
M^e(0t1Aul6_ Chedtforseva certrfieaterrw o cjb o n Google Ooud Pnnt G o og leC lo u dMrs las you seeettth e e n p jte r5p rin te rsfromanyv.h ere C licktoe n a b
F I G U R E 2 .9 : P a r o s p r o x y m a in w i n d o w
Setup
Settirg c
% Never da a ccmeoon C) O i a iwhenever a networkc o n n ection i snotpresent 4 'Always dal my defait c c n n ection Cure* None Set d e f a u l t
LAS Settrtgsdo not apoly to dialup connections. Choose Settngs aoove for dal u psettngs.
LAN settings
F I G U R E 2 .1 0 : I E I n t e r n e t O p t io n s w in d o w w i t h C o n n e c tio n s ta b
1 6 . C h e c k U s e a p r o x y s e r v e r f o r y o u r L A N , ty p e 1 2 7 . 0 . 0 1 1 1 1 t h e A d d r e s s , e n t e r 8 0 8 0 1 1 1 t h e P o r t ti e ld , a n d c li c k O K .
Q =a! C li c k O K s e v e r a l t im e s u n t i l a ll c o n f ig u r a t io n d ia l o g b o x e s a re c lo s e d .
E th ic a l H ack in g and Countem ieasures Copyright by EC-Council A ll Rights Reserved. Reproduction is Strictly Prohibited.
I t s h o u ld b e n o t e d
M o d u le 11 - S e s s io n H ija c k in g
A d d r e s s
Proxy server raLlse a proxy server for your LAN (These settings w ill not apply to LJdial-up or VPN connections). Address: 127.0.0.1 Port: | 8080| | Advanced
Cancel
F I G U R E 2 1 1 : I E I n t e r n e t O p t io n s W i n d o w w i d i P r o x y S e ttin g s W i n d o w
1 7 . C li c k S e t b r e a k o n a l l r e q u e s t s a n d S e t b r e a k o n a l l r e s p o n s e s t o
TASK
S e s s io n
t r a p a ll t h e r e q u e s t s a n d r e s p o n s e s f r o m t h e b r o w s e r .
H ij a c k i n g V i c t i m s
pybiifci g o /
_ Sites
e
[Header Icxi * jtoay: Text j
~
PI
A c tive Scan A
Spdet
Brute Force v~
F u rre rW
Param sLJ
Current Scans 0 * 0 0
A b r e a k p o i n t a llo w s F I G U R E 2 .1 2 : P a r o s p r o x y m a in w i n d o w
18. N o w n a v ig a te to a c h r o m e b r o w s e r , a n d o p e n w w w .b in g .c o m . 19. S ta r t a s e a r c h f o r C a r s . 2 0 . O p e n Z A P , w h i c h s h o w s f i r s t t r a p p e d i n c o m i n g w e b tr a f f i c . 2 1 . O b s e r v e th e firs t fe w lin e s o f th e t r a p p e d tr a ffic 111 th e t r a p w in d o w s , a n d k e e p c li c k in g S u b m i t a n d s t e p t o n e x t r e q u e s t o r r e s p o n s e u n t i l y o u s e e c a r s 111 t h e G E T r e q u e s t 111 t h e B r e a k ta b , a s s h o w n 111 t h e fo llo w in g s c r e e n s h o t.
E th ic a l H ack in g and Counterm easures Copyright by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
M o d u le 11 - S e s s io n H ija c k in g
hctp://wvw.blng.com/*arch?q=5Kgos&qa-nfcrcim =0BlJUfllt-alltpg^c4^).*e^0-0 43p -:sak- HTTP/1.1 Hose: wvw.Mng.cox Proxy-Connection: keep-alive U3er A;er. : Mozilla/S.G !Windows NT 6.2; KOW 64) AcpleWecKit/S37.4 (KHTHL, . .lire secJc:. cnrone/22.0.1229.94 saran/537.4 Accept: te x t /h e r! , appl i cation/xhtml*xml f appl ic a tio n / xml; q-0.9, * / * ; q- 0 . 8 Rererer: http://vw v.b1ng. con/ Accept-Encoding: 3tier. Irrrr.T-:j-.rsr.;/\cv - rn -"^ rn-n-H P ,______ ___________________________________ I
S p idw ffi
Searcn
Al&its f t
* 1 mc 1 1 0 1
Current Scans 0 # 1
-0
F I G U R E 2 .6 : P a ro s P r o x y w i t h T r a p o p t io n c o n te n t
2 2 . N o w c h a n g e th e q u e ry te x t f r o m C a r s to C a k e s in th e G E T re q u e s t.
llntiWea Session -OWASP 7AP
4e Ealt V I* Analyk Ropoit Toole Hp
J S ite sI* |_
, f t R Sites .: mtp/'A^.otngcom
-:43pl&ak- HTTP/1.1
Hose: vw.Di n g , cox
Proxy-Coonection: lreep-alive Uaer-Asenz: Mozilla/S.O !Windows NT 6.2; KCW 64) AcpleWeCK1537.4/ ( KHTML, l i t Geclccj CHzone/22.0.1229.94 SaEan/537.4 Acccpt: te x t/h tm l, app li cation/xhtm l !xml, appl ica tion /xm l; q-0.9, * / * ; q C. 6 Rererer: tt p : // v . v.bxr.g.con/
Accept-Encoding: sdcfc
I r r . - r . T rn-T.^ r n n-a P .
Searcn -v
*JfcltS f t
388mc 389ms,
A 1 1te 0 0
11
E th ic a l H ack in g and Counterm easures Copyright by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
M o d u le 11 - S e s s io n H ija c k in g
UntitledSessio nO W ASP 7 A P
ile Edit Vie* Analyte Report Tools H*p
I. u b .I la 0
I 3m1 I
ft F G ile s
(3 rwp/ *wngcom
HTTP/1.1 200 O K C*ch* Concrol: p riva te , nax-age-0 Ctntent Type: texc/h snl; ch arae t-utf8 Expirea: Mon, IS Oct 2012 12:30:19 G M T P2P: CF--NOS UST C O MW AV 3TA LOC CURa DFVa PSAa P3Da O U R IND"
s 3 _ce a, rccuse down,run 0 t 1 0 n(n! {s
)<) * //) jx/ s c r 1 p t x c 1 cle|cakea| - B 1 ng</t 1 t l e X l m k r.ref="/s/vlflag. icc ze~"lc2 n/xlir.t r . rer
__
[ B r u t eFo r c e Search
GET 3 GET
r r l t p S f f l M N . C i n gcorV ncpv^w.cir^ co v
389ms 389ms
A l eI t s PO . 0
C u r r e n tScans 0 ^ 0 ^ 0
0*0
a ,
.0
X 1
Rqbtw~] R>spons*~ [
|Hml.T11 | B0O).Tl | IJ HTTP/1.1 20a O K Cache-Consrel: p riva te , nax-acre-0 ccntent-Type: text/r.tm i; cnarst*ut1-8 Expires: Mon, 15 Get 2012 12:30:19 G M T P2P: C?-SO S TOI C0K HAV STA LO C CURa DEVa PSAa PSDa O U R HID"
- . - . W.i. I L i i.mwfc.' ii .!arm * ; , uaLun1.il . iw iuin . . .iuulliuu
3j_bc _d, "wzusedown", fu n ctio n (nI <3i_ct (3b_ie?eventsrcEleraent:n.target) >,0) ) / / J j x 3 c r : . p r x 1 - -e' jcars| - Sir.g</t1tlex11nic hrer="/ 3/v llla g .1co" re I s ic o n V x lin k h re f/3sarch?3=Cake3arx;gc=a1np;q3=nanp forrt=Q3LHartp; f11c=allanp;cq=Cake3ar: p;sc=o-04ar2:;sp=-liaxp;3Jc=iaa3?;rormat=r3s" rel="altemate" t1tle="XML :ype=
) ();
ActvsScan A Historj
Spide r^ | B r u t eForced [ PortScan: ] FuzzerW ParamsO O t c u : |_______ Search _______ J __________ Breakpoints ^ __________1 ______ Alerts f t _____
389ms 389ms
A l ei t s P0 . 0
1*
CurientScans 0 ^ 0 F I G U R E 2 .7 : P a r o s P r o x y s e a r c h s t r in g c o n t e n t
0*0
- I - U 2 J
'ft PSlles
0 r1napjfw 'M M .oing.com
HIT*/1.1 i0 u or. Cacr.e-Conrrcl: p r m : e , nax-age=o Ccntent-Type: texc/htm l; charset u tf-8 Expirea: Mon, IS Cct 2012 12:30:19 G M T P3P: CF-'KON tJKI C O K HRV STi. LOC C U Ra DFVa PSAa PSDa C tJR IND" ! ! s!_^j _ 5iA sua:.__. ijuj. . a=3v_cta>3eca> dxvxdzv clas3 = n 3 w _b ci"> < d ^ v clas3=',3v_bn 1a=swjD><npuw.1
*class "3w q fe o x" ia="9b Com q* n arae= "q n t.ltle="En1;er your search cera :vp
te x t* va l * a= ^afceaf* or.focuo0= 219 . ge-Elenentsyia ' 3w b . style .to rd e rco lo r = ' #3366= ;cn riu r docunent.qetElenentByld I 3w_bt I .s ty le borderColor - '4999'; " / X d iir la - 3 3v_dvar x / d 1 v x input id - "sb_orrt_go" cla33="3w_qbtn" t i t l e - *Search" Search
A lfe itsft
"
0%>0
E th ic a l H ack in g and Counterm easures Copyright by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
M o d u le 11 - S e s s io n H ija c k in g
T o o l s
H#p
ti rl w 0
Request** | Response^ leaser leu Uoy: Ta1 Break v
HTTP/1.1 200 OK
= text value=' 3
3nf ocua,
tocunent.ge! ' Elenenc3yId|,aw b 1).9tyle.borderColor='#3366fcb,;w onblur docunent.getElenentByld I*sw_b' J .styleborderColor' - #999 ";/X d i class 3v_dv:1r "></cL.v><input rd="sb_forrt_go" class="sw_qbtn" t!tle="Search"
Sp d-f
B1 *e Force Search
jjf
Oufcut ______
1
3
GET GET
r r l t p S f f l M N . C i n gcorV 9 * * * * * cov
389ms 389ms
Current Scans 0 # 0
^ 0
_ 0 y o
F IG U R E
Z8: P a ro s w i t h
m o d if ie d tra p o p t io n c o n te n t
N o te : H e r e w e a re c h a n g in g th e te x t C a k e s to C a rs ; th e b in g s e a r c h s h o w s C a rs , w h e r e a s th e re s u lts d is p la y e d a re f o r C a k e s. 2 6 . O b s e r v e t h e B in g s e a r c h w e b p a g e d i s p l a y e d 1 1 1 t h e b r o w s e r w i t h search q u e ry as C a k e s .
X
WEB IMAGES VDEOS HEWS MORE
2) www.bing.corn/search?q=cars&go=&qsn&form =Q BLH&filt=all&pq=cars&sc=0
L y d J I t is b a s e d o n d ie c o n c e p t o f S e s s io n T o k e n s , w h i c h a re H T T P m e s s a g e p a r a m e t e r s ( f o r n o w o n ly C o o k ie s ) w h ic h a llo w a n H T T P s e rv e r to c o n n e c t a re q u e s t m essage w ith a ny p r e v io u s re q u e s ts o r d a ta s t o r e d . I n t h e ca se o f Z a p r o x y , c o n c e p t u a lly , s e s s io n t o k e n s h a v e b e e n c la s s if ie d i n t o 2 c a te g o r ie s : d e f a u lt s e s s io n t o k e n s a n d s ite s e s s io n t o k e n s . T h e d e f a u lt s e s s io n t o k e n s a re th e o n e s th a t th e u s e r ca n s e t i n d ie O p t io n s S c re e n a n d a re t o k e n s t h a t a re , b y d e f a u lt , a u t o m a t ic a lly c o n s id e r e d s e s s io n t o k e n s f o r a n y s ite (e g . p h p s e s s id , js e s s io n id , e tc ) . T h e s ite s e s s io n t o k e n s a re a s e t o f t o k e n s f o r a p a r t i c u la r s ite a n d a re u s u a lly s e t u p u s in g t h e p o p u p m e n u s a v a ila b le in th e P a ra m s T a b .
Beta
t> 1n q
357.00 0 0 RESULTS
l-naaes cflcakesl
tnrq com/maces
C a ke
en w k p*da og Wkt/Cake Varieties Special-purpose cakes Shapes Cake flout Cake decorating Cake ts a forrr cf bread ot bread-like food In its modern forms, it is typically a sweet baod dessert In As oldest forms, cakoc voro normally fnod broadc or
F I G U R E 2 .6 : S e a rc h r e s u lt s w i n d o w a f t e r m o d if y in g t h e c o n t e n t
L a b A n a ly s is
A n a ly z e a n d d o c u m e n t d i e r e s u lts r e l a te d t o d ie la b e x e rc is e . G iv e y o u r o p i n i o n o n y o u r ta r g e ts s e c u n t y p o s t u r e a n d e x p o s u r e . T o o l/U tility I n f o r m a tio n C o lle c te d /O b je c tiv e s A c h ie v e d Z e d A tta c k P ro x y R e d i r e c t i n g t h e r e q u e s t m a d e i n B in g S S L c e rtif ic a te to h a c k in to a w e b s ite
E th ic a l H ack in g and Counterm easures Copyright by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
Q u e s t io n s
1. E v a lu a t e e a c h o f t h e f o llo w in g P a r o s p r o x y o p ti o n s : a. b. c. d. T ra p R eq u est T ra p R esp o n se C o n tin u e B u tto n D r o p B u tto n
I n te r n e t C o n n e c tio n R e q u ire d 0 Y es No
P la tfo rm S u p p o rte d 0 C la s s ro o m !L ab s
E th ic a l H ack in g and Countem ieasures Copyright by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.