More Related Content
Similar to Ceh v8 labs module 11 session hijacking
Similar to Ceh v8 labs module 11 session hijacking (20)
Ceh v8 labs module 11 session hijacking
- 1. C EH
S e s s i o n
H
Lab
M a n u a l
i j a c k i n g
M o d u le
11
- 2. M o d u le 11 - S e s s io n H ija c k in g
H ija c k in g
S e s s io n s
Session hijacking refers to the exploitation o f a valid com puter session, ))herein an
a tta c h r takes over a session between two computers.
I C O N
&
K E Y
V a lu a b le in f o r m a t io n
T e s t y o u r k n o w le d g e
H
W e b e x e r c is e
m
W o r k b o o k r e v ie w
L a b S c e n a r io
S o u rc e : h ttp : / /k r e b s o n s e c u r i t v .c o m / 2 0 1 2 / 1 1 / y a h o o -e m a il-s te a lin g -e x p lo itf e t c h e s - 7 ()(!)
A c c o r d i n g t o K r e b s o n S e c u r i t y n e w s a n d i n v e s t i g a t i o n , z e r o - d a v v u l n e r a b i l i t y 111
y a h o o . c o m t h a t le t s a t t a c k e r s h i j a c k Y a h o o ! e m a i l a c c o u n t s a n d r e d i r e c t u s e r s t o
m a lic io u s w e b s ite s o tt e r s a fa s c in a tin g g lim p s e in t o th e u n d e r g r o u n d m a r k e t f o r
la r g e - s c a l e e x p lo i ts .
The
e x p lo it,
b e in g
s o ld
fo r S700
by
an
E g y p tia n
hacker on
an
e x c lu s iv e
c y b e r c r i m e f o r u m , t a r g e t s a “ c r o s s - s i t e s c r i p t i n g ” (X S S ) w e a k n e s s i n v a h o o . c o m
t h a t le t s a t t a c k e r s s t e a l c o o k i e s f r o m Y a h o o ! w e b m a i l u s e r s . S u c h a f l a w w o u l d
le t a tta c k e r s s e n d o r r e a d e m a il f r o m
t h e v i c t i m ’s a c c o u n t . 111 a ty p i c a l X S S
a t t a c k , a n a t t a c k e r s e n d s a m a l i c i o u s li n k t o a n u n s u s p e c t i n g u s e r ; i f t h e u s e r
c lic k s t h e li n k , t h e s c r i p t is e x e c u t e d , a n d c a n a c c e s s c o o k i e s , s e s s i o n t o k e n s , o r
o t h e r s e n s i t i v e i n f o r m a t i o n r e t a i n e d b y t h e b r o w s e r a n d u s e d w i t h t h a t s ite .
T h e s e s c r ip ts c a n e v e n re w rite th e c o n te n t o f th e H T M L p a g e .
K r e b s O n S e c u r ity .c o m
a le r te d Y a h o o ! to
s a y s i t is r e s p o n d i n g t o
th e v u ln e r a b ility , a n d th e c o m p a n y
t h e is s u e . R a m s e s M a r t i n e z , d i r e c t o r o f s e c u r i t y a t
Y a h o o ! , s a i d t h e c h a l l e n g e n o w is w o r k i n g o u t t h e e x a c t v a h o o . c o m U R L t h a t
t r i g g e r s t h e e x p l o i t , w h i c h is d i f f i c u l t t o d i s c e r n f r o m w a t c h i n g t h e v i d e o .
T h e s e t y p e s o t v u l n e r a b i l i t i e s a r e a g o o d r e m i n d e r t o b e e s p e c i a ll y c a u t i o u s
a b o u t c li c k in g li n k s 1 1 1 e m a i ls f r o m s t r a n g e r s o r 1 11 m e s s a g e s t h a t y o u w e r e n o t
e x p e c tin g .
B e in g a n d a d m in is tr a to r y o u s h o u ld im p le m e n t s e c u r ity m e a s u r e s a t A p p lic a tio n
le v e l
and
N e tw o rk
le v e l
to
p ro te c t y o u r
n e tw o rk
fro m
s e s s io n
h ij a c k in g .
N e t w o r k l e v e l h ij a c k s is p r e v e n t e d b y p a c k e t e n c r y p t i o n w h i c h c a n b e o b t a i n e d
b y u s i n g p r o t o c o l s s u c h a s I P S E C , S S L , S S H , e tc . I P S E C a ll o w s e n c r y p t i o n o f
p a c k e ts o n s h a r e d k e y b e tw e e n th e tw o s y s te m s in v o lv e d 111 c o m m u n ic a tio n .
A p p l i c a t i o n - l e v e l s e c u r i t y is o b t a i n e d b y u s i n g s t r o n g s e s s i o n I D . S S L a n d S S H
a ls o
p ro v id e s
s tro n g
e n c ry p tio n
u sin g
SSL
c e rtif ic a te s
to
p re v e n t
s e s s io n
h ij a c k in g .
L a b O b j e c t iv e s
T h e o b j e c t i v e o f th i s l a b is t o h e l p s u i d e n t s l e a r n s e s s i o n h i j a c k i n g a n d t a k e
n e c e s s a r y a c t i o n s t o d e f e n d a g a i n s t s e s s i o n h ij a c k in g .
1 1 1 th i s l a b , y o u w ill:
■
C E H La b M anual Page 716
I n t e r c e p t a n d m o d i tv w e b t r a f f i c
E th ic a l H ack in g and Countem ieasures Copyright © by EC-Council
A ll Rights Reserved. Reproduction is Stricdy Prohibited.
- 3. M o d u le 11 - S e s s io n H ija c k in g
■
S 7Tools
dem onstrated in
this lab are
available in
D:CEHToolsCEHv8
Module 11
Session Hijacking
S i m u l a t e a T r o j a n , w h i c h m o d i f i e s a w o r k s t a t i o n 's p r o x y s e r v e r s e t t i n g s
L a b E n v ir o n m e n t
T o c a r r y o u t tin s , v o u n e e d :
■
A c o m p u t e r m i m i n g W indows Server 2012 as host m achine
■
T liis la b w ill m n o n W indows 8 v ir tu a l m a c h i n e
■
W e b b r o w s e r w ith I n te r n e t acc e ss
■
A d m in i s t r a ti v e p riv ile g e s t o c o n f i g u r e s e ttin g s a n d m n to o l s
L a b D u r a t io n
T im e : 2 0 M i n u te s
O v e r v ie w o f S e s s io n H ija c k in g
m
.
TASK
1
O verview
S e s s io n h ija c k in g r e f e r s t o th e exploitation o f a v a lid c o m p u t e r s e s s io n w h e r e a n
a tt a c k e r takes over a s e s s io n b e t w e e n t w o c o m p u t e r s . T h e a tt a c k e r steals a v a lid
s e s s io n I D , w h i c h is u s e d t o g e t i n t o th e s y s te m a n d sniff th e d a ta .
111 TC P session lu ja c k in g , a n a tt a c k e r ta k e s o v e r a T C P
s e s s io n b e t w e e n tw o
m a c h i n e s . S in c e m o s t authentications o c c u r o n ly a t t h e s t a r t o f a T C P s e s s io n , th is
a llo w s t h e a tt a c k e r t o gain access t o a 1 1 1 a c lim e .
Lab T asks
P ic k a n o r g a n i z a ti o n d i a t y o u fe e l is w o r t h y o f y o u r a tt e n ti o n . T in s c o u l d b e a n
e d u c a t io n a l in s ti tu t io n , a c o m m e r c i a l c o m p a n y , o r p e r h a p s a n o n p r o t i t c h a n ty .
R e c o m m e n d e d la b s t o a s s is t y o u 111 s e s s io n lu ja c k m g :
י
S e s s io n lu ja c k in g u s i n g Z A P
L a b A n a ly s is
A n a ly z e a n d d o c u m e n t d ie r e s u lts r e l a te d t o th e la b e x e rc is e . G iv e y o u r o p i n i o n o n
y o u r ta r g e t’s s e c u r ity p o s m r e a n d e x p o s u r e .
P L E A S E
T A L K
T O
Y O U R
I N S T R U C T O R
R E L A T E D
C E H La b M anual Page 717
T O
T H I S
I F
Y O U
H A V E
Q U E S T I O N S
L A B .
E th ic a l H ack in g and Counterm easures Copyright © by EC-Council
A ll Rights Reserved. Reproduction is Stricdy Prohibited.
- 4. M o d u le 11 - S e s s io n H ija c k in g
Lab
S e s s io n
P r o x y
H ija c k in g
U s in g
Z e d
A t t a c k
(Z A P )
The O W A S P Z ed A tta c k P roxy (Z A P ) is an easy-to-use integratedpenetration
testing toolfo r fin d in g vulnerabilities in n ׳eb applications.
1 C < N
O
K E Y
(7 ~ / V a l u a b l e
in fo r m a tio n
L a b S c e n a r io
A tta c k e rs a re c o n tin u o u s ly w a tc h in g f o r w e b s ite s to h a c k a n d d e v e lo p e rs m u s t
b e p r e p a r e d to c o u n te r - a t ta c k m a lic io u s h a c k e r s b y w r itin g s tr o n g s e c u r e c o d e s .
5
Test yo ur
A c o m m o n f o r m o f a t t a c k is s e s s i o n h i j a c k i n g , i.e ., a c c e s s i n g a w e b s i t e u s i n g
k n o w le d g e
y
s o m e o n e e l s e ’s s e s s i o n I D . A s e s s i o n I D m i g h t c o n t a i n c r e d i t c a r d d e ta i ls ,
=
W e b e x e r c is e
m
W o r k b o o k r e v ie w
p a s s w o r d s , a n d o th e r s e n s itiv e i n f o r m a t io n th a t c a n b e m is u s e d b y a h a c k e r.
S e s s io n h ija c k in g a tta c k s a re p e r f o r m e d e ith e r b y s e s s io n I D g u e s s in g 0 1 ־b y
s to le n s e s s io n I D c o o k ie s . S e s s io n I D g u e s s in g in v o lv e s g a th e r in g a s a m p le o f
s e s s i o n I D s a n d “ g u e s s i n g ” a v a l i d s e s s i o n I D a s s i g n e d t o s o m e o n e e ls e . I t is
a lw a y s r e c o m m e n d e d n o t t o r e p l a c e A S P . N E T s e s s i o n I D s w i t h I D s o f y o u r
o w n , a s t h i s w ill p r e v e n t s e s s i o n I D g u e s s in g . S t o l e n s e s s i o n I D c o o k i e s s e s s i o n
h ija c k in g a tta c k c a n b e p r e v e n t b y u s in g S S L ; h o w e v e r, u s in g c ro s s -s ite s c r ip tin g
a tta c k s a n d o th e r m e t h o d s , a tta c k e r s c a n s te a l th e s e s s io n I D c o o k ie s . I f a n
a t t a c k e r g e t s a h o l d o f a v a li d s e s s i o n I D , t h e n A S P . N E T c o n n e c t s t o t h e
c o r r e s p o n d in g s e s s io n w ith 110 f u r th e r a u th e n tic a tio n .
T h e r e a r e m a n y t o o l s e a s ily a v a il a b le n o w t h a t a t t a c k e r s u s e t o h a c k i n t o
w e b s i t e s 0 1 ־u s e r d e ta i ls . O n e o f t h e t o o l s is F i r e s h e e p , w h i c h is a n a d d - 0 1 1 f o r
F i r e f o x . W h i l e y o u a r e c o n n e c t e d t o a n u n s e c u r e w i r e l e s s n e t w o r k , ti n s F i r e f o x
a d d - 0 1 1 c a n s n i f f t h e n e t w o r k tr a f f i c a n d c a p t u r e a ll y o u r i n f o r m a t i o n a n d
p r o v i d e i t to t h e h a c k e r 111 t h e s a m e n e t w o r k . T h e a t t a c k e r c a n n o w u s e tin s
in f o r m a tio n a n d lo g in as y o u .
A s a n e t h i c a l h a c k e r , p e n e tr a tio n te s te r, 0 1 s e c u r i t y a d m i n is tr a t o r , y o u
s h o u ld b e fa m ilia r w ith n e tw o r k a n d w e b a u th e n tic a tio n m e c h a n is m s . I n y o u r
ro le o f w e b s e c u r ity a d m in is tr a to r , y o u n e e d to te s t w e b s e r v e r tr a ffic f o r w e a k
s e s s i o n ID s , i n s e c u r e h a n d l i n g , i d e n t i t y t h e f t , a n d i n f o r m a t i o n l o s s . A lw a y s
e n s u r e t h a t y o u h a v e a n e n c r y p t e d c o n n e c t i o n u s i n g h t t p s w h i c h w ill m a k e t h e
s n iffin g o f n e tw o r k p a c k e ts d if f ic u lt f o r a n a tta c k e r. A lte r n a tiv e ly , Y P N
C E H La b M anual Page 718
E th ic a l H ack in g and Countem ieasures Copyright © by EC-Council
A ll Rights Reserved. Reproduction is Stricdy Prohibited.
- 5. M o d u le 11 - S e s s io n H ija c k in g
c o n n e c tio n s to o c a n b e u s e d to sta y s a fe a n d a d v is e u s e r s to lo g o f f o n c e th e y
a r e d o n e w i t h t h e i r w o r k . 111 t i n s la b y o u w ill l e a r n t o u s e Z A P p r o x y t o
i n t e r c e p t p r o x i e s , s c a n n i n g , e tc .
L a b O b j e c t iv e s
T h e o b j e c t i v e o f ti n s l a b is t o h e l p s t u d e n t s l e a r n s e s s i o n l n j a c k n i g a n d h o w t o
t a k e n e c e s s a r y a c t i o n s t o d e f e n d a g a i n s t s e s s i o n l n j a c k n ig .
1 1 1 t i n s l a b , y o u w ill:
■
■
Tools
dem onstrated in
this lab are
available in
D:CEHToolsCEHv8
Module 11
Session Hijacking
I n t e r c e p t a n d m o d i f y w e b tr a f f i c
S i m u l a t e a T r o j a n , w h i c h m o d i f i e s a w o r k s t a t i o n 's p r o x y s e r v e r s e t ti n g s
L a b E n v ir o n m e n t
T o c a n y o u t th e la b , y o u n e e d :
■
P a r o s P r o x y l o c a t e d a t D :C E H -T o o lsC E H v 8 M o d u l e 1 1 S e s s i o n
H i j a c k i n g S e s s i o n H ij a c k i n g T o o l s Z a p r o x y
■
Y o u c a n a ls o d o w n l o a d t h e l a t e s t v e r s i o n o f Z A P f r o m t h e li n k
h ttp : / / c o d e .g o o g le .c o m /p /z a p r o x y /d o w n lo a d s /lis t
■
I f y o u d e c id e to d o w n lo a d th e l a t e s t v e r s io n , th e n s c r e e n s h o ts s h o w n
111 t h e la b m i g h t d if f e r
■
A s y s te m w i t h r u n n i n g W i n d o w s S e r v e r 2 0 1 2 H o s t M a c l n n e
י
R u n tin s t o o l m W i n d o w s 8 Y n t u a l M a c h i n e
י
A w e b b ro w s e r w ith I n te r n e t access
י
A d m in i s t r a ti v e p riv ile g e s t o c o n f i g u r e s e ttin g s a n d m n to o l s
י
E n s u r e t h a t J a v a R u n T im e E n v i r o n m e n t ( J R E ) 7 ( o r a b o v e ) is n is ta lle d . I f
n o t , g o t o h t t p : / / i a v a . s u n . c o m / i 2 s e t o d o w n l o a d a n d n is ta ll it.
L a b D u r a t io n
T n n e : 2 0 M i n u te s
O v e r v ie w o f Z e d A t t a c k P r o x y ( Z A P )
Z e d A t t a c k P r o x y ( Z A P ) is d e s i g n e d t o b e u s e d b y p e o p l e w i t h a w id e r a n g e o f
s e c u r ity e x p e r i e n c e a n d a s s u c h is id e a l f o r d e v e lo p e r s a n d f u n c t i o n a l te s te r s w h o a re
n e w t o p e n e t r a t i o n te s ti n g a s w e ll a s b e n ig a u s e f u l a d d it io n t o a n e x p e n e n c e d p e n
t e s t e r ’s t o o l b o x . I t s f e a t u r e s m c l u d e m t e r c e p t n i g p r o x y , a u t o m a t e d s c a n n e r , p a s s iv e
s c a n n e r , a n d s p id e r.
Lab T asks
m
.
TASK
1
1.
L o g 111 t o y o u r W i n d o w s 8 Y ir t u a l M a c h in e .
Setting-up ZAP
C E H La b M anual Page 719
E th ic a l H ack in g and Counterm easures Copyright © by EC-Council
A ll Rights Reserved. Reproduction is Stricdy Prohibited.
- 6. M o d u le 11 - S e s s io n H ija c k in g
2.
1 1 1 W i n d o w s 8 Y irU ia l M a c h i n e , f o l l o w t h e w i z a r d - d r i v e n i n s t a l l a t i o n
s te p s to in s ta ll Z A P .
3.
T o la u n c h Z A P a fte r in s ta lla tio n , m o v e y o u r m o u s e c u r s o r to th e lo w e rl e f t c o r n e r o f y o u r d e s k t o p a n d c li c k S t a r t .
£ 7
Y o u c a n a ls o
d o w n lo a d Z A P
h t t p : / / c o d e . g o o g le . c o m / p
/ z a p r o s y / d o w n lo a d s / lis t
F I G U R E 2 .1 : P a r o s p r o s y m a in w i n d o w
!2 2
C li c k Z A P 1 .4 .1 1 1 1 t h e S t a r t m e n u a p p s .
A t it s h e a r t Z A P S i n
a n in t e r c e p t in g p r o s y . Y o u
n e e d t o c o n f ig u r e y o u r
b r o w s e r t o c o n n e c t t o d ie
A d m in i-P C £
w e b a p p lic a t io n y o u w is h
t o te s t th r o u g h Z A P . I f
r e q u ir e d y o u c a n a ls o
c o n f ig u r e Z A P t o c o n n e c t
th r o u g h a n o th e r p r o s y t h is is o f t e n n e c e s s a r y i n a
c o r p o r a t e e n v ir o n m e n t .
ZAP 1.4.1
m
4S
S iftt
kyO
Mozilla
Firefox
* י
jr
©
Microsoft
Excel 2010
S
tlim w
־ ־׳ ־
Safari
| ן
Microsoft
PowerPoint
2010
Microsoft
Publisher
2010
(2
I f y o u k n o w h o w to
F I G U R E 2 .2 : P a r o s p r o s y m a in w i n d o w
s e t u p p r o s ie s i n y o u r w e b
b ro w s e r th e n g o ahead a nd
g iv e i t a g o !
5.
s c re e n s h o t.
I f y o u a re u n s u r e t h e n h a v e
a l o o k a t t h e C o n f ig u r in g
p r o s ie s s e c tio n .
C E H La b M anual Page 720
T h e m a in in te r f a c e o f Z A P a p p e a r s , as s h o w n 111 th e fo llo w in g
6.
I t w ill p r o m p t y o u w i t h S S L R o o t C A c e r t i f i c a t e . C li c k G e n e r a t e to
c o n tin u e .
E th ic a l H ack in g and Countenneasures Copyright © by EC-Council
A ll Rights Reserved. Reproduction is Stricdy Prohibited.
- 7. M o d u le 11 - S e s s io n H ija c k in g
O n c e y o u have
c o n f ig u r e d Z A P as y o u r
b r o w s e r 's p r o x y t h e n t r y t o
c o n n e c t t o d ie w e b
a p p lic a t io n y o u w i l l b e
t e s t in g . I f y o u c a n n o t
c o n n e c t to it th e n c h e c k
y o u r p r o s y s e ttin g s a g a in .
Y o u w ill n e e d to c h e c k
y o u r b r o w s e r 's p r o x y
s e tt in g s , a n d a ls o Z A P 's
p r o x y s e ttin g s .
ט
•
.
.
a t t e m p t s t o f i n d p o t e n t ia l
‘
F I G U R E 2.3 : P a ro s p r o x y m a in w in d o w
Active scanning
r
y
v l e a i i i s by using
unrblte
^
O p t i o n s w i n d o w , s e l e c t D y n a m i c S S L c e r t i f i c a t e s t h e n c lic k
r
י
G e n e r a t e t o g e n e r a t e a c e r t i f i c a t e . T h e n c li c k S a v e .
k n o w n a tta c k s a g a in s t t h e
s e le c te d ta r g e ts .
־D I
Options
A c t i v e s c a n n in g is a n a tt a c k
' Options
Active Scan
Arti c s r f T0K3ns
o n th o s e ta r g e ts . Y o u
s h o u ld N O T u s e i t o n w e b
cem n c aie s
Root CA certificate
API
Applicators
Authertc330n
a p p lic a t io n s t h a t y o u d o
n o t ow n.
Ernie Force
certncate
Check Fee l!p<iates
I t s h o u ld b e n o t e d t h a t
Connection
a c tiv e s c a n n in g c a n o n ly
Dat3D3se
D
i
P p<
i5ay
a_____
f i n d c e r t a in ty p e s o f
v u ln e r a b ilit ie s . L o g ic a l
Er code t)e ccde
Extensions
Fuzier
Language
Local prar
Passive Scar
Pon Scan
Session Tokors
v u ln e r a b ilit ie s , s u c h as
b r o k e n a c c e s s c o n t r o l, w i l l
ך
n o t b e f o u n d b y a n y a c tiv e
o r a u t o m a te d v u ln e r a b ilit y
s c a n n in g . M a n u a l
Sp er
id
p e n e t r a t io n t e s t in g s h o u ld
a lw a y s b e p e r f o r m e d i n
a d d it io n t o a c tiv e s c a n n in g
t o f i n d a ll ty p e s o f
v u ln e r a b ilit ie s .
(_ 1
2!L
F I G U R E 2 .4 : P a r o s p r o x y m a in w i n d o w
8.
S a v e th e c e rtif ic a te 111 th e d e f a u lt lo c a tio n o f Z A P . I f th e c e rtif ic a te
a l r e a d y e x is ts , r e p l a c e i t w i t h t h e n e w o n e .
C E H La b M anual Page 721
E th ic a l H ack in g and Counterm easures Copyright © by EC-Council
A ll Rights Reserved. Reproduction is Stricdy Prohibited.
- 8. M o d u le 11 - S e s s io n H ija c k in g
וי ד
O p tio n s
rOptions
u a
A
c enmr.aies
Active 3can
*«־CSRF TOK&aS 1
API
Actficaions
RoolCAcaitncate
■p■ Generate j
Anvag,__
^t can
r
11 a le r t is a p o t e n t ia l
MI 103:CCAsaaAwIBAal:JMz •♦ur
JK02 .hv cly
H 9 0 NTp CBHh ;«U Jv H j-Jn v C I|r
lc XV 0 FlZ 3 d a V c H » V 9 d B
O Z H < C u t» M0 X t'K < (w T *a:!‘
D 3 :0 O T 7 M a C ^ C 3 N l .
ן
v u ln e r a b ilit y a n d is
tit II a 1, a inn! t 1
>
a s s o c ia te d w i t h a s p e c if ic
Look m: I B A d r tn iP C
r e q u e s t. A r e q u e s t c a n h a v e
m o r e t h a n o n e a le r t.
IB Contacts
□ e s to p
I B Music
IB Downloads
IB Videos
IB Favorites
jy u ic s
I B OV/ASP ZAP
IB Saved Games
MPictures
1 ^ Documents
Pie Name־
Flos DfTypo
|Q | owasp_zap_root_ca.cer 1
IB S e a r s e s
|owasp_zap_roct_ca cer |
A IFios_______________
. "1־ew
ן
. 3dre
F I G U R E 2 .5 : P a r o s p r o x y m a in w i n d o w
9.
C li c k O K i n t h e O p t i o n s w i n d o w .
Q ־J A n t i C S R F t o k e n s a re
(p s e u d o ) ra n d o m
p a ra m e te rs u s e d t o p r o te c t
a g a in s t C r o s s S ite R e q u e s t
F o r g e r y ( C S R F ) a tta c k s .
H o w e v e r t h e y a ls o m a k e a
p e n e t r a t io n te s te r s jo b
h a r d e r , e s p e c ia lly i f t h e
t o k e n s a re r e g e n e r a te d
e v e r y t im e a f o r m is
re q u e s te d .
1 0 . Y o u r P a r o s p r o x y s e r v e r is n o w r e a d y t o i n t e r c e p t r e q u e s t s .
C E H La b M anual Page 722
E th ic a l H ack in g and Countenneasures Copyright © by EC-Council
A ll Rights Reserved. Reproduction is Strictly Prohibited.
- 9. M o d u le 11 - S e s s io n H ija c k in g
Untitled Session ־OWASP 7A
P
£ile Cdit View Maiy5e Report Toaa Help
נU
]
id , ־sji
D 0
V
© «» ־
s « Q_
Ȥ_
► 0
| KsquMI
| Nespcrs*v=
JBrea* .
j
H 3« •t ▼ B d : I•t _▼ l ־l i
©c r x J o y x ) T
ActvoScan $
f
SpidorS^;
Brute Force ^
)
Port Scan :
}
Fuzzsri,^
]
PararrtSLj [
A9t
J:3
B a P in v-i
re k o ts
3utput
Filter.CFF
Aieits ^ 0 k-0 . 0 ao
m
current scans
ft
0_
0
0
Z A P d e te c ts a n t i
C S R F t o k e n s p u r e ly b y
F I G U R E 2 .7 : P a r o s p r o x y m a in w i n d o w
a t t r i b u t e n a m e s - t h e l is t o f
a t t r i b u t e n a m e s c o n s id e r e d
1 1 . L a u n c h a n y w e b b r o w s e r , 1 11 t h i s k b w e a r e u s i n g t h e C h r o m e b r o w s e r .
t o b e a n t i C S R F t o k e n s is
c o n f ig u r e d u s in g t h e
O p t io n s A n t i C S R F s c re e n .
W h e n Z A P d e t e c ts th e s e
12. Y o u r V M w o rk s ta tio n s h o u ld h a v e C h ro m e v e r s io n 2 2 .0 o r la t e r
in s ta l le d .
t o k e n s i t r e c o r d s d ie t o k e n
v a lu e a n d w h i c h U R L
g e n e r a te d t h e t o k e n .
1 3 . C h a n g e t h e P r o x y S e r v e r s e t t i n g s 1 1 1 C h r o m e , b y c li c k in g t h e
C u s t o m i z e a n d c o n t r o l G o o g l e C h r o m e b u t t o n , a n d t h e n c lic k
S e ttin g s .
Tab
M C
י
Foi q k c c ; p ycur bsotrnarfa hr* an Sie t n t r o t i bs׳
uick
lace
N tab
ew
N vw d w
ew o o
N in n w o
r*■ ccg iro ind w
Bocfcm
iria
EM
C C
ut op, P»ae
- - .להגו
Q
S«vt p «
»9
Fd
in ...
Td
os
r«T |
S nint« C n**..
ig
hio
0 •>0זיW«b S:c#׳
יי
F I G U R E 2.8 : I E I n t e r n e t O p t io n s w in d o w
1 4 . O n t h e G o o g l e C h r o m e S e t t i n g s p a g e , c li c k t h e S h o w a d v a n c e d
s e t t i n g s . . . l i n k b o t t o m o f t h e p a g e , a n d t h e n c lic k t h e C h a n g e p r o x y
L U s i Z A P p r o v id e s a n
s e t t i n g s ... b u tto n .
A p p l i c a t i o n P r o g r a m m in g
In te rfa c e ( A P I) w h ic h
a llo w s y o u t o in t e r a c t w i t h
Z A P p r o g r a m m a t ic a lly .
T h e A P I is a v a ila b le i n
JS O N , H T M L and X M L
fo r m a ts . T h e A P I
d o c u m e n t a t io n is a v a ila b le
v ia t h e U R L h t t p : / / z a p /
w h e n y o u a re p r o x y in g v ia
ZAP.
C E H La b M anual Page 723
E th ic a l H ack in g and Countenneasures Copyright © by EC-Council
A ll Rights Reserved. Reproduction is Stricdy Prohibited.
- 10. M o d u le 11 - S e s s io n H ija c k in g
» ■ ־ ־C
»
*
Chrome
Li r^rorr*//chrom
e/settings/
Settings
Ocoy't ihc'H o 1&ngj cuf tcnpvtar't 1, 111 !״prw 1« !״ji tocenntct(0tht nctw i
y M
o
I Ch»»91 p>**y 1«1» י
|
LtnguigK
C t * • CN0(*«►Tjk; Md to t*> ־Unguises
*v*«0 x •
Mx •
p 5
l»9<
׳u»9««td ifx - t1 <<*dings...
a< « k (
« Cfltris t»*n a»cr»IKx irm'l in1 L n u g I re d
/
*i*te
agae a
D lc*dk-n& C 1 e1’.A rT 1 Eo n fe
svm
ott '.C r d w w lc«<
[I
*•4 n t10
»^
C ang
h e..
«K fifcMc׳i d l< )
»
c* ״w1"9
<
HTTPVSSL
M«^e(0t1Aul6_ Chedtforseva certrfieaterrw cjb n
o o
Google Ooud Pnnt
G og C u Mrs las you seeettth« e » p jte 5p te fromanyv.h C toe a
o le lo d
e n « r rin rs
ere lick n b
B30tg־
w,־d apes
• Co ׳ ׳v* v « 9 t v91- -׳Jt i .* ־
i
>־
* ״j ־f - f«n0ocgl«Ch1cn
c
Hide *,?*ז$ » י * ג
. ׳*ז* נ > ׳
F I G U R E 2 .9 : P a r o s p r o x y m a in w i n d o w
1 5 . 111 I n t e r n e t P r o p e r t i e s w i z a r d , c lic k C o n n e c t i o n s a n d c li c k L A N
S e ttin g s .
Internet Properties
General Security Privacy Content |"Connections [ Prpgram *dvanced
e
Toset up an Interne: connection, dek
Setup.
Setup
Dial-up and Virtual Private Network settings
Settirg
c
% Never da a ccmeoon
C) O a whenever a networkc n ection i notpresent
ii
on
s
4־Always dal my defait c n ection
'
cn
Cure*־
None
Set d f u t
eal
Local Area Network (LAN) settings
LAS Settrtgsdo not apoly to dialup connections.
Choose Settngs aoove for dal ■psettngs.
u
|
LAN settings
|
F I G U R E 2 .1 0 : I E I n t e r n e t O p t io n s w in d o w w i t h C o n n e c tio n s ta b
1 6 . C h e c k U s e a p r o x y s e r v e r f o r y o u r L A N , ty p e 1 2 7 . 0 . 0 1 1 1 1 t h e A d d r e s s ,
e n t e r 8 0 8 0 1 1 1 t h e P o r t ti e ld , a n d c li c k O K .
Q =a! C li c k O K s e v e r a l
t im e s u n t i l a ll c o n f ig u r a t io n
d ia l o g b o x e s a re c lo s e d .
C E H La b M anual Page 724
E th ic a l H ack in g and Countem ieasures Copyright © by EC-Council
A ll Rights Reserved. Reproduction is Strictly Prohibited.
- 11. £ Q
I t s h o u ld b e n o t e d
t h a t d ie r e is m i n im a l
s e c u r it y b u i l t i n t o t h e A P I ,
w h i c h is w h y i t is d is a b le d
M o d u le 11 - S e s s io n H ija c k in g
b y d e f a u lt . I f e n a b le d t h e n
t h e A P I is a v a ila b le t o a ll
m a c h in e s t h a t a re a b le t o
u s e Z A P as a p r o x y . B y
Local Area Network (LAN) Settings
d e f a u lt Z A P lis t e n s o n l y o n
'lo c a lh o s t ' a n d s o c a n o n ly
Automatic configuration
b e u s e d fr o m th e h o s t
Automatic configuration may override manual settings. To ensure the
use of manual settings, disable automatic configuration.
m a c h in e .
T h e A P I p r o v id e s a c ce ss t o
@ Automaticaly detect settings
t h e c o r e Z A P fe a tu r e s s u c h
□ Use automatic configuration script
as d ie a c tiv e s c a n n e r a n d
Ades
drs
s p id e r . F u t u r e v e r s io n s o f
Z A P w i l l in c re a s e t h e
Proxy server
f u n c t i o n a l i t y a v a ila b le v ia
raLlse a proxy server for your LAN (These settings w not apply to
ill
LJdial-up or VPN connections).
th e A P i.
Address:
127.0.0.1
Port: | 8080|
|
Advanced
Bypass proxy server for local addresses
Cancel
F I G U R E 2 1 1 : I E I n t e r n e t O p t io n s W i n d o w w i d i P r o x y S e ttin g s W i n d o w
1 7 . C li c k S e t b r e a k o n a l l r e q u e s t s a n d S e t b r e a k o n a l l r e s p o n s e s t o
o
TASK
2
H ij a c k i n g V i c t i m ’s
S e s s io n
t r a p a ll t h e r e q u e s t s a n d r e s p o n s e s f r o m t h e b r o w s e r .
5-------------
Untitled S m sioo - OWASP 7AP
£ 11• EJlt V l r AJUlyb• R»po!l T0 Jt* H*p
'f*
pybiifci g o /
►
e
~
J Sites(* ׳j
________________ Request-^ ]
Response*- [
Break X ]
m
Z A P a llo w s y o u t o t r y
_ Sites
[Header Icxi
*
jtoay: Text
▼
j
PI
t o b r u t e f o r c e d ir e c t o r ie s
a n d file s .
A s e t o f f ile s a re p r o v id e d
w h i c h c o n t a in a la rg e
n u m b e r o f f ile a n d
d ir e c t o r y n a m e s .
A tive Scan A
c
Spdet
|
Brute Force v~
^ז
ד
j
F rre W
u r
.
Param
sLJ
Current Scans £ 0 • * 0 0 ״
m
A b r e a k p o i n t a llo w s
F I G U R E 2 .1 2 : P a r o s p r o x y m a in w i n d o w
y o u t o in t e r c e p t a r e q u e s t
f r o m y o u ! b ro w s e r a n d to
c h a n g e i t b e f o r e is is
18. N o w n a v ig a te to a c h r o m e b r o w s e r , a n d o p e n w w w .b in g .c o m .
s u b m it t e d t o d ie w e b
a p p lic a t io n y o u a re te s t in g .
19. S ta r t a s e a r c h f o r “ C a r s .”
Y o u c a n a ls o c h a n g e t h e
re s p o n s e s r e c e iv e d f r o m
2 0 . O p e n Z A P , w h i c h s h o w s f i r s t t r a p p e d i n c o m i n g w e b tr a f f i c .
t h e a p p lic a t io n T h e r e q u e s t
o r re s p o n s e w i l l b e
2 1 . O b s e r v e th e firs t fe w lin e s o f th e t r a p p e d tr a ffic 111 th e t r a p w in d o w s ,
d is p la y e d i n t h e B r e a k ta b
w h i c h a llo w s y o u t o c h a n g e
d is a b le d o r h id d e n f ie ld s ,
a n d k e e p c li c k in g S u b m i t a n d s t e p t o n e x t r e q u e s t o r r e s p o n s e u n t i l
y o u s e e c a r s 111 t h e G E T r e q u e s t 111 t h e B r e a k ta b , a s s h o w n 111 t h e
a n d w i l l a llo w y o u t o
b y p a s s c lie n t s id e v a lid a t io n
fo llo w in g s c r e e n s h o t.
( o f t e n e n f o r c e d u s in g
ja v a s c r ip t) . I t is a n e s s e n tia l
p e n e t r a t io n t e s t in g
t e c h n iq u e .
C E H La b M anual Page 725
E th ic a l H ack in g and Counterm easures Copyright © by EC-Council
A ll Rights Reserved. Reproduction is Stricdy Prohibited.
- 12. M o d u le 11 - S e s s io n H ija c k in g
U tiM Sessio ־O ASP 7 P
n rd
n W
A
£de Euit VtaA Anaiyfc* Ropoil Tools H«p
to k i ו־וu i
v
כיQ
| Sites* ן
m
F ilt e r s a d d e x tr a
CP 4-© >| >£ ׳
Request-v | Response ־*־Break >41
F Giles
®
(3 אr«1 *w a n g con
p/־
fe a t u r e s t h a t c a n b e a p p lie d
Metr.03
Heoaer: re*1
* j uoav:וe t
x
▼J
hctp://wvw.blng.com/*»arch?q=5»Kgos&qa-nfcrcim =0BlJUfllt-alltpg^c4^).*e^0-0
43p:- ־sak- HTTP/1.1
Hose: wvw.Mng.cox
Proxy-Connection: keep-alive
U3er A;er. : ־Mozilla/S.G !Windows NT 6.2; KOW AcpleWecKit/S37.4 (KHTHL,
64)
.
.lire secJc:. cnrone/22.0.1229.94 saran/537.4
Accept: te x t /h e r! , appl i cation/xhtml■*•xml f appl ic a tio n / xml; q-0.9, * / * ; q- 0 . 8
Rererer: http://vw v.b1ng. con/
Accept-Encoding: 3tier.
Irrrr.T-:j-.rsr.;/cv - rn -"^ rn-n-H P
,______ ___________________________________ I
t o e v e ry re q u e s t a n d
re s p o n s e . B y d e f a u lt n o
f ilt e r s a re in i t i a l l y e n a b le d .
E n a b lin g a ll o f t h e f ilt e r s
m a y s lo w d o w n d ie p r o x y .
F u t u r e v e r s io n s o f d ie Z A P
U s e r G u id e w il l d o c u m e n t
Sidw
p ffi
t h e d e f a u lt f ilt e r s i n d e ta il.
Al&its f t
Searcn
* » »c 1 ׳ 1 0 י
1m
1
Current Scans £ 0 # 1
»-0
0
F I G U R E 2 .6 : P a ro s P r o x y w i t h T r a p o p t io n c o n te n t
2 2 . N o w c h a n g e th e q u e ry te x t f r o m C a r s to C a k e s in th e G E T re q u e s t.
llntiWea Session -OWASP 7AP
£4e Ealt V Analyk• Ropoit Toole H«p
I«*
J S sI* |_
ite
, f t R Sites
. :־mtp/'A^.otngcom
Q
Request-v | Response^ [ Break
M
etioO
I
* j [Header. Ted )■] |Body Tot
G
ET
hctp:// w » .
ting.com/ search ?q=fcake3^go=tq3=n* rorm=QBI.Htf 1lc-al l*pq^Calcesfrsc-0
-:43p—l&ak- HTTP/1.1
L y = i F u z z in g is c o n f ig u r e d
Hose: vw.Di n g , cox
Proxy-Coonection: lreep-alive
Uaer-Asenz: Mozilla/S.O !Windows NT 6.2; KCW
64) AcpleWeCK1537.4/ ( ־KHTML,
l i t ־Geclccj CHzone/22.0.1229.94 SaEan/537.4
Acccpt: te x t/h tm l, app li cation/xhtm l ־xml, appl ica tion /xm l; q-0.9, * / * ; q— 6
!־
C.
Rererer: £ tt p : // v ־.־
״v.bxr.g.con/
u s in g t h e O p t io n s F u z z in g
s c re e n . A d d i t i o n a l f u z z i n g
f ile s c a n b e a d d e d v ia t h is
s c re e n o r c a n b e p u t
.
Accept-Encoding: sdcfc
I r r . - r . T ־rn-T.^ r n ־n-a P
.
m a n u a lly i n t o t h e " f ii z z e r s "
.
1
d ir e c t o r y w h e r e Z A P w a s
in s t a lle d - t h e y w i l l t h e n
*JfcltS f t
Searcn -v
b e c o m e a v a ila b le a f t e r
r e s t a r t in g Z A P .
504 catowav n m o .
504 Gateway Time.
.
.
388mc
389ms,
A «1te 0 י 0 מ
1
1 1׳ ז
■
2 3 . C li c k S u b m i t a n d s t e p t o n e x t r e q u e s t o r r e s p o n s e .
2 4 . S e a r c h f o r a ti tl e i n t h e R e s p o n s e p a n e a n d r e p l a c e C a k e s w i t h C a r s a s
s h o w n 111 fo llo w in g fig u re .
L y j ! T h e re q u e s t o r
r e s p o n s e w i l l b e d is p la y e d
i n t h e B r e a k t a b w h ic h
a llo w s y o u t o c h a n g e
d is a b le d o r h id d e n f ie ld s ,
a n d w i l l a llo w y o u t o
b y p a s s c lie n t s id e v a lid a t io n
( o f t e n e n f o r c e d u s in g
ja v a s c r ip t) . I t is a n e s s e n tia l
p e n e t r a t io n t e s t in g
t e c h n iq u e .
C E H La b M anual Page 726
E th ic a l H ack in g and Counterm easures Copyright © by EC-Council
A ll Rights Reserved. Reproduction is Stricdy Prohibited.
- 13. M o d u le 11 - S e s s io n H ija c k in g
UntitledSessio ־O ASP 7 P
n W
A
£ile Edit Vie* Analyte Report Tools H*p
I. ־u b .־I la 0 פ
Request■* |Response^- [ Break
I 3«m1» I
׳ft FG s
®ile
(3 אrwp/־
*w»ngcom
ltea:c ־l i •
e•
U3c- l i *j
e!
1 1[ I
HTTP/1.1 200 O
K
C*ch* ־Concrol: p riva te , nax-age-0
Ctntent ־Type: texc/h snl; ch arae t-utf8־
Expirea: Mon, IS Oct 2012 12:30:19 G T
M
P2P: CF--NOS UST C M W 3TA LOC CURa DFVa PSAa P3Da O R IND"
O AV
U
s 3_ce
a,׳
rccuse down,״run0 t1 0 n(n! {s
__
t 1st>1e.;event .srcElexer.t :a .ta rge t) >,0! .
)<)״
*
//) jx/ s c r 1 p t x c 1 cle|cakea| - B 1 ng</t1 t l e X l m k r.ref="/s/vlflag. icc• ze~"lc2 n”/xlir.t r rer—
.
■
/3earth?(j-C
ake34a1nc;Q -fiturp;q3*־n r»p forrc-O
C
Sa ;
BL!lSan,p; file—
ollSanr^EQ-Cakesfian
p;3c=0-043Ex?3p=-l«axp;31c=iaap;format=r33" rel="alternace" t1rle="XML• rype=
PortScan ־
j Furzer
Breakpoints &
[ B u eFo c
rt re
Search
1
GET
3 GET
rlp f l N C n corV
rtS f M . i g
ncpv^w.cir^ co״
v
A eIs PO . 0
l t
1
504 Gateway Tine .
504 Gateway׳
Tim©.
.
.
389ms ■
389ms
C r e tScans £ 0 ^ 0 ^ 0
urn
י
.0
תa ,
J S«| »( ״
R«qb»»tw~] R>spons*~ [
▼ l£ I■ i e
S:*
Qj f HMpftktwwb n con!
t
ig
0*0
IJntiflf'd Session OWASP 7AP
£0Edit View Analyse Report Tools Help
1
1
L Ul
: !
Params
Oufcut
j ______ Alerts f t _____
X 1
|Hm»l.T«11 » B0O).T«l » | □ IJ
|
HTTP/1.1 20a O
K
Cache-Consrel: p riva te , nax-acre-0
ccntent-Type: text/r.tm i; cnars«t*ut1-8
Expires: Mon, 15 Get 2012 12:30:19 G T
M
P2P: C?-״SO TOI C0K HAV STA LO CURa DEVa PSAa PSDa O R HID"
S
C
U
. -־
-.
■■ W.i. I L ■i i.mwfc.'
ii .!arm * ; ,uaLun1.il ■ ׳iuin . .׳iuulliuu ׳
■
. iw
.■
׳
3j_bc _d, "wzusedown", fu n ctio n (nI <3i_ct (3b_ie?event•srcEleraent:n.target) >,0) )
) ();
/ / J j x 3 ׳c r : . p r x 1 - - ־e' jcars| - Sir.g</t1tlex11nic hrer="/ 3/v llla g .1co" re I s
־ic o n V x lin k h re f•/3sarch?3=Cake3£arx;gc=£a1np;q3=n£anp׳forrt=Q3LH£artp; f11c=all£anp;cq=Cake3£ar:
•
p;sc=o-04ar2:;sp=-liaxp;3Jc=iaa3?;rormat=r3s" rel="altemate" t1tle="XML• :ype=
ActvsScan A
Historj“
[
Spide ^ |
r
B u eForced
rt
[ PortScan:
] FuzzerW ןParamsO
Otu
-c:
|_______ Search _______ J
__________ Breakpoints ^ __________1
______ Alerts f t _____
h »*n 1 tin c rn
ltp ׳n g o f
'
n / V V rqco
tp ׳A k ,.c ״v
A eis P0 . 0
l t
504 GatewayTime
504 catowa׳
Tine.
.
.
389ms 389ms
0*0
CurientScans £ 0 ^ 0
1*ו
F I G U R E 2 .7 : P a r o s P r o x y s e a r c h s t r in g c o n t e n t
2 5 . 111 t h e s a m e R e s p o n s e p a n e , r e p l a c e C a k e s w i t h C a r s a s s h o w n i n t h e
fo llo w in g fig u re a t th e v a lu e s h o w n .
■
Untitled Session * OWASP ZAP
T l i i s f u n c t io n a lit y is
b a se d o n c o d e f r o m th e
O W A S P J B r o F u z z p r o je c t
a n d in c lu d e s f ile s f r o m t h e
f u z z d b p r o je c t . N o t e t h a t
s o m e f u z z d b f ile s h a v e
b e e n l e f t o u t as t h e y c a u s e
c o m m o n a n t i v ir u s
s c a n n e r s t o f la g t h e m as
c o n t a in i n g v ir u s e s . Y o u c a n
r e p la c e t h e m (a n d u p g r a d e
f u z z d b ) b y d o w n lo a d in g
- I - U 2 J
File Eon View Analyse Repoit Tools H«p
la» id l־l &
G O
J Sites1 |
*
'ft PSlles
4
H
■ !
^ 0
Retjues♦“ * ] Response^ ! Break
Heaser T r ״
en
Bog :T x *
y ci
0 r1napjfw M oing.com
'M .
HIT*/1.1 i0 ׳u or.
Cacr.e-Conrrcl: p r m : e , nax-age=o
Ccntent-Type: texc/htm l; charset— tf-8
u
Expirea: Mon, IS Cct 2012 12:30:19 G T
M
P3P: CF-'KON ־tJKI C K HRV STi. LOC C Ra DFVa PSAa PSDa C IND"
O
U
tJR
־ ■ ! ! ״s!_^׳j _5iA sua:. .__׳ijuj.
׳
בa=3״v_cta■>3eca> ׳
.
׳dxvxdzv clas3 n w ci"> d v clas3=',3v_bn 1a= ״swjD><״npuw.1
= 3 _b < ^
_
m
*class—3 w q o ia="9b Com q* n
"
fe x"
arae= n t.ltle="En1;er your search cera• :vp
"q
te x t* va l * ^ ־afceaf* or.focuoa=—
■ . ז פ912 =0בge-Elenentsyia 3 ' ןw b . ן יstyle .to rd e rco lo r = ' #3366= ״ ;יםשcn riu r
ד
docunent.qetElenentByld I ’ 3w_bt I .s ty le •borderColor - '4999'; " / X d iir • סla - 3—
3 ״v_dvar ״x / d 1 v x input id - "sb_£orrt_go" cla33="3w_qbtn" t i t l e - *Search"
t h e la t e s t v e r s io n o f f u z z d b
a n d e x p a n d in g i t i n t h e
Brjte Force j*•
PortScan־
_____|
Furrer
|
Paramsn
|
Output
A itsft
lfe
Search
,f u z z e r s ' lib r a r y .
504 GatewayTine.
504 Gat»w3y lino.
"
■
389m$
389msr
Curient Scans v 0 4 t 0 1
/>0
C E H La b M anual Page 727
0%>0
E th ic a l H ack in g and Counterm easures Copyright © by EC-Council
A ll Rights Reserved. Reproduction is Stricdy Prohibited.
- 14. M o d u le 11 - S e s s io n H ija c k in g
U tiM Sessio ־O ASP 7 P
n rd
n W
A
[ £«e Ejii view
Analyte Ropoil
Tos
ol
H#p
► rl w 0 ס
ti
J S«Ufr 1_
Request■** | Response^
leaser leu ״
Break v
׳
Uo«y: T«a1
i
HTTP/1.1 200 OK
T lu s t o o l k e e p s t r a c k
o f t h e e x is t in g H t t p
C*ch* ־C o n c ro l: p r iv a c a , r*ax-aga-0
C cnccn ״ ־Type: c e x c /h s n l; c h a r a e t - u t f 8־
S e s s io n s o n a p a r t i c u la r S ite
Expirea: Xor., IS Oct 2012 12:30:19 GMT
P2P: CF--NOS UST COM WAV STR LOC CURa DEVa PSAa P3Da OUR IND"
a n d a llo w s t h e Z a p r o x y
.5 w c t a*>B*c»</davx<11v Clas3 "= 3=3'׳w bd"><cl1v :ias3= ״sw 6 " :2= 3 ׳u f x 1 .:pu
־
.
-la33-"3v_qfcox"id-"3b_Eonn_q" name-"q" title— "Enter your search tern1 type:
u s e r t o f o r c e a ll re q u e s ts t o
=
text■ value=' 3
b e o n a p a r t ic u la r s e s s io n .
B a s ic a lly , i t a llo w s t h e u s e r
t o e a s ily s w it c h b e t w e e n
Sp d-f £
t o c r e a te a n e w S e s s io n
[
T
u s e r s e s s io n s o n a S ite a n d
w it h o u t " d e s tro y in g " th e
3nf ocua,
tocunent.ge! —־Elenenc3yId|,aw b 1).9tyle.borderColor='#3366fcb,;w onblur
'
docunent.getElenentByld I*sw_b' J .style•borderColor' - /";י 999#יX d i ▼ class—
3יv_dv:1r "></cL.v><input rd="sb_forrt_go" class="sw_qbtn" t!tle="Search"
1
3
GET
GET
Port Scan '
]
Furzer
Break Points &
B1 Force
*־׳e
Search
rlp f l N C n corV
rtS f M . i g
9 י י - * * * ס זco״v
**׳£׳יי
jjf
504 Gateway Time .
504 Gateway Time.
Params G j
j________ Alerts
Oufcut
______
389ms
389ms
e x is t in g o n e s .
Current Scans £ 0 # 0
F IG U R E
Z8: P a ro s w i t h
^ 0
_ 0 y o
m o d if ie d tra p o p t io n c o n te n t
N o te : H e r e w e a re c h a n g in g th e te x t C a k e s to C a rs ; th e b in g s e a r c h s h o w s
C a rs , w h e r e a s th e re s u lts d is p la y e d a re f o r C a k e s.
2 6 . O b s e r v e t h e B in g s e a r c h w e b p a g e d i s p l a y e d 1 1 1 t h e b r o w s e r w i t h
search q u e ry as “ C a k e s .”
ב ד
X
WEB
L y d J I t is b a s e d o n d ie
H
2) www.bing.corn/search?q=cars&go=&qs־־n&form =Q BLH&filt=all&pq=cars&sc=0
IMAGES
VDEOS
HEWS
MORE
t> 1n q
Beta
c o n c e p t o f S e s s io n T o k e n s ,
w h i c h a re H T T P m e s s a g e
357.00 0 0 נRESULTS
p a r a m e t e r s ( f o r n o w o n ly
l-naaes cflcakesl
C o o k ie s ) w h ic h a llo w a n
tnrq com/maces
H T T P s e rv e r to c o n n e c t a
re q u e s t m essage w ith a ny
p r e v io u s re q u e s ts o r d a ta
s t o r e d . I n t h e ca se o f
Z a p r o x y , c o n c e p t u a lly ,
s e s s io n t o k e n s h a v e b e e n
C a ke
c la s s if ie d i n t o 2 c a te g o r ie s :
W ikipo d ia th o fro o encyclopedia
en w k p*da o־g Wkt/Cake
Varieties Special-purpose cakes Shapes Cake flout Cake decorating
Cake ts a forrr cf bread ot bread-like food In its modern forms, it is typically a sweet
ba«od dessert In As oldest forms, cakoc •voro normally fnod broadc or
d e f a u lt s e s s io n t o k e n s a n d
s ite s e s s io n t o k e n s . T h e
d e f a u lt s e s s io n t o k e n s a re
F I G U R E 2 .6 : S e a rc h r e s u lt s w i n d o w a f t e r m o d if y in g t h e c o n t e n t
th e o n e s th a t th e u s e r ca n
s e t i n d ie O p t io n s S c re e n
a n d a re t o k e n s t h a t a re , b y
d e f a u lt , a u t o m a t ic a lly
c o n s id e r e d s e s s io n t o k e n s
2 7 . T h a t 's it. Y o u j u s t f o r c e d a il u n s u s p e c t i n g w e b b r o w s e r t o g o t o a n y
p a g e o f }7o u r c h o o s i n g .
f o r a n y s ite (e g . p h p s e s s id ,
js e s s io n id , e tc ) . T h e s ite
L a b A n a ly s is
s e s s io n t o k e n s a re a s e t o f
t o k e n s f o r a p a r t i c u la r s ite
a n d a re u s u a lly s e t u p u s in g
t h e p o p u p m e n u s a v a ila b le
A n a ly z e a n d d o c u m e n t d i e r e s u lts r e l a te d t o d ie la b e x e rc is e . G iv e y o u r o p i n i o n o n
y o u r ta r g e t’s s e c u n t y p o s t u r e a n d e x p o s u r e .
in th e P a ra m s T a b .
T o o l/U tility
I n f o r m a tio n C o lle c te d /O b je c tiv e s A c h ie v e d
■
S S L c e rtif ic a te to h a c k in to a w e b s ite
■
R e d i r e c t i n g t h e r e q u e s t m a d e i n B in g
Z e d A tta c k P ro x y
C E H La b M anual Page 728
E th ic a l H ack in g and Counterm easures Copyright © by EC-Council
A ll Rights Reserved. Reproduction is Stricdy Prohibited.
- 15. P L E A S E TALK T O Y O U R I N S T R U C T O R IF YOU H A V E Q U E S T I O N S
R E L A T E D T O T H I S LAB.
Q u e s t io n s
1.
E v a lu a t e e a c h o f t h e f o llo w in g P a r o s p r o x y o p ti o n s :
a.
T ra p R eq u est
b.
T ra p R esp o n se
c.
C o n tin u e B u tto n
d.
D r o p B u tto n
I n te r n e t C o n n e c tio n R e q u ire d
0
Y es
□ No
P la tfo rm S u p p o rte d
0
C E H La b M anual Page 729
C la s s ro o m
□ !L ab s
E th ic a l H ack in g and Countem ieasures Copyright © by EC-Council
A ll Rights Reserved. Reproduction is Stricdy Prohibited.