Suche senden
Hochladen
App과 Server의 은밀한 대화
•
Als KEY, PDF herunterladen
•
0 gefällt mir
•
664 views
Rock Kang
Folgen
7/17 세션발표 자료
Weniger lesen
Mehr lesen
Melden
Teilen
Melden
Teilen
1 von 12
Jetzt herunterladen
Empfohlen
Certificate Requirements of APEC Economies 2011
Certificate Requirements of APEC Economies 2011
Asian Food Regulation Information Service
Posiadlo Ksiezy Mlyn Concept
Posiadlo Ksiezy Mlyn Concept
jbielecki
Sample portfolio1
Sample portfolio1
mkboudewyns
Native Application Development With Qt by Rahul Nimbahlkar
Native Application Development With Qt by Rahul Nimbahlkar
Ashley Walker
Általános Szerződési Feltételek
Általános Szerződési Feltételek
MediaMetrix
Anna bhaaryato
Anna bhaaryato
venkatesha9
Analisis Forense Memoria RAM
Analisis Forense Memoria RAM
Conferencias FIST
Redes sociales ESP
Redes sociales ESP
Joaquin Niza Contreras
Empfohlen
Certificate Requirements of APEC Economies 2011
Certificate Requirements of APEC Economies 2011
Asian Food Regulation Information Service
Posiadlo Ksiezy Mlyn Concept
Posiadlo Ksiezy Mlyn Concept
jbielecki
Sample portfolio1
Sample portfolio1
mkboudewyns
Native Application Development With Qt by Rahul Nimbahlkar
Native Application Development With Qt by Rahul Nimbahlkar
Ashley Walker
Általános Szerződési Feltételek
Általános Szerződési Feltételek
MediaMetrix
Anna bhaaryato
Anna bhaaryato
venkatesha9
Analisis Forense Memoria RAM
Analisis Forense Memoria RAM
Conferencias FIST
Redes sociales ESP
Redes sociales ESP
Joaquin Niza Contreras
Strain Letter for Kyle
Strain Letter for Kyle
Kyle Erwin
Somkait
Somkait
somkait
PRESENTACIÓ CURS 2010-2011
PRESENTACIÓ CURS 2010-2011
guest7ee1090
Criacao Aula14
Criacao Aula14
Douglas Miquelof
Portfolio
Portfolio
caseyleigh09
自動テストデザインパターン@XP祭り2006
自動テストデザインパターン@XP祭り2006
Kuniaki Igarashi
มุมมองชิ้นงาน
มุมมองชิ้นงาน
PomPam Comsci
Understanding Cause & Effect in Customer Behaviour
Understanding Cause & Effect in Customer Behaviour
Data Science London
ใบความรู้ที่ 2.15 ฟอร์ม-2
ใบความรู้ที่ 2.15 ฟอร์ม-2
Samorn Tara
Latihan chapter 3 modul-pratikum pbo fix-pages
Latihan chapter 3 modul-pratikum pbo fix-pages
YUSRA FERNANDO
Tabledown
Tabledown
T.C. Chou
Programming Contest Hacks
Programming Contest Hacks
Kosei Moriyama
2018 jPrime Deconstructing and Evolving REST Security
2018 jPrime Deconstructing and Evolving REST Security
David Blevins
Go Web Development
Go Web Development
Cheng-Yi Yu
スマートフォンサイトの作成術 - 大川洋一
スマートフォンサイトの作成術 - 大川洋一
okyawa
Scim overview
Scim overview
Morteza Ansari
초기 스타트업의 AWS - 김지훈(투어라이브) :: AWS Community Day Online 2020
초기 스타트업의 AWS - 김지훈(투어라이브) :: AWS Community Day Online 2020
AWSKRUG - AWS한국사용자모임
2018 Denver JUG Deconstructing and Evolving REST Security
2018 Denver JUG Deconstructing and Evolving REST Security
David Blevins
OSGI workshop - Become A Certified Bundle Manager
OSGI workshop - Become A Certified Bundle Manager
Skills Matter
2018 Boulder JUG Deconstructing and Evolving REST Security
2018 Boulder JUG Deconstructing and Evolving REST Security
David Blevins
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
CODE BLUE
ニコニコ動画を検索可能にしてみよう
ニコニコ動画を検索可能にしてみよう
genta kaneyama
Weitere ähnliche Inhalte
Was ist angesagt?
Strain Letter for Kyle
Strain Letter for Kyle
Kyle Erwin
Somkait
Somkait
somkait
PRESENTACIÓ CURS 2010-2011
PRESENTACIÓ CURS 2010-2011
guest7ee1090
Criacao Aula14
Criacao Aula14
Douglas Miquelof
Portfolio
Portfolio
caseyleigh09
自動テストデザインパターン@XP祭り2006
自動テストデザインパターン@XP祭り2006
Kuniaki Igarashi
มุมมองชิ้นงาน
มุมมองชิ้นงาน
PomPam Comsci
Understanding Cause & Effect in Customer Behaviour
Understanding Cause & Effect in Customer Behaviour
Data Science London
ใบความรู้ที่ 2.15 ฟอร์ม-2
ใบความรู้ที่ 2.15 ฟอร์ม-2
Samorn Tara
Latihan chapter 3 modul-pratikum pbo fix-pages
Latihan chapter 3 modul-pratikum pbo fix-pages
YUSRA FERNANDO
Was ist angesagt?
(10)
Strain Letter for Kyle
Strain Letter for Kyle
Somkait
Somkait
PRESENTACIÓ CURS 2010-2011
PRESENTACIÓ CURS 2010-2011
Criacao Aula14
Criacao Aula14
Portfolio
Portfolio
自動テストデザインパターン@XP祭り2006
自動テストデザインパターン@XP祭り2006
มุมมองชิ้นงาน
มุมมองชิ้นงาน
Understanding Cause & Effect in Customer Behaviour
Understanding Cause & Effect in Customer Behaviour
ใบความรู้ที่ 2.15 ฟอร์ม-2
ใบความรู้ที่ 2.15 ฟอร์ม-2
Latihan chapter 3 modul-pratikum pbo fix-pages
Latihan chapter 3 modul-pratikum pbo fix-pages
Ähnlich wie App과 Server의 은밀한 대화
Tabledown
Tabledown
T.C. Chou
Programming Contest Hacks
Programming Contest Hacks
Kosei Moriyama
2018 jPrime Deconstructing and Evolving REST Security
2018 jPrime Deconstructing and Evolving REST Security
David Blevins
Go Web Development
Go Web Development
Cheng-Yi Yu
スマートフォンサイトの作成術 - 大川洋一
スマートフォンサイトの作成術 - 大川洋一
okyawa
Scim overview
Scim overview
Morteza Ansari
초기 스타트업의 AWS - 김지훈(투어라이브) :: AWS Community Day Online 2020
초기 스타트업의 AWS - 김지훈(투어라이브) :: AWS Community Day Online 2020
AWSKRUG - AWS한국사용자모임
2018 Denver JUG Deconstructing and Evolving REST Security
2018 Denver JUG Deconstructing and Evolving REST Security
David Blevins
OSGI workshop - Become A Certified Bundle Manager
OSGI workshop - Become A Certified Bundle Manager
Skills Matter
2018 Boulder JUG Deconstructing and Evolving REST Security
2018 Boulder JUG Deconstructing and Evolving REST Security
David Blevins
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
CODE BLUE
ニコニコ動画を検索可能にしてみよう
ニコニコ動画を検索可能にしてみよう
genta kaneyama
FI MUNI 2012 - iOS Basics
FI MUNI 2012 - iOS Basics
Petr Dvorak
There and Back Again, A Developer's Tale
There and Back Again, A Developer's Tale
Neo4j
Medium TechTalk — iOS
Medium TechTalk — iOS
jimmyatmedium
PHP記帳網頁教材(第一頁是空白的)
PHP記帳網頁教材(第一頁是空白的)
TaiShunHuang
Why you should be using structured logs
Why you should be using structured logs
Stefan Krawczyk
Selenium再入門
Selenium再入門
Norio Suzuki
MFF UK - Introduction to iOS
MFF UK - Introduction to iOS
Petr Dvorak
Inspec one tool to rule them all
Inspec one tool to rule them all
Kimball Johnson
Ähnlich wie App과 Server의 은밀한 대화
(20)
Tabledown
Tabledown
Programming Contest Hacks
Programming Contest Hacks
2018 jPrime Deconstructing and Evolving REST Security
2018 jPrime Deconstructing and Evolving REST Security
Go Web Development
Go Web Development
スマートフォンサイトの作成術 - 大川洋一
スマートフォンサイトの作成術 - 大川洋一
Scim overview
Scim overview
초기 스타트업의 AWS - 김지훈(투어라이브) :: AWS Community Day Online 2020
초기 스타트업의 AWS - 김지훈(투어라이브) :: AWS Community Day Online 2020
2018 Denver JUG Deconstructing and Evolving REST Security
2018 Denver JUG Deconstructing and Evolving REST Security
OSGI workshop - Become A Certified Bundle Manager
OSGI workshop - Become A Certified Bundle Manager
2018 Boulder JUG Deconstructing and Evolving REST Security
2018 Boulder JUG Deconstructing and Evolving REST Security
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
ニコニコ動画を検索可能にしてみよう
ニコニコ動画を検索可能にしてみよう
FI MUNI 2012 - iOS Basics
FI MUNI 2012 - iOS Basics
There and Back Again, A Developer's Tale
There and Back Again, A Developer's Tale
Medium TechTalk — iOS
Medium TechTalk — iOS
PHP記帳網頁教材(第一頁是空白的)
PHP記帳網頁教材(第一頁是空白的)
Why you should be using structured logs
Why you should be using structured logs
Selenium再入門
Selenium再入門
MFF UK - Introduction to iOS
MFF UK - Introduction to iOS
Inspec one tool to rule them all
Inspec one tool to rule them all
App과 Server의 은밀한 대화
1.
!? [App
Server ] 2010. 7. 17 ( )
2.
!
• /( ) CTO • 2005~2010 : SK - / - ( , , , ) • contact : @cserock | http://rockk.egloos.com blueonion • : • 2010. 4 • 24 ( :3 ) • http://blueonionsoft.com blueonion
3.
http://www.test.com/getUserInfo.php?id=234
XML or JSON blueonion
4.
! •
http://test.com/savePoint.php?id=2&point=450 • http://test.com/updateUserInfo.php?id=2&password=teertfdsa • http://test.com/getUserInfo.php?id=2 blueonion
5.
; •
endpoint : savePoint.php, updateUserInfo.php ! • data : id, point, password ! • Abusing ! savePoint.php id=3&point=500000 ? blueonion
6.
,‘
’ . • - App “ ” • . • - • - . blueonion
7.
http://www.test.com?st=xndje3e2j3%dws3olnf
XML or JSON blueonion
8.
•
AES-128 • CryptoHelper ( ) • CommonCrypto / Security framework • st(security token) • libmcrypt • php mcrypt function • st blueonion
9.
: // make parameter NSString
*param = [[NSString stringWithFormat:@"id=2&point=450&nonce=%d", rand()] stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding]; // make st (key is ‘123456789abcdef’) NSString *st = [[CryptoHelper sharedInstance] encryptString:param]; // now lets create the body of the post NSMutableData *body = [NSMutableData data]; [body appendData:[[NSString stringWithFormat:@"rn--%@rn",boundary] dataUsingEncoding:NSUTF8StringEncoding]]; [body appendData:[[NSString stringWithFormat:@"Content-Disposition: form-data; name="st"rnrn%@", st] dataUsingEncoding:NSUTF8StringEncoding]]; [body appendData:[[NSString stringWithFormat:@"rn--%@--rn",boundary] dataUsingEncoding:NSUTF8StringEncoding]]; [request setHTTPBody:body]; blueonion
10.
: <?php // base64 decode
st $tmp_st = base64_decode($_POST[‘st’]); // decrypt st (key is ‘123456789abcdef’) $st = urldecode(trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, ‘123456789abcdef’, $tmp_st, MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_ECB), MCRYPT_RAND)))); // st is ‘id=2&point=450&nonce=12342234’ ?> blueonion
11.
•
HTTP_USER_AGENT => App • framework => => endpoint • st(security token) timestamp • blueonion
12.
Thanks for attention
Hinweis der Redaktion
Jetzt herunterladen