SlideShare a Scribd company logo

Ceh v8 labs module 11 session hijacking

Mehrdad Jingoism
Mehrdad Jingoism
1 of 15
Download to read offline
C EH S e s s i o n H Lab M a n u a l i j a c k i n g M o d u le 11
M o d u le 11 - S e s s io n H ija c k in g H ija c k in g S e s s io n s Session hijacking refers to the exploitation o f a valid com puter session, ))herein an a tta c h r takes over a session between two computers. I C O N & K E Y V a lu a b le in f o r m a t io n T e s t y o u r k n o w le d g e H W e b e x e r c is e m W o r k b o o k r e v ie w L a b S c e n a r io S o u rc e : h ttp : / /k r e b s o n s e c u r i t v .c o m / 2 0 1 2 / 1 1 / y a h o o -e m a il-s te a lin g -e x p lo itf e t c h e s - 7 ()(!) A c c o r d i n g t o K r e b s o n S e c u r i t y n e w s a n d i n v e s t i g a t i o n , z e r o - d a v v u l n e r a b i l i t y 111 y a h o o . c o m t h a t le t s a t t a c k e r s h i j a c k Y a h o o ! e m a i l a c c o u n t s a n d r e d i r e c t u s e r s t o m a lic io u s w e b s ite s o tt e r s a fa s c in a tin g g lim p s e in t o th e u n d e r g r o u n d m a r k e t f o r la r g e - s c a l e e x p lo i ts . The e x p lo it, b e in g s o ld fo r S700 by an E g y p tia n hacker on an e x c lu s iv e c y b e r c r i m e f o r u m , t a r g e t s a “ c r o s s - s i t e s c r i p t i n g ” (X S S ) w e a k n e s s i n v a h o o . c o m t h a t le t s a t t a c k e r s s t e a l c o o k i e s f r o m Y a h o o ! w e b m a i l u s e r s . S u c h a f l a w w o u l d le t a tta c k e r s s e n d o r r e a d e m a il f r o m t h e v i c t i m ’s a c c o u n t . 111 a ty p i c a l X S S a t t a c k , a n a t t a c k e r s e n d s a m a l i c i o u s li n k t o a n u n s u s p e c t i n g u s e r ; i f t h e u s e r c lic k s t h e li n k , t h e s c r i p t is e x e c u t e d , a n d c a n a c c e s s c o o k i e s , s e s s i o n t o k e n s , o r o t h e r s e n s i t i v e i n f o r m a t i o n r e t a i n e d b y t h e b r o w s e r a n d u s e d w i t h t h a t s ite . T h e s e s c r ip ts c a n e v e n re w rite th e c o n te n t o f th e H T M L p a g e . K r e b s O n S e c u r ity .c o m a le r te d Y a h o o ! to s a y s i t is r e s p o n d i n g t o th e v u ln e r a b ility , a n d th e c o m p a n y t h e is s u e . R a m s e s M a r t i n e z , d i r e c t o r o f s e c u r i t y a t Y a h o o ! , s a i d t h e c h a l l e n g e n o w is w o r k i n g o u t t h e e x a c t v a h o o . c o m U R L t h a t t r i g g e r s t h e e x p l o i t , w h i c h is d i f f i c u l t t o d i s c e r n f r o m w a t c h i n g t h e v i d e o . T h e s e t y p e s o t v u l n e r a b i l i t i e s a r e a g o o d r e m i n d e r t o b e e s p e c i a ll y c a u t i o u s a b o u t c li c k in g li n k s 1 1 1 e m a i ls f r o m s t r a n g e r s o r 1 11 m e s s a g e s t h a t y o u w e r e n o t e x p e c tin g . B e in g a n d a d m in is tr a to r y o u s h o u ld im p le m e n t s e c u r ity m e a s u r e s a t A p p lic a tio n le v e l and N e tw o rk le v e l to p ro te c t y o u r n e tw o rk fro m s e s s io n h ij a c k in g . N e t w o r k l e v e l h ij a c k s is p r e v e n t e d b y p a c k e t e n c r y p t i o n w h i c h c a n b e o b t a i n e d b y u s i n g p r o t o c o l s s u c h a s I P S E C , S S L , S S H , e tc . I P S E C a ll o w s e n c r y p t i o n o f p a c k e ts o n s h a r e d k e y b e tw e e n th e tw o s y s te m s in v o lv e d 111 c o m m u n ic a tio n . A p p l i c a t i o n - l e v e l s e c u r i t y is o b t a i n e d b y u s i n g s t r o n g s e s s i o n I D . S S L a n d S S H a ls o p ro v id e s s tro n g e n c ry p tio n u sin g SSL c e rtif ic a te s to p re v e n t s e s s io n h ij a c k in g . L a b O b j e c t iv e s T h e o b j e c t i v e o f th i s l a b is t o h e l p s u i d e n t s l e a r n s e s s i o n h i j a c k i n g a n d t a k e n e c e s s a r y a c t i o n s t o d e f e n d a g a i n s t s e s s i o n h ij a c k in g . 1 1 1 th i s l a b , y o u w ill: ■ C E H La b M anual Page 716 I n t e r c e p t a n d m o d i tv w e b t r a f f i c E th ic a l H ack in g and Countem ieasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
M o d u le 11 - S e s s io n H ija c k in g ■ S 7Tools dem onstrated in this lab are available in D:CEHToolsCEHv8 Module 11 Session Hijacking S i m u l a t e a T r o j a n , w h i c h m o d i f i e s a w o r k s t a t i o n 's p r o x y s e r v e r s e t t i n g s L a b E n v ir o n m e n t T o c a r r y o u t tin s , v o u n e e d : ■ A c o m p u t e r m i m i n g W indows Server 2012 as host m achine ■ T liis la b w ill m n o n W indows 8 v ir tu a l m a c h i n e ■ W e b b r o w s e r w ith I n te r n e t acc e ss ■ A d m in i s t r a ti v e p riv ile g e s t o c o n f i g u r e s e ttin g s a n d m n to o l s L a b D u r a t io n T im e : 2 0 M i n u te s O v e r v ie w o f S e s s io n H ija c k in g m . TASK 1 O verview S e s s io n h ija c k in g r e f e r s t o th e exploitation o f a v a lid c o m p u t e r s e s s io n w h e r e a n a tt a c k e r takes over a s e s s io n b e t w e e n t w o c o m p u t e r s . T h e a tt a c k e r steals a v a lid s e s s io n I D , w h i c h is u s e d t o g e t i n t o th e s y s te m a n d sniff th e d a ta . 111 TC P session lu ja c k in g , a n a tt a c k e r ta k e s o v e r a T C P s e s s io n b e t w e e n tw o m a c h i n e s . S in c e m o s t authentications o c c u r o n ly a t t h e s t a r t o f a T C P s e s s io n , th is a llo w s t h e a tt a c k e r t o gain access t o a 1 1 1 a c lim e . Lab T asks P ic k a n o r g a n i z a ti o n d i a t y o u fe e l is w o r t h y o f y o u r a tt e n ti o n . T in s c o u l d b e a n e d u c a t io n a l in s ti tu t io n , a c o m m e r c i a l c o m p a n y , o r p e r h a p s a n o n p r o t i t c h a n ty . R e c o m m e n d e d la b s t o a s s is t y o u 111 s e s s io n lu ja c k m g : ‫י‬ S e s s io n lu ja c k in g u s i n g Z A P L a b A n a ly s is A n a ly z e a n d d o c u m e n t d ie r e s u lts r e l a te d t o th e la b e x e rc is e . G iv e y o u r o p i n i o n o n y o u r ta r g e t’s s e c u r ity p o s m r e a n d e x p o s u r e . P L E A S E T A L K T O Y O U R I N S T R U C T O R R E L A T E D C E H La b M anual Page 717 T O T H I S I F Y O U H A V E Q U E S T I O N S L A B . E th ic a l H ack in g and Counterm easures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
M o d u le 11 - S e s s io n H ija c k in g Lab S e s s io n P r o x y H ija c k in g U s in g Z e d A t t a c k (Z A P ) The O W A S P Z ed A tta c k P roxy (Z A P ) is an easy-to-use integratedpenetration testing toolfo r fin d in g vulnerabilities in n ‫׳‬eb applications. 1 C < N O K E Y (7 ~ / V a l u a b l e in fo r m a tio n L a b S c e n a r io A tta c k e rs a re c o n tin u o u s ly w a tc h in g f o r w e b s ite s to h a c k a n d d e v e lo p e rs m u s t b e p r e p a r e d to c o u n te r - a t ta c k m a lic io u s h a c k e r s b y w r itin g s tr o n g s e c u r e c o d e s . 5 Test yo ur A c o m m o n f o r m o f a t t a c k is s e s s i o n h i j a c k i n g , i.e ., a c c e s s i n g a w e b s i t e u s i n g k n o w le d g e y s o m e o n e e l s e ’s s e s s i o n I D . A s e s s i o n I D m i g h t c o n t a i n c r e d i t c a r d d e ta i ls , = W e b e x e r c is e m W o r k b o o k r e v ie w p a s s w o r d s , a n d o th e r s e n s itiv e i n f o r m a t io n th a t c a n b e m is u s e d b y a h a c k e r. S e s s io n h ija c k in g a tta c k s a re p e r f o r m e d e ith e r b y s e s s io n I D g u e s s in g 0 1‫ ־‬b y s to le n s e s s io n I D c o o k ie s . S e s s io n I D g u e s s in g in v o lv e s g a th e r in g a s a m p le o f s e s s i o n I D s a n d “ g u e s s i n g ” a v a l i d s e s s i o n I D a s s i g n e d t o s o m e o n e e ls e . I t is a lw a y s r e c o m m e n d e d n o t t o r e p l a c e A S P . N E T s e s s i o n I D s w i t h I D s o f y o u r o w n , a s t h i s w ill p r e v e n t s e s s i o n I D g u e s s in g . S t o l e n s e s s i o n I D c o o k i e s s e s s i o n h ija c k in g a tta c k c a n b e p r e v e n t b y u s in g S S L ; h o w e v e r, u s in g c ro s s -s ite s c r ip tin g a tta c k s a n d o th e r m e t h o d s , a tta c k e r s c a n s te a l th e s e s s io n I D c o o k ie s . I f a n a t t a c k e r g e t s a h o l d o f a v a li d s e s s i o n I D , t h e n A S P . N E T c o n n e c t s t o t h e c o r r e s p o n d in g s e s s io n w ith 110 f u r th e r a u th e n tic a tio n . T h e r e a r e m a n y t o o l s e a s ily a v a il a b le n o w t h a t a t t a c k e r s u s e t o h a c k i n t o w e b s i t e s 0 1 ‫ ־‬u s e r d e ta i ls . O n e o f t h e t o o l s is F i r e s h e e p , w h i c h is a n a d d - 0 1 1 f o r F i r e f o x . W h i l e y o u a r e c o n n e c t e d t o a n u n s e c u r e w i r e l e s s n e t w o r k , ti n s F i r e f o x a d d - 0 1 1 c a n s n i f f t h e n e t w o r k tr a f f i c a n d c a p t u r e a ll y o u r i n f o r m a t i o n a n d p r o v i d e i t to t h e h a c k e r 111 t h e s a m e n e t w o r k . T h e a t t a c k e r c a n n o w u s e tin s in f o r m a tio n a n d lo g in as y o u . A s a n e t h i c a l h a c k e r , p e n e tr a tio n te s te r, 0 1 s e c u r i t y a d m i n is tr a t o r , y o u s h o u ld b e fa m ilia r w ith n e tw o r k a n d w e b a u th e n tic a tio n m e c h a n is m s . I n y o u r ro le o f w e b s e c u r ity a d m in is tr a to r , y o u n e e d to te s t w e b s e r v e r tr a ffic f o r w e a k s e s s i o n ID s , i n s e c u r e h a n d l i n g , i d e n t i t y t h e f t , a n d i n f o r m a t i o n l o s s . A lw a y s e n s u r e t h a t y o u h a v e a n e n c r y p t e d c o n n e c t i o n u s i n g h t t p s w h i c h w ill m a k e t h e s n iffin g o f n e tw o r k p a c k e ts d if f ic u lt f o r a n a tta c k e r. A lte r n a tiv e ly , Y P N C E H La b M anual Page 718 E th ic a l H ack in g and Countem ieasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
M o d u le 11 - S e s s io n H ija c k in g c o n n e c tio n s to o c a n b e u s e d to sta y s a fe a n d a d v is e u s e r s to lo g o f f o n c e th e y a r e d o n e w i t h t h e i r w o r k . 111 t i n s la b y o u w ill l e a r n t o u s e Z A P p r o x y t o i n t e r c e p t p r o x i e s , s c a n n i n g , e tc . L a b O b j e c t iv e s T h e o b j e c t i v e o f ti n s l a b is t o h e l p s t u d e n t s l e a r n s e s s i o n l n j a c k n i g a n d h o w t o t a k e n e c e s s a r y a c t i o n s t o d e f e n d a g a i n s t s e s s i o n l n j a c k n ig . 1 1 1 t i n s l a b , y o u w ill: ■ ■ Tools dem onstrated in this lab are available in D:CEHToolsCEHv8 Module 11 Session Hijacking I n t e r c e p t a n d m o d i f y w e b tr a f f i c S i m u l a t e a T r o j a n , w h i c h m o d i f i e s a w o r k s t a t i o n 's p r o x y s e r v e r s e t ti n g s L a b E n v ir o n m e n t T o c a n y o u t th e la b , y o u n e e d : ■ P a r o s P r o x y l o c a t e d a t D :C E H -T o o lsC E H v 8 M o d u l e 1 1 S e s s i o n H i j a c k i n g S e s s i o n H ij a c k i n g T o o l s Z a p r o x y ■ Y o u c a n a ls o d o w n l o a d t h e l a t e s t v e r s i o n o f Z A P f r o m t h e li n k h ttp : / / c o d e .g o o g le .c o m /p /z a p r o x y /d o w n lo a d s /lis t ■ I f y o u d e c id e to d o w n lo a d th e l a t e s t v e r s io n , th e n s c r e e n s h o ts s h o w n 111 t h e la b m i g h t d if f e r ■ A s y s te m w i t h r u n n i n g W i n d o w s S e r v e r 2 0 1 2 H o s t M a c l n n e ‫י‬ R u n tin s t o o l m W i n d o w s 8 Y n t u a l M a c h i n e ‫י‬ A w e b b ro w s e r w ith I n te r n e t access ‫י‬ A d m in i s t r a ti v e p riv ile g e s t o c o n f i g u r e s e ttin g s a n d m n to o l s ‫י‬ E n s u r e t h a t J a v a R u n T im e E n v i r o n m e n t ( J R E ) 7 ( o r a b o v e ) is n is ta lle d . I f n o t , g o t o h t t p : / / i a v a . s u n . c o m / i 2 s e t o d o w n l o a d a n d n is ta ll it. L a b D u r a t io n T n n e : 2 0 M i n u te s O v e r v ie w o f Z e d A t t a c k P r o x y ( Z A P ) Z e d A t t a c k P r o x y ( Z A P ) is d e s i g n e d t o b e u s e d b y p e o p l e w i t h a w id e r a n g e o f s e c u r ity e x p e r i e n c e a n d a s s u c h is id e a l f o r d e v e lo p e r s a n d f u n c t i o n a l te s te r s w h o a re n e w t o p e n e t r a t i o n te s ti n g a s w e ll a s b e n ig a u s e f u l a d d it io n t o a n e x p e n e n c e d p e n t e s t e r ’s t o o l b o x . I t s f e a t u r e s m c l u d e m t e r c e p t n i g p r o x y , a u t o m a t e d s c a n n e r , p a s s iv e s c a n n e r , a n d s p id e r. Lab T asks m . TASK 1 1. L o g 111 t o y o u r W i n d o w s 8 Y ir t u a l M a c h in e . Setting-up ZAP C E H La b M anual Page 719 E th ic a l H ack in g and Counterm easures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
M o d u le 11 - S e s s io n H ija c k in g 2. 1 1 1 W i n d o w s 8 Y irU ia l M a c h i n e , f o l l o w t h e w i z a r d - d r i v e n i n s t a l l a t i o n s te p s to in s ta ll Z A P . 3. T o la u n c h Z A P a fte r in s ta lla tio n , m o v e y o u r m o u s e c u r s o r to th e lo w e rl e f t c o r n e r o f y o u r d e s k t o p a n d c li c k S t a r t . £ 7 Y o u c a n a ls o d o w n lo a d Z A P h t t p : / / c o d e . g o o g le . c o m / p / z a p r o s y / d o w n lo a d s / lis t F I G U R E 2 .1 : P a r o s p r o s y m a in w i n d o w !2 2 C li c k Z A P 1 .4 .1 1 1 1 t h e S t a r t m e n u a p p s . A t it s h e a r t Z A P S i n a n in t e r c e p t in g p r o s y . Y o u n e e d t o c o n f ig u r e y o u r b r o w s e r t o c o n n e c t t o d ie A d m in i-P C £ w e b a p p lic a t io n y o u w is h t o te s t th r o u g h Z A P . I f r e q u ir e d y o u c a n a ls o c o n f ig u r e Z A P t o c o n n e c t th r o u g h a n o th e r p r o s y t h is is o f t e n n e c e s s a r y i n a c o r p o r a t e e n v ir o n m e n t . ZAP 1.4.1 m 4S S iftt kyO Mozilla Firefox * ‫י‬ jr © Microsoft Excel 2010 S tlim w ‫־ ־׳ ־‬ Safari ‫| ן‬ Microsoft PowerPoint 2010 Microsoft Publisher 2010 (2 I f y o u k n o w h o w to F I G U R E 2 .2 : P a r o s p r o s y m a in w i n d o w s e t u p p r o s ie s i n y o u r w e b b ro w s e r th e n g o ahead a nd g iv e i t a g o ! 5. s c re e n s h o t. I f y o u a re u n s u r e t h e n h a v e a l o o k a t t h e C o n f ig u r in g p r o s ie s s e c tio n . C E H La b M anual Page 720 T h e m a in in te r f a c e o f Z A P a p p e a r s , as s h o w n 111 th e fo llo w in g 6. I t w ill p r o m p t y o u w i t h S S L R o o t C A c e r t i f i c a t e . C li c k G e n e r a t e to c o n tin u e . E th ic a l H ack in g and Countenneasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
M o d u le 11 - S e s s io n H ija c k in g O n c e y o u have c o n f ig u r e d Z A P as y o u r b r o w s e r 's p r o x y t h e n t r y t o c o n n e c t t o d ie w e b a p p lic a t io n y o u w i l l b e t e s t in g . I f y o u c a n n o t c o n n e c t to it th e n c h e c k y o u r p r o s y s e ttin g s a g a in . Y o u w ill n e e d to c h e c k y o u r b r o w s e r 's p r o x y s e tt in g s , a n d a ls o Z A P 's p r o x y s e ttin g s . ‫ט‬ • . . a t t e m p t s t o f i n d p o t e n t ia l ‘ F I G U R E 2.3 : P a ro s p r o x y m a in w in d o w Active scanning r y v l e a i i i s by using unrblte ^ O p t i o n s w i n d o w , s e l e c t D y n a m i c S S L c e r t i f i c a t e s t h e n c lic k r ‫י‬ G e n e r a t e t o g e n e r a t e a c e r t i f i c a t e . T h e n c li c k S a v e . k n o w n a tta c k s a g a in s t t h e s e le c te d ta r g e ts . ‫־‬D I Options A c t i v e s c a n n in g is a n a tt a c k ' Options Active Scan Arti c s r f T0K3ns o n th o s e ta r g e ts . Y o u s h o u ld N O T u s e i t o n w e b cem n c aie s Root CA certificate API Applicators Authertc330n a p p lic a t io n s t h a t y o u d o n o t ow n. Ernie Force certncate Check Fee l!p<iates I t s h o u ld b e n o t e d t h a t Connection a c tiv e s c a n n in g c a n o n ly Dat3D3se D i P p< i5ay a_____ f i n d c e r t a in ty p e s o f v u ln e r a b ilit ie s . L o g ic a l Er code t)e ccde Extensions Fuzier Language Local prar Passive Scar Pon Scan Session Tokors v u ln e r a b ilit ie s , s u c h as b r o k e n a c c e s s c o n t r o l, w i l l ‫ך‬ n o t b e f o u n d b y a n y a c tiv e o r a u t o m a te d v u ln e r a b ilit y s c a n n in g . M a n u a l Sp er id p e n e t r a t io n t e s t in g s h o u ld a lw a y s b e p e r f o r m e d i n a d d it io n t o a c tiv e s c a n n in g t o f i n d a ll ty p e s o f v u ln e r a b ilit ie s . (_ 1 2!L F I G U R E 2 .4 : P a r o s p r o x y m a in w i n d o w 8. S a v e th e c e rtif ic a te 111 th e d e f a u lt lo c a tio n o f Z A P . I f th e c e rtif ic a te a l r e a d y e x is ts , r e p l a c e i t w i t h t h e n e w o n e . C E H La b M anual Page 721 E th ic a l H ack in g and Counterm easures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
M o d u le 11 - S e s s io n H ija c k in g ‫וי ד‬ O p tio n s rOptions u a A c enmr.aies Active 3can *‫«־‬CSRF TOK&aS 1 API Actficaions RoolCAcaitncate ■p■ Generate j Anvag,__ ^t can r 11 a le r t is a p o t e n t ia l MI 103:CCAsaaAwIBAal:JMz •♦ur JK02 .hv cly H 9 0 NTp CBHh ;«U Jv H j-Jn v C I|r lc XV 0 FlZ 3 d a V c H » V 9 d B O Z H < C u t» M0 X t'K < (w T *a:!‘ D 3 :0 O T 7 M a C ^ C 3 N l . ‫ן‬ v u ln e r a b ilit y a n d is tit II a 1, a inn! t 1 > a s s o c ia te d w i t h a s p e c if ic Look m: I B A d r tn iP C r e q u e s t. A r e q u e s t c a n h a v e m o r e t h a n o n e a le r t. IB Contacts □ e s to p I B Music IB Downloads IB Videos IB Favorites jy u ic s I B OV/ASP ZAP IB Saved Games MPictures 1 ^ Documents Pie Name‫־‬ Flos DfTypo |Q | owasp_zap_root_ca.cer 1 IB S e a r s e s |owasp_zap_roct_ca cer | A IFios_______________ . "‫1־‬ew ‫ן‬ . 3dre F I G U R E 2 .5 : P a r o s p r o x y m a in w i n d o w 9. C li c k O K i n t h e O p t i o n s w i n d o w . Q ‫ ־‬J A n t i C S R F t o k e n s a re (p s e u d o ) ra n d o m p a ra m e te rs u s e d t o p r o te c t a g a in s t C r o s s S ite R e q u e s t F o r g e r y ( C S R F ) a tta c k s . H o w e v e r t h e y a ls o m a k e a p e n e t r a t io n te s te r s jo b h a r d e r , e s p e c ia lly i f t h e t o k e n s a re r e g e n e r a te d e v e r y t im e a f o r m is re q u e s te d . 1 0 . Y o u r P a r o s p r o x y s e r v e r is n o w r e a d y t o i n t e r c e p t r e q u e s t s . C E H La b M anual Page 722 E th ic a l H ack in g and Countenneasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Strictly Prohibited.
M o d u le 11 - S e s s io n H ija c k in g Untitled Session ‫ ־‬OWASP 7A P £ile Cdit View Maiy5e Report Toaa Help ‫ נ‬U ] id ,‫ ־‬sji D 0 V © «‫» ־‬ s « Q_ »§_ ► 0 | KsquMI | Nespcrs*v= JBrea* . j H 3« •t ▼ B d : I•t _▼ l ‫־‬l i ©c r x J o y x ) T ActvoScan $ f SpidorS^; Brute Force ^ ) Port Scan : } Fuzzsri,^ ] PararrtSLj [ A9t J:3 B a P in v-i re k o ts 3utput Filter.CFF Aieits ^ 0 k-0 . 0 ao m current scans ft 0_ 0 0 Z A P d e te c ts a n t i C S R F t o k e n s p u r e ly b y F I G U R E 2 .7 : P a r o s p r o x y m a in w i n d o w a t t r i b u t e n a m e s - t h e l is t o f a t t r i b u t e n a m e s c o n s id e r e d 1 1 . L a u n c h a n y w e b b r o w s e r , 1 11 t h i s k b w e a r e u s i n g t h e C h r o m e b r o w s e r . t o b e a n t i C S R F t o k e n s is c o n f ig u r e d u s in g t h e O p t io n s A n t i C S R F s c re e n . W h e n Z A P d e t e c ts th e s e 12. Y o u r V M w o rk s ta tio n s h o u ld h a v e C h ro m e v e r s io n 2 2 .0 o r la t e r in s ta l le d . t o k e n s i t r e c o r d s d ie t o k e n v a lu e a n d w h i c h U R L g e n e r a te d t h e t o k e n . 1 3 . C h a n g e t h e P r o x y S e r v e r s e t t i n g s 1 1 1 C h r o m e , b y c li c k in g t h e C u s t o m i z e a n d c o n t r o l G o o g l e C h r o m e b u t t o n , a n d t h e n c lic k S e ttin g s . Tab M C ‫י‬ Foi q k c c ; p ycur bsotrnarfa hr* an Sie t n t r o t i bs‫׳‬ uick lace N tab ew N vw d w ew o o N in n w o r*■ ccg iro ind w Bocfcm iria EM C C ut op, P»ae - ‫- .להגו‬ Q S«vt p « »9 Fd in ... Td os r«T | S nint« C n**.. ig hio 0‫ •>0זי‬W«b S:c‫#׳‬ ‫יי‬ F I G U R E 2.8 : I E I n t e r n e t O p t io n s w in d o w 1 4 . O n t h e G o o g l e C h r o m e S e t t i n g s p a g e , c li c k t h e S h o w a d v a n c e d s e t t i n g s . . . l i n k b o t t o m o f t h e p a g e , a n d t h e n c lic k t h e C h a n g e p r o x y L U s i Z A P p r o v id e s a n s e t t i n g s ... b u tto n . A p p l i c a t i o n P r o g r a m m in g In te rfa c e ( A P I) w h ic h a llo w s y o u t o in t e r a c t w i t h Z A P p r o g r a m m a t ic a lly . T h e A P I is a v a ila b le i n JS O N , H T M L and X M L fo r m a ts . T h e A P I d o c u m e n t a t io n is a v a ila b le v ia t h e U R L h t t p : / / z a p / w h e n y o u a re p r o x y in g v ia ZAP. C E H La b M anual Page 723 E th ic a l H ack in g and Countenneasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
M o d u le 11 - S e s s io n H ija c k in g »‫ ■ ־ ־‬C » * Chrome Li r^rorr*//chrom e/settings/ Settings Ocoy't ihc'H o 1&ngj cuf tcnpvtar't 1, 111‫ !״‬prw 1« !‫״‬ji tocenntct(0tht nctw i y M o I Ch»»91 p>**y 1«1‫» י‬ | LtnguigK C t * • CN0(*«►Tjk; Md to t*> ‫־‬Unguises *v*«0 x • Mx • p 5 l»9< ‫׳‬u»9««td ifx - t1 <<*dings... a< « k ( « Cfltris t»*n a»cr»IKx irm'l in1 L n u g I re d / *i*te agae a D lc*dk-n& C 1 e1’.A rT 1 Eo n fe svm ott '.C r d w w lc«< [I *•4 n t10 »^ C ang h e.. «K fifcMc‫׳‬i d l< ) » c*‫ ״‬w1"9 < HTTPVSSL M«^e(0t1Aul6_ Chedtforseva certrfieaterrw cjb n o o Google Ooud Pnnt G og C u Mrs las you seeettth« e » p jte 5p te fromanyv.h C toe a o le lo d e n « r rin rs ere lick n b B30tg‫־‬ w,‫־‬d apes • Co‫ ׳ ׳‬v* v « 9 t v91- -‫׳‬Jt i .* ‫־‬ i >‫־‬ * ‫ ״‬j‫ ־‬f - f«n0ocgl«Ch1cn c Hide *‫,?*ז$ » י * ג‬ . ‫׳*ז* נ > ׳‬ F I G U R E 2 .9 : P a r o s p r o x y m a in w i n d o w 1 5 . 111 I n t e r n e t P r o p e r t i e s w i z a r d , c lic k C o n n e c t i o n s a n d c li c k L A N S e ttin g s . Internet Properties General Security Privacy Content |"Connections [ Prpgram *dvanced e Toset up an Interne: connection, dek Setup. Setup Dial-up and Virtual Private Network settings Settirg c % Never da a ccmeoon C) O a whenever a networkc n ection i notpresent ii on s 4‫־‬Always dal my defait c n ection ' cn Cure‫*־‬ None Set d f u t eal Local Area Network (LAN) settings LAS Settrtgsdo not apoly to dialup connections. Choose Settngs aoove for dal ■psettngs. u | LAN settings | F I G U R E 2 .1 0 : I E I n t e r n e t O p t io n s w in d o w w i t h C o n n e c tio n s ta b 1 6 . C h e c k U s e a p r o x y s e r v e r f o r y o u r L A N , ty p e 1 2 7 . 0 . 0 1 1 1 1 t h e A d d r e s s , e n t e r 8 0 8 0 1 1 1 t h e P o r t ti e ld , a n d c li c k O K . Q =a! C li c k O K s e v e r a l t im e s u n t i l a ll c o n f ig u r a t io n d ia l o g b o x e s a re c lo s e d . C E H La b M anual Page 724 E th ic a l H ack in g and Countem ieasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Strictly Prohibited.
£ Q I t s h o u ld b e n o t e d t h a t d ie r e is m i n im a l s e c u r it y b u i l t i n t o t h e A P I , w h i c h is w h y i t is d is a b le d M o d u le 11 - S e s s io n H ija c k in g b y d e f a u lt . I f e n a b le d t h e n t h e A P I is a v a ila b le t o a ll m a c h in e s t h a t a re a b le t o u s e Z A P as a p r o x y . B y Local Area Network (LAN) Settings d e f a u lt Z A P lis t e n s o n l y o n 'lo c a lh o s t ' a n d s o c a n o n ly Automatic configuration b e u s e d fr o m th e h o s t Automatic configuration may override manual settings. To ensure the use of manual settings, disable automatic configuration. m a c h in e . T h e A P I p r o v id e s a c ce ss t o @ Automaticaly detect settings t h e c o r e Z A P fe a tu r e s s u c h □ Use automatic configuration script as d ie a c tiv e s c a n n e r a n d Ades drs s p id e r . F u t u r e v e r s io n s o f Z A P w i l l in c re a s e t h e Proxy server f u n c t i o n a l i t y a v a ila b le v ia raLlse a proxy server for your LAN (These settings w not apply to ill LJdial-up or VPN connections). th e A P i. Address: 127.0.0.1 Port: | 8080| | Advanced Bypass proxy server for local addresses Cancel F I G U R E 2 1 1 : I E I n t e r n e t O p t io n s W i n d o w w i d i P r o x y S e ttin g s W i n d o w 1 7 . C li c k S e t b r e a k o n a l l r e q u e s t s a n d S e t b r e a k o n a l l r e s p o n s e s t o o TASK 2 H ij a c k i n g V i c t i m ’s S e s s io n t r a p a ll t h e r e q u e s t s a n d r e s p o n s e s f r o m t h e b r o w s e r . 5------------- Untitled S m sioo - OWASP 7AP £ 11• EJlt V l r AJUlyb• R»po!l T0 Jt* H*p 'f* pybiifci g o / ► e ~ J Sites(*‫ ׳‬j ________________ Request-^ ] Response*- [ Break X ] m Z A P a llo w s y o u t o t r y _ Sites [Header Icxi * jtoay: Text ▼ j PI t o b r u t e f o r c e d ir e c t o r ie s a n d file s . A s e t o f f ile s a re p r o v id e d w h i c h c o n t a in a la rg e n u m b e r o f f ile a n d d ir e c t o r y n a m e s . A tive Scan A c Spdet | Brute Force v~ ‫^ז‬ ‫ד‬ j F rre W u r . Param sLJ Current Scans £ 0 • * 0 0 ‫״‬ m A b r e a k p o i n t a llo w s F I G U R E 2 .1 2 : P a r o s p r o x y m a in w i n d o w y o u t o in t e r c e p t a r e q u e s t f r o m y o u ! b ro w s e r a n d to c h a n g e i t b e f o r e is is 18. N o w n a v ig a te to a c h r o m e b r o w s e r , a n d o p e n w w w .b in g .c o m . s u b m it t e d t o d ie w e b a p p lic a t io n y o u a re te s t in g . 19. S ta r t a s e a r c h f o r “ C a r s .” Y o u c a n a ls o c h a n g e t h e re s p o n s e s r e c e iv e d f r o m 2 0 . O p e n Z A P , w h i c h s h o w s f i r s t t r a p p e d i n c o m i n g w e b tr a f f i c . t h e a p p lic a t io n T h e r e q u e s t o r re s p o n s e w i l l b e 2 1 . O b s e r v e th e firs t fe w lin e s o f th e t r a p p e d tr a ffic 111 th e t r a p w in d o w s , d is p la y e d i n t h e B r e a k ta b w h i c h a llo w s y o u t o c h a n g e d is a b le d o r h id d e n f ie ld s , a n d k e e p c li c k in g S u b m i t a n d s t e p t o n e x t r e q u e s t o r r e s p o n s e u n t i l y o u s e e c a r s 111 t h e G E T r e q u e s t 111 t h e B r e a k ta b , a s s h o w n 111 t h e a n d w i l l a llo w y o u t o b y p a s s c lie n t s id e v a lid a t io n fo llo w in g s c r e e n s h o t. ( o f t e n e n f o r c e d u s in g ja v a s c r ip t) . I t is a n e s s e n tia l p e n e t r a t io n t e s t in g t e c h n iq u e . C E H La b M anual Page 725 E th ic a l H ack in g and Counterm easures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
M o d u le 11 - S e s s io n H ija c k in g U tiM Sessio ‫ ־‬O ASP 7 P n rd n W A £de Euit VtaA Anaiyfc* Ropoil Tools H«p to k i ‫ ו־ו‬u i v ‫ כי‬Q | Sites* ‫ן‬ m F ilt e r s a d d e x tr a CP 4-‫© >| >£ ׳‬ Request-v | Response‫ ־*־‬Break >41 F Giles ® (3 ‫ א‬r«1 *w a n g con p/‫־‬ fe a t u r e s t h a t c a n b e a p p lie d Metr.03 Heoaer: re*1 * j uoav:‫ו‬e t x ▼J hctp://wvw.blng.com/*»arch?q=5»Kgos&qa-nfcrcim =0BlJUfllt-alltpg^c4^).*e^0-0 43p‫:- ־‬sak- HTTP/1.1 Hose: wvw.Mng.cox Proxy-Connection: keep-alive U3er A;er.‫ : ־‬Mozilla/S.G !Windows NT 6.2; KOW AcpleWecKit/S37.4 (KHTHL, 64) . .lire secJc:. cnrone/22.0.1229.94 saran/537.4 Accept: te x t /h e r! , appl i cation/xhtml■*•xml f appl ic a tio n / xml; q-0.9, * / * ; q- 0 . 8 Rererer: http://vw v.b1ng. con/ Accept-Encoding: 3tier. Irrrr.T-:j-.rsr.;/cv - rn -"^ rn-n-H P ,______ ___________________________________ I t o e v e ry re q u e s t a n d re s p o n s e . B y d e f a u lt n o f ilt e r s a re in i t i a l l y e n a b le d . E n a b lin g a ll o f t h e f ilt e r s m a y s lo w d o w n d ie p r o x y . F u t u r e v e r s io n s o f d ie Z A P U s e r G u id e w il l d o c u m e n t Sidw p ffi t h e d e f a u lt f ilt e r s i n d e ta il. Al&its f t Searcn * » »c 1 ‫׳ 1 0 י‬ 1m 1 Current Scans £ 0 # 1 »-0 0 F I G U R E 2 .6 : P a ro s P r o x y w i t h T r a p o p t io n c o n te n t 2 2 . N o w c h a n g e th e q u e ry te x t f r o m C a r s to C a k e s in th e G E T re q u e s t. llntiWea Session -OWASP 7AP £4e Ealt V Analyk• Ropoit Toole H«p I«* J S sI* |_ ite , f t R Sites .‫ :־‬mtp/'A^.otngcom Q Request-v | Response^ [ Break M etioO I * j [Header. Ted )■] |Body Tot G ET hctp:// w » . ting.com/ search ?q=fcake3^go=tq3=n* rorm=QBI.Htf 1lc-al l*pq^Calcesfrsc-0 -:43p—l&ak- HTTP/1.1 L y = i F u z z in g is c o n f ig u r e d Hose: vw.Di n g , cox Proxy-Coonection: lreep-alive Uaer-Asenz: Mozilla/S.O !Windows NT 6.2; KCW 64) AcpleWeCK1537.4/ ‫( ־‬KHTML, l i t ‫ ־‬Geclccj CHzone/22.0.1229.94 SaEan/537.4 Acccpt: te x t/h tm l, app li cation/xhtm l‫ ־‬xml, appl ica tion /xm l; q-0.9, * / * ; q— 6 !‫־‬ C. Rererer: £ tt p : // v ‫־.־‬ ‫״‬v.bxr.g.con/ u s in g t h e O p t io n s F u z z in g s c re e n . A d d i t i o n a l f u z z i n g f ile s c a n b e a d d e d v ia t h is s c re e n o r c a n b e p u t . Accept-Encoding: sdcfc I r r . - r . T ‫ ־‬rn-T.^ r n ‫־‬n-a P . m a n u a lly i n t o t h e " f ii z z e r s " . 1 d ir e c t o r y w h e r e Z A P w a s in s t a lle d - t h e y w i l l t h e n *JfcltS f t Searcn -v b e c o m e a v a ila b le a f t e r r e s t a r t in g Z A P . 504 catowav n m o . 504 Gateway Time. . . 388mc 389ms, A «1te ‫0 י 0 מ‬ 1 ‫1 1׳ ז‬ ■ 2 3 . C li c k S u b m i t a n d s t e p t o n e x t r e q u e s t o r r e s p o n s e . 2 4 . S e a r c h f o r a ti tl e i n t h e R e s p o n s e p a n e a n d r e p l a c e C a k e s w i t h C a r s a s s h o w n 111 fo llo w in g fig u re . L y j ! T h e re q u e s t o r r e s p o n s e w i l l b e d is p la y e d i n t h e B r e a k t a b w h ic h a llo w s y o u t o c h a n g e d is a b le d o r h id d e n f ie ld s , a n d w i l l a llo w y o u t o b y p a s s c lie n t s id e v a lid a t io n ( o f t e n e n f o r c e d u s in g ja v a s c r ip t) . I t is a n e s s e n tia l p e n e t r a t io n t e s t in g t e c h n iq u e . C E H La b M anual Page 726 E th ic a l H ack in g and Counterm easures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
M o d u le 11 - S e s s io n H ija c k in g UntitledSessio ‫ ־‬O ASP 7 P n W A £ile Edit Vie* Analyte Report Tools H*p I. ‫ ־‬u b .‫־‬I la ‫0 פ‬ Request■* |Response^- [ Break I 3«m1» I ‫ ׳‬ft FG s ®ile (3‫ א‬rwp/‫־‬ *w»ngcom ltea:c‫ ־‬l i • e• U3c- l i *j e! 1 1[ I HTTP/1.1 200 O K C*ch*‫ ־‬Concrol: p riva te , nax-age-0 Ctntent ‫־‬Type: texc/h snl; ch arae t-utf8‫־‬ Expirea: Mon, IS Oct 2012 12:30:19 G T M P2P: CF--NOS UST C M W 3TA LOC CURa DFVa PSAa P3Da O R IND" O AV U s 3_ce a,‫׳‬ rccuse down‫,״‬run0 t1 0 n(n! {s __ t 1st>1e.;event .srcElexer.t :a .ta rge t) >,0! . )<)‫״‬ * //) jx/ s c r 1 p t x c 1 cle|cakea| - B 1 ng</t1 t l e X l m k r.ref="/s/vlflag. icc• ze~"lc2 n”/xlir.t r rer— . ■ /3earth?(j-C ake34a1nc;Q -fiturp;q3‫*־‬n r»p forrc-O C Sa ; BL!lSan,p; file— ollSanr^EQ-Cakesfian p;3c=0-043Ex?3p=-l«axp;31c=iaap;format=r33" rel="alternace" t1rle="XML• rype= PortScan ‫־‬ j Furzer Breakpoints & [ B u eFo c rt re Search 1 GET 3 GET rlp f l N C n corV rtS f M . i g ncpv^w.cir^ co‫״‬ v A eIs PO . 0 l t 1 504 Gateway Tine . 504 Gateway‫׳‬ Tim©. . . 389ms ■ 389ms C r e tScans £ 0 ^ 0 ^ 0 urn ‫י‬ .0 ‫ת‬a , J S«‫| »( ״‬ R«qb»»tw~] R>spons*~ [ ▼ l£ I■ i e S:* Qj f HMpftktwwb n con! t ig 0*0 IJntiflf'd Session OWASP 7AP £0Edit View Analyse Report Tools Help 1 1 L Ul : ! Params Oufcut j ______ Alerts f t _____ X 1 |Hm»l.T«11 » B0O).T«l » | □ IJ | HTTP/1.1 20a O K Cache-Consrel: p riva te , nax-acre-0 ccntent-Type: text/r.tm i; cnars«t*ut1-8 Expires: Mon, 15 Get 2012 12:30:19 G T M P2P: C?-‫״‬SO TOI C0K HAV STA LO CURa DEVa PSAa PSDa O R HID" S C U ‫. -־‬ -. ■■ W.i. I L ■i i.mwfc.' ii .!arm * ; ,uaLun1.il‫ ■ ׳‬iuin ‫. .׳‬iuulliuu ‫׳‬ ■ . iw .■ ‫׳‬ 3j_bc _d, "wzusedown", fu n ctio n (nI <3i_ct (3b_ie?event•srcEleraent:n.target) >,0) ) ) (); / / J j x 3‫ ׳‬c r : . p r x 1 - ‫- ־‬e' jcars| - Sir.g</t1tlex11nic hrer="/ 3/v llla g .1co" re I s ‫ ־‬ic o n V x lin k h re f•/3sarch?3=Cake3£arx;gc=£a1np;q3=n£anp‫׳‬forrt=Q3LH£artp; f11c=all£anp;cq=Cake3£ar: • p;sc=o-04ar2:;sp=-liaxp;3Jc=iaa3?;rormat=r3s" rel="altemate" t1tle="XML• :ype= ActvsScan A Historj“ [ Spide ^ | r B u eForced rt [ PortScan: ] FuzzerW ‫ ן‬ParamsO Otu -c: |_______ Search _______ J __________ Breakpoints ^ __________1 ______ Alerts f t _____ h »*n 1 tin c rn ltp‫ ׳‬n g o f ' n / V V rqco tp ‫׳‬A k ,.c ‫״‬v A eis P0 . 0 l t 504 GatewayTime 504 catowa‫׳‬ Tine. . . 389ms 389ms 0*0 CurientScans £ 0 ^ 0 1*‫ו‬ F I G U R E 2 .7 : P a r o s P r o x y s e a r c h s t r in g c o n t e n t 2 5 . 111 t h e s a m e R e s p o n s e p a n e , r e p l a c e C a k e s w i t h C a r s a s s h o w n i n t h e fo llo w in g fig u re a t th e v a lu e s h o w n . ■ Untitled Session * OWASP ZAP T l i i s f u n c t io n a lit y is b a se d o n c o d e f r o m th e O W A S P J B r o F u z z p r o je c t a n d in c lu d e s f ile s f r o m t h e f u z z d b p r o je c t . N o t e t h a t s o m e f u z z d b f ile s h a v e b e e n l e f t o u t as t h e y c a u s e c o m m o n a n t i v ir u s s c a n n e r s t o f la g t h e m as c o n t a in i n g v ir u s e s . Y o u c a n r e p la c e t h e m (a n d u p g r a d e f u z z d b ) b y d o w n lo a d in g - I - U 2 J File Eon View Analyse Repoit Tools H«p la» id l‫־‬l & G O J Sites1 | * 'ft PSlles 4 H ■ ! ^ 0 Retjues♦“ * ] Response^ ! Break Heaser T r ‫״‬ en Bog :T x * y ci 0 r1napjfw M oing.com 'M . HIT*/1.1 i0 ‫׳‬u or. Cacr.e-Conrrcl: p r m : e , nax-age=o Ccntent-Type: texc/htm l; charset— tf-8 u Expirea: Mon, IS Cct 2012 12:30:19 G T M P3P: CF-'KON‫ ־‬tJKI C K HRV STi. LOC C Ra DFVa PSAa PSDa C IND" O U tJR ‫ ־ ■ ! ! ״‬s‫!_^׳‬j _5iA sua:.‫ .__׳‬ijuj. ‫׳‬ ‫ב‬a=‫3״‬v_cta■>3eca> ‫׳‬ . ‫ ׳‬dxvxdzv clas3 n w ci"> d v clas3=',3v_bn 1a=‫ ״‬swjD‫><״‬npuw.1 = 3 _b < ^ _ m *class—3 w q o ia="9b Com q* n " fe x" arae= n t.ltle="En1;er your search cera• :vp "q te x t* va l * ‫^ ־‬afceaf* or.focuoa=— ■‫ . ז פ912 =0ב‬ge-Elenentsyia ‫3 ' ן‬w b ‫ . ן י‬style .to rd e rco lo r = ' #3366‫= ״ ;יםש‬cn riu r ‫ד‬ docunent.qetElenentByld I ’ 3w_bt I .s ty le •borderColor - '4999'; " / X d iir • ‫ס‬la - 3— ‫3 ״‬v_dvar‫ ״‬x / d 1 v x input id - "sb_£orrt_go" cla33="3w_qbtn" t i t l e - *Search" t h e la t e s t v e r s io n o f f u z z d b a n d e x p a n d in g i t i n t h e Brjte Force j*• PortScan‫־‬ _____| Furrer | Paramsn | Output A itsft lfe Search ,f u z z e r s ' lib r a r y . 504 GatewayTine. 504 Gat»w3y lino. " ■ 389m$ 389msr Curient Scans v 0 4 t 0 1 />0 C E H La b M anual Page 727 0%>0 E th ic a l H ack in g and Counterm easures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
M o d u le 11 - S e s s io n H ija c k in g U tiM Sessio ‫ ־‬O ASP 7 P n rd n W A [ £«e Ejii view Analyte Ropoil Tos ol H#p ► rl w 0 ‫ס‬ ti J S«Ufr 1_ Request■** | Response^ leaser leu ‫״‬ Break v ‫׳‬ Uo«y: T«a1 i HTTP/1.1 200 OK T lu s t o o l k e e p s t r a c k o f t h e e x is t in g H t t p C*ch*‫ ־‬C o n c ro l: p r iv a c a , r*ax-aga-0 C cnccn ‫״ ־‬Type: c e x c /h s n l; c h a r a e t - u t f 8‫־‬ S e s s io n s o n a p a r t i c u la r S ite Expirea: Xor., IS Oct 2012 12:30:19 GMT P2P: CF--NOS UST COM WAV STR LOC CURa DEVa PSAa P3Da OUR IND" a n d a llo w s t h e Z a p r o x y .5 w c t a*>B*c»</davx<11v Clas3 "= 3=‫3'׳‬w bd"><cl1v :ias3=‫ ״‬sw 6 " :2=‫ 3 ׳‬u f x 1 .:pu ‫־‬ . -la33-"3v_qfcox"id-"3b_Eonn_q" name-"q" title— "Enter your search tern1 type: u s e r t o f o r c e a ll re q u e s ts t o = text■ value=' 3 b e o n a p a r t ic u la r s e s s io n . B a s ic a lly , i t a llo w s t h e u s e r t o e a s ily s w it c h b e t w e e n Sp d-f £ t o c r e a te a n e w S e s s io n [ T u s e r s e s s io n s o n a S ite a n d w it h o u t " d e s tro y in g " th e 3nf ocua, tocunent.ge!‫ —־‬Elenenc3yId|,aw b 1).9tyle.borderColor='#3366fcb,;w onblur ' docunent.getElenentByld I*sw_b' J .style•borderColor' - ‫/";י 999#י‬X d i ▼ class— ‫3י‬v_dv:1r "></cL.v><input rd="sb_forrt_go" class="sw_qbtn" t!tle="Search" 1 3 GET GET Port Scan ' ] Furzer Break Points & B1 Force ‫*־׳‬e Search rlp f l N C n corV rtS f M . i g 9‫ י י - * * * ס ז‬co‫״‬v **‫׳£׳יי‬ jjf 504 Gateway Time . 504 Gateway Time. Params G j j________ Alerts Oufcut ______ 389ms 389ms e x is t in g o n e s . Current Scans £ 0 # 0 F IG U R E Z8: P a ro s w i t h ^ 0 _ 0 y o m o d if ie d tra p o p t io n c o n te n t N o te : H e r e w e a re c h a n g in g th e te x t C a k e s to C a rs ; th e b in g s e a r c h s h o w s C a rs , w h e r e a s th e re s u lts d is p la y e d a re f o r C a k e s. 2 6 . O b s e r v e t h e B in g s e a r c h w e b p a g e d i s p l a y e d 1 1 1 t h e b r o w s e r w i t h search q u e ry as “ C a k e s .” ‫ב ד‬ X WEB L y d J I t is b a s e d o n d ie H 2) www.bing.corn/search?q=cars&go=&qs‫־־‬n&form =Q BLH&filt=all&pq=cars&sc=0 IMAGES VDEOS HEWS MORE t> 1n q Beta c o n c e p t o f S e s s io n T o k e n s , w h i c h a re H T T P m e s s a g e 357.00 0 0 ‫ נ‬RESULTS p a r a m e t e r s ( f o r n o w o n ly l-naaes cflcakesl C o o k ie s ) w h ic h a llo w a n tnrq com/maces H T T P s e rv e r to c o n n e c t a re q u e s t m essage w ith a ny p r e v io u s re q u e s ts o r d a ta s t o r e d . I n t h e ca se o f Z a p r o x y , c o n c e p t u a lly , s e s s io n t o k e n s h a v e b e e n C a ke c la s s if ie d i n t o 2 c a te g o r ie s : W ikipo d ia th o fro o encyclopedia en w k p*da o‫־‬g Wkt/Cake Varieties Special-purpose cakes Shapes Cake flout Cake decorating Cake ts a forrr cf bread ot bread-like food In its modern forms, it is typically a sweet ba«od dessert In As oldest forms, cakoc •voro normally fnod broadc or d e f a u lt s e s s io n t o k e n s a n d s ite s e s s io n t o k e n s . T h e d e f a u lt s e s s io n t o k e n s a re F I G U R E 2 .6 : S e a rc h r e s u lt s w i n d o w a f t e r m o d if y in g t h e c o n t e n t th e o n e s th a t th e u s e r ca n s e t i n d ie O p t io n s S c re e n a n d a re t o k e n s t h a t a re , b y d e f a u lt , a u t o m a t ic a lly c o n s id e r e d s e s s io n t o k e n s 2 7 . T h a t 's it. Y o u j u s t f o r c e d a il u n s u s p e c t i n g w e b b r o w s e r t o g o t o a n y p a g e o f }7o u r c h o o s i n g . f o r a n y s ite (e g . p h p s e s s id , js e s s io n id , e tc ) . T h e s ite L a b A n a ly s is s e s s io n t o k e n s a re a s e t o f t o k e n s f o r a p a r t i c u la r s ite a n d a re u s u a lly s e t u p u s in g t h e p o p u p m e n u s a v a ila b le A n a ly z e a n d d o c u m e n t d i e r e s u lts r e l a te d t o d ie la b e x e rc is e . G iv e y o u r o p i n i o n o n y o u r ta r g e t’s s e c u n t y p o s t u r e a n d e x p o s u r e . in th e P a ra m s T a b . T o o l/U tility I n f o r m a tio n C o lle c te d /O b je c tiv e s A c h ie v e d ■ S S L c e rtif ic a te to h a c k in to a w e b s ite ■ R e d i r e c t i n g t h e r e q u e s t m a d e i n B in g Z e d A tta c k P ro x y C E H La b M anual Page 728 E th ic a l H ack in g and Counterm easures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
P L E A S E TALK T O Y O U R I N S T R U C T O R IF YOU H A V E Q U E S T I O N S R E L A T E D T O T H I S LAB. Q u e s t io n s 1. E v a lu a t e e a c h o f t h e f o llo w in g P a r o s p r o x y o p ti o n s : a. T ra p R eq u est b. T ra p R esp o n se c. C o n tin u e B u tto n d. D r o p B u tto n I n te r n e t C o n n e c tio n R e q u ire d 0 Y es □ No P la tfo rm S u p p o rte d 0 C E H La b M anual Page 729 C la s s ro o m □ !L ab s E th ic a l H ack in g and Countem ieasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.

Recommended

Ceh v8 labs module 10 denial of service
Ceh v8 labs module 10 denial of serviceCeh v8 labs module 10 denial of service
Ceh v8 labs module 10 denial of serviceMehrdad Jingoism
 
Ceh v8 labs module 12 hacking webservers
Ceh v8 labs module 12 hacking webserversCeh v8 labs module 12 hacking webservers
Ceh v8 labs module 12 hacking webserversMehrdad Jingoism
 
Ceh v8 labs module 18 buffer overflow
Ceh v8 labs module 18 buffer overflowCeh v8 labs module 18 buffer overflow
Ceh v8 labs module 18 buffer overflowMehrdad Jingoism
 
Ceh v8 labs module 06 trojans and backdoors
Ceh v8 labs module 06 trojans and backdoorsCeh v8 labs module 06 trojans and backdoors
Ceh v8 labs module 06 trojans and backdoorsMehrdad Jingoism
 
H3LP DTR V.2.0.
H3LP DTR V.2.0.H3LP DTR V.2.0.
H3LP DTR V.2.0.Kocsis Gabor
 
Ceh v8 labs module 19 cryptography
Ceh v8 labs module 19 cryptographyCeh v8 labs module 19 cryptography
Ceh v8 labs module 19 cryptographyMehrdad Jingoism
 
4 IATA Training
4 IATA Training4 IATA Training
4 IATA TrainingMohamed Tayfour
 
Maurizio_Taffone_Emerging_Security_Threats
Maurizio_Taffone_Emerging_Security_ThreatsMaurizio_Taffone_Emerging_Security_Threats
Maurizio_Taffone_Emerging_Security_ThreatsMaurizio Taffone
 

Recommended

Ceh v8 labs module 10 denial of service
Ceh v8 labs module 10 denial of serviceCeh v8 labs module 10 denial of service
Ceh v8 labs module 10 denial of serviceMehrdad Jingoism
 
Ceh v8 labs module 12 hacking webservers
Ceh v8 labs module 12 hacking webserversCeh v8 labs module 12 hacking webservers
Ceh v8 labs module 12 hacking webserversMehrdad Jingoism
 
Ceh v8 labs module 18 buffer overflow
Ceh v8 labs module 18 buffer overflowCeh v8 labs module 18 buffer overflow
Ceh v8 labs module 18 buffer overflowMehrdad Jingoism
 
Ceh v8 labs module 06 trojans and backdoors
Ceh v8 labs module 06 trojans and backdoorsCeh v8 labs module 06 trojans and backdoors
Ceh v8 labs module 06 trojans and backdoorsMehrdad Jingoism
 
H3LP DTR V.2.0.
H3LP DTR V.2.0.H3LP DTR V.2.0.
H3LP DTR V.2.0.Kocsis Gabor
 
Ceh v8 labs module 19 cryptography
Ceh v8 labs module 19 cryptographyCeh v8 labs module 19 cryptography
Ceh v8 labs module 19 cryptographyMehrdad Jingoism
 
4 IATA Training
4 IATA Training4 IATA Training
4 IATA TrainingMohamed Tayfour
 
Maurizio_Taffone_Emerging_Security_Threats
Maurizio_Taffone_Emerging_Security_ThreatsMaurizio_Taffone_Emerging_Security_Threats
Maurizio_Taffone_Emerging_Security_ThreatsMaurizio Taffone
 
Passivhaus on a shoestring
Passivhaus on a shoestringPassivhaus on a shoestring
Passivhaus on a shoestringPaul Testa
 
Francis cv 27 05-2013
Francis cv 27 05-2013Francis cv 27 05-2013
Francis cv 27 05-2013Francis Bell
 
diploma1
diploma1diploma1
diploma1Milos Djurovic
 
Kirstie Minifie Portfolio Final 2
Kirstie Minifie Portfolio Final 2Kirstie Minifie Portfolio Final 2
Kirstie Minifie Portfolio Final 2Kirstie Minifie
 
Winload.efi.mui
Winload.efi.muiWinload.efi.mui
Winload.efi.muijason reynolds
 
portfolio2014_StK-s
portfolio2014_StK-sportfolio2014_StK-s
portfolio2014_StK-sStephen Kelleher
 
TELEPHONE BILLING SYSTEM
TELEPHONE BILLING SYSTEMTELEPHONE BILLING SYSTEM
TELEPHONE BILLING SYSTEMShailesh kumar
 
Aisha_Isaacs_updated_cv
Aisha_Isaacs_updated_cvAisha_Isaacs_updated_cv
Aisha_Isaacs_updated_cvAisha Isaacs
 
Elements of mechanical engineering (notes)
Elements of mechanical engineering (notes)Elements of mechanical engineering (notes)
Elements of mechanical engineering (notes)Ahmad Sakib
 
University of Bristol Law Society's Dicta Magzine - 2016 Edition
University of Bristol Law Society's Dicta Magzine - 2016 EditionUniversity of Bristol Law Society's Dicta Magzine - 2016 Edition
University of Bristol Law Society's Dicta Magzine - 2016 EditionGeorge Edward Aubrey
 
Breezeway rivulet park
Breezeway rivulet parkBreezeway rivulet park
Breezeway rivulet parkJohn Latham
 
Tulsi Gabbard FEC complaint Mufi Hannemann
Tulsi Gabbard FEC complaint Mufi HannemannTulsi Gabbard FEC complaint Mufi Hannemann
Tulsi Gabbard FEC complaint Mufi HannemannHonolulu Civil Beat
 
Informing Innovation: Contextual Investigation for Effective Academic Technol...
Informing Innovation: Contextual Investigation for Effective Academic Technol...Informing Innovation: Contextual Investigation for Effective Academic Technol...
Informing Innovation: Contextual Investigation for Effective Academic Technol...char booth
 
Manejo del dolor con medicamentos Guna
Manejo del dolor con medicamentos GunaManejo del dolor con medicamentos Guna
Manejo del dolor con medicamentos GunaNaturpharma (Medicina Biológica)
 
Untitled-1
Untitled-1Untitled-1
Untitled-1Nelson Tseng
 
Metodo de einsten capacidad de transporte
Metodo de einsten capacidad de transporteMetodo de einsten capacidad de transporte
Metodo de einsten capacidad de transporteWaldo Ruben Santander Quispe
 
Backup of diccionary copy
Backup of diccionary copyBackup of diccionary copy
Backup of diccionary copyEnrique Marquez
 
Catchy web pages via Wordpress
Catchy web pages via WordpressCatchy web pages via Wordpress
Catchy web pages via WordpressBUDNET
 
L4G_2015_BROCHURE
L4G_2015_BROCHUREL4G_2015_BROCHURE
L4G_2015_BROCHUREAndrew Grimstone
 
Tarea Ppt Enfermeria 20091
Tarea Ppt Enfermeria 20091Tarea Ppt Enfermeria 20091
Tarea Ppt Enfermeria 20091USACH
 
Toepassing Vade Mecu M B Sc S 090215
Toepassing Vade Mecu M B Sc S 090215Toepassing Vade Mecu M B Sc S 090215
Toepassing Vade Mecu M B Sc S 090215Aart Hilhorst
 
Globoforce Retention In Recession Na
Globoforce Retention In Recession NaGloboforce Retention In Recession Na
Globoforce Retention In Recession Naragerave
 

More Related Content

What's hot

Passivhaus on a shoestring
Passivhaus on a shoestringPassivhaus on a shoestring
Passivhaus on a shoestringPaul Testa
 
Francis cv 27 05-2013
Francis cv 27 05-2013Francis cv 27 05-2013
Francis cv 27 05-2013Francis Bell
 
Kirstie Minifie Portfolio Final 2
Kirstie Minifie Portfolio Final 2Kirstie Minifie Portfolio Final 2
Kirstie Minifie Portfolio Final 2Kirstie Minifie
 
TELEPHONE BILLING SYSTEM
TELEPHONE BILLING SYSTEMTELEPHONE BILLING SYSTEM
TELEPHONE BILLING SYSTEMShailesh kumar
 
Aisha_Isaacs_updated_cv
Aisha_Isaacs_updated_cvAisha_Isaacs_updated_cv
Aisha_Isaacs_updated_cvAisha Isaacs
 
Elements of mechanical engineering (notes)
Elements of mechanical engineering (notes)Elements of mechanical engineering (notes)
Elements of mechanical engineering (notes)Ahmad Sakib
 
University of Bristol Law Society's Dicta Magzine - 2016 Edition
University of Bristol Law Society's Dicta Magzine - 2016 EditionUniversity of Bristol Law Society's Dicta Magzine - 2016 Edition
University of Bristol Law Society's Dicta Magzine - 2016 EditionGeorge Edward Aubrey
 
Breezeway rivulet park
Breezeway rivulet parkBreezeway rivulet park
Breezeway rivulet parkJohn Latham
 
Tulsi Gabbard FEC complaint Mufi Hannemann
Tulsi Gabbard FEC complaint Mufi HannemannTulsi Gabbard FEC complaint Mufi Hannemann
Tulsi Gabbard FEC complaint Mufi HannemannHonolulu Civil Beat
 
Informing Innovation: Contextual Investigation for Effective Academic Technol...
Informing Innovation: Contextual Investigation for Effective Academic Technol...Informing Innovation: Contextual Investigation for Effective Academic Technol...
Informing Innovation: Contextual Investigation for Effective Academic Technol...char booth
 
Backup of diccionary copy
Backup of diccionary copyBackup of diccionary copy
Backup of diccionary copyEnrique Marquez
 
Catchy web pages via Wordpress
Catchy web pages via WordpressCatchy web pages via Wordpress
Catchy web pages via WordpressBUDNET
 

What's hot (19)

Passivhaus on a shoestring
Passivhaus on a shoestringPassivhaus on a shoestring
Passivhaus on a shoestring
 
Francis cv 27 05-2013
Francis cv 27 05-2013Francis cv 27 05-2013
Francis cv 27 05-2013
 
diploma1
diploma1diploma1
diploma1
 
Kirstie Minifie Portfolio Final 2
Kirstie Minifie Portfolio Final 2Kirstie Minifie Portfolio Final 2
Kirstie Minifie Portfolio Final 2
 
Winload.efi.mui
Winload.efi.muiWinload.efi.mui
Winload.efi.mui
 
portfolio2014_StK-s
portfolio2014_StK-sportfolio2014_StK-s
portfolio2014_StK-s
 
TELEPHONE BILLING SYSTEM
TELEPHONE BILLING SYSTEMTELEPHONE BILLING SYSTEM
TELEPHONE BILLING SYSTEM
 
Aisha_Isaacs_updated_cv
Aisha_Isaacs_updated_cvAisha_Isaacs_updated_cv
Aisha_Isaacs_updated_cv
 
Elements of mechanical engineering (notes)
Elements of mechanical engineering (notes)Elements of mechanical engineering (notes)
Elements of mechanical engineering (notes)
 
University of Bristol Law Society's Dicta Magzine - 2016 Edition
University of Bristol Law Society's Dicta Magzine - 2016 EditionUniversity of Bristol Law Society's Dicta Magzine - 2016 Edition
University of Bristol Law Society's Dicta Magzine - 2016 Edition
 
Breezeway rivulet park
Breezeway rivulet parkBreezeway rivulet park
Breezeway rivulet park
 
Tulsi Gabbard FEC complaint Mufi Hannemann
Tulsi Gabbard FEC complaint Mufi HannemannTulsi Gabbard FEC complaint Mufi Hannemann
Tulsi Gabbard FEC complaint Mufi Hannemann
 
Informing Innovation: Contextual Investigation for Effective Academic Technol...
Informing Innovation: Contextual Investigation for Effective Academic Technol...Informing Innovation: Contextual Investigation for Effective Academic Technol...
Informing Innovation: Contextual Investigation for Effective Academic Technol...
 
Manejo del dolor con medicamentos Guna
Manejo del dolor con medicamentos GunaManejo del dolor con medicamentos Guna
Manejo del dolor con medicamentos Guna
 
Untitled-1
Untitled-1Untitled-1
Untitled-1
 
Metodo de einsten capacidad de transporte
Metodo de einsten capacidad de transporteMetodo de einsten capacidad de transporte
Metodo de einsten capacidad de transporte
 
Backup of diccionary copy
Backup of diccionary copyBackup of diccionary copy
Backup of diccionary copy
 
Catchy web pages via Wordpress
Catchy web pages via WordpressCatchy web pages via Wordpress
Catchy web pages via Wordpress
 
L4G_2015_BROCHURE
L4G_2015_BROCHUREL4G_2015_BROCHURE
L4G_2015_BROCHURE
 

Viewers also liked

Tarea Ppt Enfermeria 20091
Tarea Ppt Enfermeria 20091Tarea Ppt Enfermeria 20091
Tarea Ppt Enfermeria 20091USACH
 
Toepassing Vade Mecu M B Sc S 090215
Toepassing Vade Mecu M B Sc S 090215Toepassing Vade Mecu M B Sc S 090215
Toepassing Vade Mecu M B Sc S 090215Aart Hilhorst
 
Globoforce Retention In Recession Na
Globoforce Retention In Recession NaGloboforce Retention In Recession Na
Globoforce Retention In Recession Naragerave
 
Porque os serviços estão cada vez mais parecidos com o Mc Donald´s ?
Porque os serviços estão cada vez mais parecidos com o Mc Donald´s ?Porque os serviços estão cada vez mais parecidos com o Mc Donald´s ?
Porque os serviços estão cada vez mais parecidos com o Mc Donald´s ?Marcos Morita
 
Application For Certified Copy Of Birth Certificat
Application For Certified Copy Of Birth CertificatApplication For Certified Copy Of Birth Certificat
Application For Certified Copy Of Birth Certificatbuckbre
 
Pembahasansoalmateriunsmp2013 131005233827-phpapp01
Pembahasansoalmateriunsmp2013 131005233827-phpapp01Pembahasansoalmateriunsmp2013 131005233827-phpapp01
Pembahasansoalmateriunsmp2013 131005233827-phpapp01Wayan Sudiarta
 
Petunjuk penilaian kru.2013
Petunjuk penilaian kru.2013Petunjuk penilaian kru.2013
Petunjuk penilaian kru.2013Wayan Sudiarta
 
Dapodik 2013-aplikasi v.2.00
Dapodik 2013-aplikasi v.2.00Dapodik 2013-aplikasi v.2.00
Dapodik 2013-aplikasi v.2.00Wayan Sudiarta
 
Ceh v8 labs module 07 viruses and worms
Ceh v8 labs module 07 viruses and wormsCeh v8 labs module 07 viruses and worms
Ceh v8 labs module 07 viruses and wormsMehrdad Jingoism
 
Ceh v8 labs module 04 enumeration
Ceh v8 labs module 04 enumerationCeh v8 labs module 04 enumeration
Ceh v8 labs module 04 enumerationMehrdad Jingoism
 
Tarea vi de medios y recursos didacticos
Tarea vi de medios y recursos didacticosTarea vi de medios y recursos didacticos
Tarea vi de medios y recursos didacticos19943812
 
Ceh v8 labs module 15 hacking wireless networks
Ceh v8 labs module 15 hacking wireless networksCeh v8 labs module 15 hacking wireless networks
Ceh v8 labs module 15 hacking wireless networksMehrdad Jingoism
 
Ceh v8 labs module 13 hacking web applications
Ceh v8 labs module 13 hacking web applicationsCeh v8 labs module 13 hacking web applications
Ceh v8 labs module 13 hacking web applicationsMehrdad Jingoism
 
Ceh v8 labs module 17 evading ids, firewalls and honeypots
Ceh v8 labs module 17 evading ids, firewalls and honeypotsCeh v8 labs module 17 evading ids, firewalls and honeypots
Ceh v8 labs module 17 evading ids, firewalls and honeypotsMehrdad Jingoism
 
Ce hv8 module 14 sql injection
Ce hv8 module 14 sql injectionCe hv8 module 14 sql injection
Ce hv8 module 14 sql injectionMehrdad Jingoism
 
High Speed Parameter Estimation for a Homogenized Energy Model- Doctoral Defe...
High Speed Parameter Estimation for a Homogenized Energy Model- Doctoral Defe...High Speed Parameter Estimation for a Homogenized Energy Model- Doctoral Defe...
High Speed Parameter Estimation for a Homogenized Energy Model- Doctoral Defe...Jon Ernstberger
 

Viewers also liked (20)

Tarea Ppt Enfermeria 20091
Tarea Ppt Enfermeria 20091Tarea Ppt Enfermeria 20091
Tarea Ppt Enfermeria 20091
 
Toepassing Vade Mecu M B Sc S 090215
Toepassing Vade Mecu M B Sc S 090215Toepassing Vade Mecu M B Sc S 090215
Toepassing Vade Mecu M B Sc S 090215
 
Globoforce Retention In Recession Na
Globoforce Retention In Recession NaGloboforce Retention In Recession Na
Globoforce Retention In Recession Na
 
Porque os serviços estão cada vez mais parecidos com o Mc Donald´s ?
Porque os serviços estão cada vez mais parecidos com o Mc Donald´s ?Porque os serviços estão cada vez mais parecidos com o Mc Donald´s ?
Porque os serviços estão cada vez mais parecidos com o Mc Donald´s ?
 
Application For Certified Copy Of Birth Certificat
Application For Certified Copy Of Birth CertificatApplication For Certified Copy Of Birth Certificat
Application For Certified Copy Of Birth Certificat
 
Pembahasansoalmateriunsmp2013 131005233827-phpapp01
Pembahasansoalmateriunsmp2013 131005233827-phpapp01Pembahasansoalmateriunsmp2013 131005233827-phpapp01
Pembahasansoalmateriunsmp2013 131005233827-phpapp01
 
Petunjuk penilaian kru.2013
Petunjuk penilaian kru.2013Petunjuk penilaian kru.2013
Petunjuk penilaian kru.2013
 
Dapodik 2013-aplikasi v.2.00
Dapodik 2013-aplikasi v.2.00Dapodik 2013-aplikasi v.2.00
Dapodik 2013-aplikasi v.2.00
 
Proyecto manhattan
Proyecto manhattanProyecto manhattan
Proyecto manhattan
 
Ceh v8 labs module 07 viruses and worms
Ceh v8 labs module 07 viruses and wormsCeh v8 labs module 07 viruses and worms
Ceh v8 labs module 07 viruses and worms
 
VAN HALEN IIenfatizzato
VAN HALEN IIenfatizzatoVAN HALEN IIenfatizzato
VAN HALEN IIenfatizzato
 
Ceh v8 labs module 04 enumeration
Ceh v8 labs module 04 enumerationCeh v8 labs module 04 enumeration
Ceh v8 labs module 04 enumeration
 
Tarea vi de medios y recursos didacticos
Tarea vi de medios y recursos didacticosTarea vi de medios y recursos didacticos
Tarea vi de medios y recursos didacticos
 
Ce hv8 module 00
Ce hv8 module 00Ce hv8 module 00
Ce hv8 module 00
 
Ceh v8 labs module 15 hacking wireless networks
Ceh v8 labs module 15 hacking wireless networksCeh v8 labs module 15 hacking wireless networks
Ceh v8 labs module 15 hacking wireless networks
 
Ceh v8 labs module 00
Ceh v8 labs module 00Ceh v8 labs module 00
Ceh v8 labs module 00
 
Ceh v8 labs module 13 hacking web applications
Ceh v8 labs module 13 hacking web applicationsCeh v8 labs module 13 hacking web applications
Ceh v8 labs module 13 hacking web applications
 
Ceh v8 labs module 17 evading ids, firewalls and honeypots
Ceh v8 labs module 17 evading ids, firewalls and honeypotsCeh v8 labs module 17 evading ids, firewalls and honeypots
Ceh v8 labs module 17 evading ids, firewalls and honeypots
 
Ce hv8 module 14 sql injection
Ce hv8 module 14 sql injectionCe hv8 module 14 sql injection
Ce hv8 module 14 sql injection
 
High Speed Parameter Estimation for a Homogenized Energy Model- Doctoral Defe...
High Speed Parameter Estimation for a Homogenized Energy Model- Doctoral Defe...High Speed Parameter Estimation for a Homogenized Energy Model- Doctoral Defe...
High Speed Parameter Estimation for a Homogenized Energy Model- Doctoral Defe...
 

Similar to Ceh v8 labs module 11 session hijacking

Scanned by CamScanner6 8i d e a s o r w o r ds , b u t.docx
Scanned by CamScanner6 8i d e a s o r w o r ds , b u t.docxScanned by CamScanner6 8i d e a s o r w o r ds , b u t.docx
Scanned by CamScanner6 8i d e a s o r w o r ds , b u t.docxkenjordan97598
 
From Data to Knowledge
From Data to KnowledgeFrom Data to Knowledge
From Data to KnowledgeFabien Richard
 
Allora USA - Get Best Sinks and Faucets
Allora USA - Get Best Sinks and FaucetsAllora USA - Get Best Sinks and Faucets
Allora USA - Get Best Sinks and FaucetsAlloraUSAblogs
 
Scanned by CamScannerO n e o f S w ia liz e ď s e x .docx
Scanned by CamScannerO n e o f S w ia liz e ď s e x .docxScanned by CamScannerO n e o f S w ia liz e ď s e x .docx
Scanned by CamScannerO n e o f S w ia liz e ď s e x .docxanhlodge
 
Collaborative technology in a 1:1 world
Collaborative technology in a 1:1 worldCollaborative technology in a 1:1 world
Collaborative technology in a 1:1 worldHarry van der Veen
 
Letter of Recommendation
Letter of RecommendationLetter of Recommendation
Letter of RecommendationHadi Jomaa
 
237066775 case-pres-pedia-final
237066775 case-pres-pedia-final237066775 case-pres-pedia-final
237066775 case-pres-pedia-finalhomeworkping3
 
InstructionsDo the following and submit the completed assignment.docx
InstructionsDo the following and submit the completed assignment.docxInstructionsDo the following and submit the completed assignment.docx
InstructionsDo the following and submit the completed assignment.docxdirkrplav
 
Towards Exemplary Moodle Courses at YSJU
Towards Exemplary Moodle Courses at YSJUTowards Exemplary Moodle Courses at YSJU
Towards Exemplary Moodle Courses at YSJUPhil Vincent
 
PLACE YOUR SPORTS BETS
PLACE YOUR SPORTS BETS PLACE YOUR SPORTS BETS
PLACE YOUR SPORTS BETS Tamara Jones
 
Dr. Frances Elliot
Dr. Frances ElliotDr. Frances Elliot
Dr. Frances ElliotInvestnet
 
Scanned by CamScannerG o o d w M P r e p a id r e n t.docx
Scanned by CamScannerG o o d w M P r e p a id r e n t.docxScanned by CamScannerG o o d w M P r e p a id r e n t.docx
Scanned by CamScannerG o o d w M P r e p a id r e n t.docxkenjordan97598
 
Presentation_NVL_Island7juni2022.pptx
Presentation_NVL_Island7juni2022.pptxPresentation_NVL_Island7juni2022.pptx
Presentation_NVL_Island7juni2022.pptxEbba Ossiannilsson
 
Understanding Online Consumer Behavior in Fashion E-commerce by the applicati...
Understanding Online Consumer Behavior in Fashion E-commerce by the applicati...Understanding Online Consumer Behavior in Fashion E-commerce by the applicati...
Understanding Online Consumer Behavior in Fashion E-commerce by the applicati...ÉTAMINE STUDIOS
 
Diapositivas seminario biologia molecular .pdf
Diapositivas seminario biologia molecular .pdfDiapositivas seminario biologia molecular .pdf
Diapositivas seminario biologia molecular .pdfNataliaFlrezSalazar
 
1Terrorism is highly d e p e n d e n t o n c a s h f.docx
1Terrorism is highly d e p e n d e n t o n c a s h f.docx1Terrorism is highly d e p e n d e n t o n c a s h f.docx
1Terrorism is highly d e p e n d e n t o n c a s h f.docxeugeniadean34240
 
Cisa domain 2 part 3 governance and management of it
Cisa domain 2 part 3 governance and management of itCisa domain 2 part 3 governance and management of it
Cisa domain 2 part 3 governance and management of itShivamSharma909
 

Similar to Ceh v8 labs module 11 session hijacking (20)

Scanned by CamScanner6 8i d e a s o r w o r ds , b u t.docx
Scanned by CamScanner6 8i d e a s o r w o r ds , b u t.docxScanned by CamScanner6 8i d e a s o r w o r ds , b u t.docx
Scanned by CamScanner6 8i d e a s o r w o r ds , b u t.docx
 
From Data to Knowledge
From Data to KnowledgeFrom Data to Knowledge
From Data to Knowledge
 
Allora USA - Get Best Sinks and Faucets
Allora USA - Get Best Sinks and FaucetsAllora USA - Get Best Sinks and Faucets
Allora USA - Get Best Sinks and Faucets
 
Scanned by CamScannerO n e o f S w ia liz e ď s e x .docx
Scanned by CamScannerO n e o f S w ia liz e ď s e x .docxScanned by CamScannerO n e o f S w ia liz e ď s e x .docx
Scanned by CamScannerO n e o f S w ia liz e ď s e x .docx
 
Collaborative technology in a 1:1 world
Collaborative technology in a 1:1 worldCollaborative technology in a 1:1 world
Collaborative technology in a 1:1 world
 
Analysis by shloka
Analysis by shlokaAnalysis by shloka
Analysis by shloka
 
Endorsements
EndorsementsEndorsements
Endorsements
 
Letter of Recommendation
Letter of RecommendationLetter of Recommendation
Letter of Recommendation
 
237066775 case-pres-pedia-final
237066775 case-pres-pedia-final237066775 case-pres-pedia-final
237066775 case-pres-pedia-final
 
InstructionsDo the following and submit the completed assignment.docx
InstructionsDo the following and submit the completed assignment.docxInstructionsDo the following and submit the completed assignment.docx
InstructionsDo the following and submit the completed assignment.docx
 
Towards Exemplary Moodle Courses at YSJU
Towards Exemplary Moodle Courses at YSJUTowards Exemplary Moodle Courses at YSJU
Towards Exemplary Moodle Courses at YSJU
 
PLACE YOUR SPORTS BETS
PLACE YOUR SPORTS BETS PLACE YOUR SPORTS BETS
PLACE YOUR SPORTS BETS
 
OUR EARTH.pptx
OUR EARTH.pptxOUR EARTH.pptx
OUR EARTH.pptx
 
Dr. Frances Elliot
Dr. Frances ElliotDr. Frances Elliot
Dr. Frances Elliot
 
Scanned by CamScannerG o o d w M P r e p a id r e n t.docx
Scanned by CamScannerG o o d w M P r e p a id r e n t.docxScanned by CamScannerG o o d w M P r e p a id r e n t.docx
Scanned by CamScannerG o o d w M P r e p a id r e n t.docx
 
Presentation_NVL_Island7juni2022.pptx
Presentation_NVL_Island7juni2022.pptxPresentation_NVL_Island7juni2022.pptx
Presentation_NVL_Island7juni2022.pptx
 
Understanding Online Consumer Behavior in Fashion E-commerce by the applicati...
Understanding Online Consumer Behavior in Fashion E-commerce by the applicati...Understanding Online Consumer Behavior in Fashion E-commerce by the applicati...
Understanding Online Consumer Behavior in Fashion E-commerce by the applicati...
 
Diapositivas seminario biologia molecular .pdf
Diapositivas seminario biologia molecular .pdfDiapositivas seminario biologia molecular .pdf
Diapositivas seminario biologia molecular .pdf
 
1Terrorism is highly d e p e n d e n t o n c a s h f.docx
1Terrorism is highly d e p e n d e n t o n c a s h f.docx1Terrorism is highly d e p e n d e n t o n c a s h f.docx
1Terrorism is highly d e p e n d e n t o n c a s h f.docx
 
Cisa domain 2 part 3 governance and management of it
Cisa domain 2 part 3 governance and management of itCisa domain 2 part 3 governance and management of it
Cisa domain 2 part 3 governance and management of it
 

Ceh v8 labs module 11 session hijacking

  • 1. C EH S e s s i o n H Lab M a n u a l i j a c k i n g M o d u le 11
  • 2. M o d u le 11 - S e s s io n H ija c k in g H ija c k in g S e s s io n s Session hijacking refers to the exploitation o f a valid com puter session, ))herein an a tta c h r takes over a session between two computers. I C O N & K E Y V a lu a b le in f o r m a t io n T e s t y o u r k n o w le d g e H W e b e x e r c is e m W o r k b o o k r e v ie w L a b S c e n a r io S o u rc e : h ttp : / /k r e b s o n s e c u r i t v .c o m / 2 0 1 2 / 1 1 / y a h o o -e m a il-s te a lin g -e x p lo itf e t c h e s - 7 ()(!) A c c o r d i n g t o K r e b s o n S e c u r i t y n e w s a n d i n v e s t i g a t i o n , z e r o - d a v v u l n e r a b i l i t y 111 y a h o o . c o m t h a t le t s a t t a c k e r s h i j a c k Y a h o o ! e m a i l a c c o u n t s a n d r e d i r e c t u s e r s t o m a lic io u s w e b s ite s o tt e r s a fa s c in a tin g g lim p s e in t o th e u n d e r g r o u n d m a r k e t f o r la r g e - s c a l e e x p lo i ts . The e x p lo it, b e in g s o ld fo r S700 by an E g y p tia n hacker on an e x c lu s iv e c y b e r c r i m e f o r u m , t a r g e t s a “ c r o s s - s i t e s c r i p t i n g ” (X S S ) w e a k n e s s i n v a h o o . c o m t h a t le t s a t t a c k e r s s t e a l c o o k i e s f r o m Y a h o o ! w e b m a i l u s e r s . S u c h a f l a w w o u l d le t a tta c k e r s s e n d o r r e a d e m a il f r o m t h e v i c t i m ’s a c c o u n t . 111 a ty p i c a l X S S a t t a c k , a n a t t a c k e r s e n d s a m a l i c i o u s li n k t o a n u n s u s p e c t i n g u s e r ; i f t h e u s e r c lic k s t h e li n k , t h e s c r i p t is e x e c u t e d , a n d c a n a c c e s s c o o k i e s , s e s s i o n t o k e n s , o r o t h e r s e n s i t i v e i n f o r m a t i o n r e t a i n e d b y t h e b r o w s e r a n d u s e d w i t h t h a t s ite . T h e s e s c r ip ts c a n e v e n re w rite th e c o n te n t o f th e H T M L p a g e . K r e b s O n S e c u r ity .c o m a le r te d Y a h o o ! to s a y s i t is r e s p o n d i n g t o th e v u ln e r a b ility , a n d th e c o m p a n y t h e is s u e . R a m s e s M a r t i n e z , d i r e c t o r o f s e c u r i t y a t Y a h o o ! , s a i d t h e c h a l l e n g e n o w is w o r k i n g o u t t h e e x a c t v a h o o . c o m U R L t h a t t r i g g e r s t h e e x p l o i t , w h i c h is d i f f i c u l t t o d i s c e r n f r o m w a t c h i n g t h e v i d e o . T h e s e t y p e s o t v u l n e r a b i l i t i e s a r e a g o o d r e m i n d e r t o b e e s p e c i a ll y c a u t i o u s a b o u t c li c k in g li n k s 1 1 1 e m a i ls f r o m s t r a n g e r s o r 1 11 m e s s a g e s t h a t y o u w e r e n o t e x p e c tin g . B e in g a n d a d m in is tr a to r y o u s h o u ld im p le m e n t s e c u r ity m e a s u r e s a t A p p lic a tio n le v e l and N e tw o rk le v e l to p ro te c t y o u r n e tw o rk fro m s e s s io n h ij a c k in g . N e t w o r k l e v e l h ij a c k s is p r e v e n t e d b y p a c k e t e n c r y p t i o n w h i c h c a n b e o b t a i n e d b y u s i n g p r o t o c o l s s u c h a s I P S E C , S S L , S S H , e tc . I P S E C a ll o w s e n c r y p t i o n o f p a c k e ts o n s h a r e d k e y b e tw e e n th e tw o s y s te m s in v o lv e d 111 c o m m u n ic a tio n . A p p l i c a t i o n - l e v e l s e c u r i t y is o b t a i n e d b y u s i n g s t r o n g s e s s i o n I D . S S L a n d S S H a ls o p ro v id e s s tro n g e n c ry p tio n u sin g SSL c e rtif ic a te s to p re v e n t s e s s io n h ij a c k in g . L a b O b j e c t iv e s T h e o b j e c t i v e o f th i s l a b is t o h e l p s u i d e n t s l e a r n s e s s i o n h i j a c k i n g a n d t a k e n e c e s s a r y a c t i o n s t o d e f e n d a g a i n s t s e s s i o n h ij a c k in g . 1 1 1 th i s l a b , y o u w ill: ■ C E H La b M anual Page 716 I n t e r c e p t a n d m o d i tv w e b t r a f f i c E th ic a l H ack in g and Countem ieasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
  • 3. M o d u le 11 - S e s s io n H ija c k in g ■ S 7Tools dem onstrated in this lab are available in D:CEHToolsCEHv8 Module 11 Session Hijacking S i m u l a t e a T r o j a n , w h i c h m o d i f i e s a w o r k s t a t i o n 's p r o x y s e r v e r s e t t i n g s L a b E n v ir o n m e n t T o c a r r y o u t tin s , v o u n e e d : ■ A c o m p u t e r m i m i n g W indows Server 2012 as host m achine ■ T liis la b w ill m n o n W indows 8 v ir tu a l m a c h i n e ■ W e b b r o w s e r w ith I n te r n e t acc e ss ■ A d m in i s t r a ti v e p riv ile g e s t o c o n f i g u r e s e ttin g s a n d m n to o l s L a b D u r a t io n T im e : 2 0 M i n u te s O v e r v ie w o f S e s s io n H ija c k in g m . TASK 1 O verview S e s s io n h ija c k in g r e f e r s t o th e exploitation o f a v a lid c o m p u t e r s e s s io n w h e r e a n a tt a c k e r takes over a s e s s io n b e t w e e n t w o c o m p u t e r s . T h e a tt a c k e r steals a v a lid s e s s io n I D , w h i c h is u s e d t o g e t i n t o th e s y s te m a n d sniff th e d a ta . 111 TC P session lu ja c k in g , a n a tt a c k e r ta k e s o v e r a T C P s e s s io n b e t w e e n tw o m a c h i n e s . S in c e m o s t authentications o c c u r o n ly a t t h e s t a r t o f a T C P s e s s io n , th is a llo w s t h e a tt a c k e r t o gain access t o a 1 1 1 a c lim e . Lab T asks P ic k a n o r g a n i z a ti o n d i a t y o u fe e l is w o r t h y o f y o u r a tt e n ti o n . T in s c o u l d b e a n e d u c a t io n a l in s ti tu t io n , a c o m m e r c i a l c o m p a n y , o r p e r h a p s a n o n p r o t i t c h a n ty . R e c o m m e n d e d la b s t o a s s is t y o u 111 s e s s io n lu ja c k m g : ‫י‬ S e s s io n lu ja c k in g u s i n g Z A P L a b A n a ly s is A n a ly z e a n d d o c u m e n t d ie r e s u lts r e l a te d t o th e la b e x e rc is e . G iv e y o u r o p i n i o n o n y o u r ta r g e t’s s e c u r ity p o s m r e a n d e x p o s u r e . P L E A S E T A L K T O Y O U R I N S T R U C T O R R E L A T E D C E H La b M anual Page 717 T O T H I S I F Y O U H A V E Q U E S T I O N S L A B . E th ic a l H ack in g and Counterm easures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
  • 4. M o d u le 11 - S e s s io n H ija c k in g Lab S e s s io n P r o x y H ija c k in g U s in g Z e d A t t a c k (Z A P ) The O W A S P Z ed A tta c k P roxy (Z A P ) is an easy-to-use integratedpenetration testing toolfo r fin d in g vulnerabilities in n ‫׳‬eb applications. 1 C < N O K E Y (7 ~ / V a l u a b l e in fo r m a tio n L a b S c e n a r io A tta c k e rs a re c o n tin u o u s ly w a tc h in g f o r w e b s ite s to h a c k a n d d e v e lo p e rs m u s t b e p r e p a r e d to c o u n te r - a t ta c k m a lic io u s h a c k e r s b y w r itin g s tr o n g s e c u r e c o d e s . 5 Test yo ur A c o m m o n f o r m o f a t t a c k is s e s s i o n h i j a c k i n g , i.e ., a c c e s s i n g a w e b s i t e u s i n g k n o w le d g e y s o m e o n e e l s e ’s s e s s i o n I D . A s e s s i o n I D m i g h t c o n t a i n c r e d i t c a r d d e ta i ls , = W e b e x e r c is e m W o r k b o o k r e v ie w p a s s w o r d s , a n d o th e r s e n s itiv e i n f o r m a t io n th a t c a n b e m is u s e d b y a h a c k e r. S e s s io n h ija c k in g a tta c k s a re p e r f o r m e d e ith e r b y s e s s io n I D g u e s s in g 0 1‫ ־‬b y s to le n s e s s io n I D c o o k ie s . S e s s io n I D g u e s s in g in v o lv e s g a th e r in g a s a m p le o f s e s s i o n I D s a n d “ g u e s s i n g ” a v a l i d s e s s i o n I D a s s i g n e d t o s o m e o n e e ls e . I t is a lw a y s r e c o m m e n d e d n o t t o r e p l a c e A S P . N E T s e s s i o n I D s w i t h I D s o f y o u r o w n , a s t h i s w ill p r e v e n t s e s s i o n I D g u e s s in g . S t o l e n s e s s i o n I D c o o k i e s s e s s i o n h ija c k in g a tta c k c a n b e p r e v e n t b y u s in g S S L ; h o w e v e r, u s in g c ro s s -s ite s c r ip tin g a tta c k s a n d o th e r m e t h o d s , a tta c k e r s c a n s te a l th e s e s s io n I D c o o k ie s . I f a n a t t a c k e r g e t s a h o l d o f a v a li d s e s s i o n I D , t h e n A S P . N E T c o n n e c t s t o t h e c o r r e s p o n d in g s e s s io n w ith 110 f u r th e r a u th e n tic a tio n . T h e r e a r e m a n y t o o l s e a s ily a v a il a b le n o w t h a t a t t a c k e r s u s e t o h a c k i n t o w e b s i t e s 0 1 ‫ ־‬u s e r d e ta i ls . O n e o f t h e t o o l s is F i r e s h e e p , w h i c h is a n a d d - 0 1 1 f o r F i r e f o x . W h i l e y o u a r e c o n n e c t e d t o a n u n s e c u r e w i r e l e s s n e t w o r k , ti n s F i r e f o x a d d - 0 1 1 c a n s n i f f t h e n e t w o r k tr a f f i c a n d c a p t u r e a ll y o u r i n f o r m a t i o n a n d p r o v i d e i t to t h e h a c k e r 111 t h e s a m e n e t w o r k . T h e a t t a c k e r c a n n o w u s e tin s in f o r m a tio n a n d lo g in as y o u . A s a n e t h i c a l h a c k e r , p e n e tr a tio n te s te r, 0 1 s e c u r i t y a d m i n is tr a t o r , y o u s h o u ld b e fa m ilia r w ith n e tw o r k a n d w e b a u th e n tic a tio n m e c h a n is m s . I n y o u r ro le o f w e b s e c u r ity a d m in is tr a to r , y o u n e e d to te s t w e b s e r v e r tr a ffic f o r w e a k s e s s i o n ID s , i n s e c u r e h a n d l i n g , i d e n t i t y t h e f t , a n d i n f o r m a t i o n l o s s . A lw a y s e n s u r e t h a t y o u h a v e a n e n c r y p t e d c o n n e c t i o n u s i n g h t t p s w h i c h w ill m a k e t h e s n iffin g o f n e tw o r k p a c k e ts d if f ic u lt f o r a n a tta c k e r. A lte r n a tiv e ly , Y P N C E H La b M anual Page 718 E th ic a l H ack in g and Countem ieasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
  • 5. M o d u le 11 - S e s s io n H ija c k in g c o n n e c tio n s to o c a n b e u s e d to sta y s a fe a n d a d v is e u s e r s to lo g o f f o n c e th e y a r e d o n e w i t h t h e i r w o r k . 111 t i n s la b y o u w ill l e a r n t o u s e Z A P p r o x y t o i n t e r c e p t p r o x i e s , s c a n n i n g , e tc . L a b O b j e c t iv e s T h e o b j e c t i v e o f ti n s l a b is t o h e l p s t u d e n t s l e a r n s e s s i o n l n j a c k n i g a n d h o w t o t a k e n e c e s s a r y a c t i o n s t o d e f e n d a g a i n s t s e s s i o n l n j a c k n ig . 1 1 1 t i n s l a b , y o u w ill: ■ ■ Tools dem onstrated in this lab are available in D:CEHToolsCEHv8 Module 11 Session Hijacking I n t e r c e p t a n d m o d i f y w e b tr a f f i c S i m u l a t e a T r o j a n , w h i c h m o d i f i e s a w o r k s t a t i o n 's p r o x y s e r v e r s e t ti n g s L a b E n v ir o n m e n t T o c a n y o u t th e la b , y o u n e e d : ■ P a r o s P r o x y l o c a t e d a t D :C E H -T o o lsC E H v 8 M o d u l e 1 1 S e s s i o n H i j a c k i n g S e s s i o n H ij a c k i n g T o o l s Z a p r o x y ■ Y o u c a n a ls o d o w n l o a d t h e l a t e s t v e r s i o n o f Z A P f r o m t h e li n k h ttp : / / c o d e .g o o g le .c o m /p /z a p r o x y /d o w n lo a d s /lis t ■ I f y o u d e c id e to d o w n lo a d th e l a t e s t v e r s io n , th e n s c r e e n s h o ts s h o w n 111 t h e la b m i g h t d if f e r ■ A s y s te m w i t h r u n n i n g W i n d o w s S e r v e r 2 0 1 2 H o s t M a c l n n e ‫י‬ R u n tin s t o o l m W i n d o w s 8 Y n t u a l M a c h i n e ‫י‬ A w e b b ro w s e r w ith I n te r n e t access ‫י‬ A d m in i s t r a ti v e p riv ile g e s t o c o n f i g u r e s e ttin g s a n d m n to o l s ‫י‬ E n s u r e t h a t J a v a R u n T im e E n v i r o n m e n t ( J R E ) 7 ( o r a b o v e ) is n is ta lle d . I f n o t , g o t o h t t p : / / i a v a . s u n . c o m / i 2 s e t o d o w n l o a d a n d n is ta ll it. L a b D u r a t io n T n n e : 2 0 M i n u te s O v e r v ie w o f Z e d A t t a c k P r o x y ( Z A P ) Z e d A t t a c k P r o x y ( Z A P ) is d e s i g n e d t o b e u s e d b y p e o p l e w i t h a w id e r a n g e o f s e c u r ity e x p e r i e n c e a n d a s s u c h is id e a l f o r d e v e lo p e r s a n d f u n c t i o n a l te s te r s w h o a re n e w t o p e n e t r a t i o n te s ti n g a s w e ll a s b e n ig a u s e f u l a d d it io n t o a n e x p e n e n c e d p e n t e s t e r ’s t o o l b o x . I t s f e a t u r e s m c l u d e m t e r c e p t n i g p r o x y , a u t o m a t e d s c a n n e r , p a s s iv e s c a n n e r , a n d s p id e r. Lab T asks m . TASK 1 1. L o g 111 t o y o u r W i n d o w s 8 Y ir t u a l M a c h in e . Setting-up ZAP C E H La b M anual Page 719 E th ic a l H ack in g and Counterm easures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
  • 6. M o d u le 11 - S e s s io n H ija c k in g 2. 1 1 1 W i n d o w s 8 Y irU ia l M a c h i n e , f o l l o w t h e w i z a r d - d r i v e n i n s t a l l a t i o n s te p s to in s ta ll Z A P . 3. T o la u n c h Z A P a fte r in s ta lla tio n , m o v e y o u r m o u s e c u r s o r to th e lo w e rl e f t c o r n e r o f y o u r d e s k t o p a n d c li c k S t a r t . £ 7 Y o u c a n a ls o d o w n lo a d Z A P h t t p : / / c o d e . g o o g le . c o m / p / z a p r o s y / d o w n lo a d s / lis t F I G U R E 2 .1 : P a r o s p r o s y m a in w i n d o w !2 2 C li c k Z A P 1 .4 .1 1 1 1 t h e S t a r t m e n u a p p s . A t it s h e a r t Z A P S i n a n in t e r c e p t in g p r o s y . Y o u n e e d t o c o n f ig u r e y o u r b r o w s e r t o c o n n e c t t o d ie A d m in i-P C £ w e b a p p lic a t io n y o u w is h t o te s t th r o u g h Z A P . I f r e q u ir e d y o u c a n a ls o c o n f ig u r e Z A P t o c o n n e c t th r o u g h a n o th e r p r o s y t h is is o f t e n n e c e s s a r y i n a c o r p o r a t e e n v ir o n m e n t . ZAP 1.4.1 m 4S S iftt kyO Mozilla Firefox * ‫י‬ jr © Microsoft Excel 2010 S tlim w ‫־ ־׳ ־‬ Safari ‫| ן‬ Microsoft PowerPoint 2010 Microsoft Publisher 2010 (2 I f y o u k n o w h o w to F I G U R E 2 .2 : P a r o s p r o s y m a in w i n d o w s e t u p p r o s ie s i n y o u r w e b b ro w s e r th e n g o ahead a nd g iv e i t a g o ! 5. s c re e n s h o t. I f y o u a re u n s u r e t h e n h a v e a l o o k a t t h e C o n f ig u r in g p r o s ie s s e c tio n . C E H La b M anual Page 720 T h e m a in in te r f a c e o f Z A P a p p e a r s , as s h o w n 111 th e fo llo w in g 6. I t w ill p r o m p t y o u w i t h S S L R o o t C A c e r t i f i c a t e . C li c k G e n e r a t e to c o n tin u e . E th ic a l H ack in g and Countenneasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
  • 7. M o d u le 11 - S e s s io n H ija c k in g O n c e y o u have c o n f ig u r e d Z A P as y o u r b r o w s e r 's p r o x y t h e n t r y t o c o n n e c t t o d ie w e b a p p lic a t io n y o u w i l l b e t e s t in g . I f y o u c a n n o t c o n n e c t to it th e n c h e c k y o u r p r o s y s e ttin g s a g a in . Y o u w ill n e e d to c h e c k y o u r b r o w s e r 's p r o x y s e tt in g s , a n d a ls o Z A P 's p r o x y s e ttin g s . ‫ט‬ • . . a t t e m p t s t o f i n d p o t e n t ia l ‘ F I G U R E 2.3 : P a ro s p r o x y m a in w in d o w Active scanning r y v l e a i i i s by using unrblte ^ O p t i o n s w i n d o w , s e l e c t D y n a m i c S S L c e r t i f i c a t e s t h e n c lic k r ‫י‬ G e n e r a t e t o g e n e r a t e a c e r t i f i c a t e . T h e n c li c k S a v e . k n o w n a tta c k s a g a in s t t h e s e le c te d ta r g e ts . ‫־‬D I Options A c t i v e s c a n n in g is a n a tt a c k ' Options Active Scan Arti c s r f T0K3ns o n th o s e ta r g e ts . Y o u s h o u ld N O T u s e i t o n w e b cem n c aie s Root CA certificate API Applicators Authertc330n a p p lic a t io n s t h a t y o u d o n o t ow n. Ernie Force certncate Check Fee l!p<iates I t s h o u ld b e n o t e d t h a t Connection a c tiv e s c a n n in g c a n o n ly Dat3D3se D i P p< i5ay a_____ f i n d c e r t a in ty p e s o f v u ln e r a b ilit ie s . L o g ic a l Er code t)e ccde Extensions Fuzier Language Local prar Passive Scar Pon Scan Session Tokors v u ln e r a b ilit ie s , s u c h as b r o k e n a c c e s s c o n t r o l, w i l l ‫ך‬ n o t b e f o u n d b y a n y a c tiv e o r a u t o m a te d v u ln e r a b ilit y s c a n n in g . M a n u a l Sp er id p e n e t r a t io n t e s t in g s h o u ld a lw a y s b e p e r f o r m e d i n a d d it io n t o a c tiv e s c a n n in g t o f i n d a ll ty p e s o f v u ln e r a b ilit ie s . (_ 1 2!L F I G U R E 2 .4 : P a r o s p r o x y m a in w i n d o w 8. S a v e th e c e rtif ic a te 111 th e d e f a u lt lo c a tio n o f Z A P . I f th e c e rtif ic a te a l r e a d y e x is ts , r e p l a c e i t w i t h t h e n e w o n e . C E H La b M anual Page 721 E th ic a l H ack in g and Counterm easures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
  • 8. M o d u le 11 - S e s s io n H ija c k in g ‫וי ד‬ O p tio n s rOptions u a A c enmr.aies Active 3can *‫«־‬CSRF TOK&aS 1 API Actficaions RoolCAcaitncate ■p■ Generate j Anvag,__ ^t can r 11 a le r t is a p o t e n t ia l MI 103:CCAsaaAwIBAal:JMz •♦ur JK02 .hv cly H 9 0 NTp CBHh ;«U Jv H j-Jn v C I|r lc XV 0 FlZ 3 d a V c H » V 9 d B O Z H < C u t» M0 X t'K < (w T *a:!‘ D 3 :0 O T 7 M a C ^ C 3 N l . ‫ן‬ v u ln e r a b ilit y a n d is tit II a 1, a inn! t 1 > a s s o c ia te d w i t h a s p e c if ic Look m: I B A d r tn iP C r e q u e s t. A r e q u e s t c a n h a v e m o r e t h a n o n e a le r t. IB Contacts □ e s to p I B Music IB Downloads IB Videos IB Favorites jy u ic s I B OV/ASP ZAP IB Saved Games MPictures 1 ^ Documents Pie Name‫־‬ Flos DfTypo |Q | owasp_zap_root_ca.cer 1 IB S e a r s e s |owasp_zap_roct_ca cer | A IFios_______________ . "‫1־‬ew ‫ן‬ . 3dre F I G U R E 2 .5 : P a r o s p r o x y m a in w i n d o w 9. C li c k O K i n t h e O p t i o n s w i n d o w . Q ‫ ־‬J A n t i C S R F t o k e n s a re (p s e u d o ) ra n d o m p a ra m e te rs u s e d t o p r o te c t a g a in s t C r o s s S ite R e q u e s t F o r g e r y ( C S R F ) a tta c k s . H o w e v e r t h e y a ls o m a k e a p e n e t r a t io n te s te r s jo b h a r d e r , e s p e c ia lly i f t h e t o k e n s a re r e g e n e r a te d e v e r y t im e a f o r m is re q u e s te d . 1 0 . Y o u r P a r o s p r o x y s e r v e r is n o w r e a d y t o i n t e r c e p t r e q u e s t s . C E H La b M anual Page 722 E th ic a l H ack in g and Countenneasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Strictly Prohibited.
  • 9. M o d u le 11 - S e s s io n H ija c k in g Untitled Session ‫ ־‬OWASP 7A P £ile Cdit View Maiy5e Report Toaa Help ‫ נ‬U ] id ,‫ ־‬sji D 0 V © «‫» ־‬ s « Q_ »§_ ► 0 | KsquMI | Nespcrs*v= JBrea* . j H 3« •t ▼ B d : I•t _▼ l ‫־‬l i ©c r x J o y x ) T ActvoScan $ f SpidorS^; Brute Force ^ ) Port Scan : } Fuzzsri,^ ] PararrtSLj [ A9t J:3 B a P in v-i re k o ts 3utput Filter.CFF Aieits ^ 0 k-0 . 0 ao m current scans ft 0_ 0 0 Z A P d e te c ts a n t i C S R F t o k e n s p u r e ly b y F I G U R E 2 .7 : P a r o s p r o x y m a in w i n d o w a t t r i b u t e n a m e s - t h e l is t o f a t t r i b u t e n a m e s c o n s id e r e d 1 1 . L a u n c h a n y w e b b r o w s e r , 1 11 t h i s k b w e a r e u s i n g t h e C h r o m e b r o w s e r . t o b e a n t i C S R F t o k e n s is c o n f ig u r e d u s in g t h e O p t io n s A n t i C S R F s c re e n . W h e n Z A P d e t e c ts th e s e 12. Y o u r V M w o rk s ta tio n s h o u ld h a v e C h ro m e v e r s io n 2 2 .0 o r la t e r in s ta l le d . t o k e n s i t r e c o r d s d ie t o k e n v a lu e a n d w h i c h U R L g e n e r a te d t h e t o k e n . 1 3 . C h a n g e t h e P r o x y S e r v e r s e t t i n g s 1 1 1 C h r o m e , b y c li c k in g t h e C u s t o m i z e a n d c o n t r o l G o o g l e C h r o m e b u t t o n , a n d t h e n c lic k S e ttin g s . Tab M C ‫י‬ Foi q k c c ; p ycur bsotrnarfa hr* an Sie t n t r o t i bs‫׳‬ uick lace N tab ew N vw d w ew o o N in n w o r*■ ccg iro ind w Bocfcm iria EM C C ut op, P»ae - ‫- .להגו‬ Q S«vt p « »9 Fd in ... Td os r«T | S nint« C n**.. ig hio 0‫ •>0זי‬W«b S:c‫#׳‬ ‫יי‬ F I G U R E 2.8 : I E I n t e r n e t O p t io n s w in d o w 1 4 . O n t h e G o o g l e C h r o m e S e t t i n g s p a g e , c li c k t h e S h o w a d v a n c e d s e t t i n g s . . . l i n k b o t t o m o f t h e p a g e , a n d t h e n c lic k t h e C h a n g e p r o x y L U s i Z A P p r o v id e s a n s e t t i n g s ... b u tto n . A p p l i c a t i o n P r o g r a m m in g In te rfa c e ( A P I) w h ic h a llo w s y o u t o in t e r a c t w i t h Z A P p r o g r a m m a t ic a lly . T h e A P I is a v a ila b le i n JS O N , H T M L and X M L fo r m a ts . T h e A P I d o c u m e n t a t io n is a v a ila b le v ia t h e U R L h t t p : / / z a p / w h e n y o u a re p r o x y in g v ia ZAP. C E H La b M anual Page 723 E th ic a l H ack in g and Countenneasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
  • 10. M o d u le 11 - S e s s io n H ija c k in g »‫ ■ ־ ־‬C » * Chrome Li r^rorr*//chrom e/settings/ Settings Ocoy't ihc'H o 1&ngj cuf tcnpvtar't 1, 111‫ !״‬prw 1« !‫״‬ji tocenntct(0tht nctw i y M o I Ch»»91 p>**y 1«1‫» י‬ | LtnguigK C t * • CN0(*«►Tjk; Md to t*> ‫־‬Unguises *v*«0 x • Mx • p 5 l»9< ‫׳‬u»9««td ifx - t1 <<*dings... a< « k ( « Cfltris t»*n a»cr»IKx irm'l in1 L n u g I re d / *i*te agae a D lc*dk-n& C 1 e1’.A rT 1 Eo n fe svm ott '.C r d w w lc«< [I *•4 n t10 »^ C ang h e.. «K fifcMc‫׳‬i d l< ) » c*‫ ״‬w1"9 < HTTPVSSL M«^e(0t1Aul6_ Chedtforseva certrfieaterrw cjb n o o Google Ooud Pnnt G og C u Mrs las you seeettth« e » p jte 5p te fromanyv.h C toe a o le lo d e n « r rin rs ere lick n b B30tg‫־‬ w,‫־‬d apes • Co‫ ׳ ׳‬v* v « 9 t v91- -‫׳‬Jt i .* ‫־‬ i >‫־‬ * ‫ ״‬j‫ ־‬f - f«n0ocgl«Ch1cn c Hide *‫,?*ז$ » י * ג‬ . ‫׳*ז* נ > ׳‬ F I G U R E 2 .9 : P a r o s p r o x y m a in w i n d o w 1 5 . 111 I n t e r n e t P r o p e r t i e s w i z a r d , c lic k C o n n e c t i o n s a n d c li c k L A N S e ttin g s . Internet Properties General Security Privacy Content |"Connections [ Prpgram *dvanced e Toset up an Interne: connection, dek Setup. Setup Dial-up and Virtual Private Network settings Settirg c % Never da a ccmeoon C) O a whenever a networkc n ection i notpresent ii on s 4‫־‬Always dal my defait c n ection ' cn Cure‫*־‬ None Set d f u t eal Local Area Network (LAN) settings LAS Settrtgsdo not apoly to dialup connections. Choose Settngs aoove for dal ■psettngs. u | LAN settings | F I G U R E 2 .1 0 : I E I n t e r n e t O p t io n s w in d o w w i t h C o n n e c tio n s ta b 1 6 . C h e c k U s e a p r o x y s e r v e r f o r y o u r L A N , ty p e 1 2 7 . 0 . 0 1 1 1 1 t h e A d d r e s s , e n t e r 8 0 8 0 1 1 1 t h e P o r t ti e ld , a n d c li c k O K . Q =a! C li c k O K s e v e r a l t im e s u n t i l a ll c o n f ig u r a t io n d ia l o g b o x e s a re c lo s e d . C E H La b M anual Page 724 E th ic a l H ack in g and Countem ieasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Strictly Prohibited.
  • 11. £ Q I t s h o u ld b e n o t e d t h a t d ie r e is m i n im a l s e c u r it y b u i l t i n t o t h e A P I , w h i c h is w h y i t is d is a b le d M o d u le 11 - S e s s io n H ija c k in g b y d e f a u lt . I f e n a b le d t h e n t h e A P I is a v a ila b le t o a ll m a c h in e s t h a t a re a b le t o u s e Z A P as a p r o x y . B y Local Area Network (LAN) Settings d e f a u lt Z A P lis t e n s o n l y o n 'lo c a lh o s t ' a n d s o c a n o n ly Automatic configuration b e u s e d fr o m th e h o s t Automatic configuration may override manual settings. To ensure the use of manual settings, disable automatic configuration. m a c h in e . T h e A P I p r o v id e s a c ce ss t o @ Automaticaly detect settings t h e c o r e Z A P fe a tu r e s s u c h □ Use automatic configuration script as d ie a c tiv e s c a n n e r a n d Ades drs s p id e r . F u t u r e v e r s io n s o f Z A P w i l l in c re a s e t h e Proxy server f u n c t i o n a l i t y a v a ila b le v ia raLlse a proxy server for your LAN (These settings w not apply to ill LJdial-up or VPN connections). th e A P i. Address: 127.0.0.1 Port: | 8080| | Advanced Bypass proxy server for local addresses Cancel F I G U R E 2 1 1 : I E I n t e r n e t O p t io n s W i n d o w w i d i P r o x y S e ttin g s W i n d o w 1 7 . C li c k S e t b r e a k o n a l l r e q u e s t s a n d S e t b r e a k o n a l l r e s p o n s e s t o o TASK 2 H ij a c k i n g V i c t i m ’s S e s s io n t r a p a ll t h e r e q u e s t s a n d r e s p o n s e s f r o m t h e b r o w s e r . 5------------- Untitled S m sioo - OWASP 7AP £ 11• EJlt V l r AJUlyb• R»po!l T0 Jt* H*p 'f* pybiifci g o / ► e ~ J Sites(*‫ ׳‬j ________________ Request-^ ] Response*- [ Break X ] m Z A P a llo w s y o u t o t r y _ Sites [Header Icxi * jtoay: Text ▼ j PI t o b r u t e f o r c e d ir e c t o r ie s a n d file s . A s e t o f f ile s a re p r o v id e d w h i c h c o n t a in a la rg e n u m b e r o f f ile a n d d ir e c t o r y n a m e s . A tive Scan A c Spdet | Brute Force v~ ‫^ז‬ ‫ד‬ j F rre W u r . Param sLJ Current Scans £ 0 • * 0 0 ‫״‬ m A b r e a k p o i n t a llo w s F I G U R E 2 .1 2 : P a r o s p r o x y m a in w i n d o w y o u t o in t e r c e p t a r e q u e s t f r o m y o u ! b ro w s e r a n d to c h a n g e i t b e f o r e is is 18. N o w n a v ig a te to a c h r o m e b r o w s e r , a n d o p e n w w w .b in g .c o m . s u b m it t e d t o d ie w e b a p p lic a t io n y o u a re te s t in g . 19. S ta r t a s e a r c h f o r “ C a r s .” Y o u c a n a ls o c h a n g e t h e re s p o n s e s r e c e iv e d f r o m 2 0 . O p e n Z A P , w h i c h s h o w s f i r s t t r a p p e d i n c o m i n g w e b tr a f f i c . t h e a p p lic a t io n T h e r e q u e s t o r re s p o n s e w i l l b e 2 1 . O b s e r v e th e firs t fe w lin e s o f th e t r a p p e d tr a ffic 111 th e t r a p w in d o w s , d is p la y e d i n t h e B r e a k ta b w h i c h a llo w s y o u t o c h a n g e d is a b le d o r h id d e n f ie ld s , a n d k e e p c li c k in g S u b m i t a n d s t e p t o n e x t r e q u e s t o r r e s p o n s e u n t i l y o u s e e c a r s 111 t h e G E T r e q u e s t 111 t h e B r e a k ta b , a s s h o w n 111 t h e a n d w i l l a llo w y o u t o b y p a s s c lie n t s id e v a lid a t io n fo llo w in g s c r e e n s h o t. ( o f t e n e n f o r c e d u s in g ja v a s c r ip t) . I t is a n e s s e n tia l p e n e t r a t io n t e s t in g t e c h n iq u e . C E H La b M anual Page 725 E th ic a l H ack in g and Counterm easures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
  • 12. M o d u le 11 - S e s s io n H ija c k in g U tiM Sessio ‫ ־‬O ASP 7 P n rd n W A £de Euit VtaA Anaiyfc* Ropoil Tools H«p to k i ‫ ו־ו‬u i v ‫ כי‬Q | Sites* ‫ן‬ m F ilt e r s a d d e x tr a CP 4-‫© >| >£ ׳‬ Request-v | Response‫ ־*־‬Break >41 F Giles ® (3 ‫ א‬r«1 *w a n g con p/‫־‬ fe a t u r e s t h a t c a n b e a p p lie d Metr.03 Heoaer: re*1 * j uoav:‫ו‬e t x ▼J hctp://wvw.blng.com/*»arch?q=5»Kgos&qa-nfcrcim =0BlJUfllt-alltpg^c4^).*e^0-0 43p‫:- ־‬sak- HTTP/1.1 Hose: wvw.Mng.cox Proxy-Connection: keep-alive U3er A;er.‫ : ־‬Mozilla/S.G !Windows NT 6.2; KOW AcpleWecKit/S37.4 (KHTHL, 64) . .lire secJc:. cnrone/22.0.1229.94 saran/537.4 Accept: te x t /h e r! , appl i cation/xhtml■*•xml f appl ic a tio n / xml; q-0.9, * / * ; q- 0 . 8 Rererer: http://vw v.b1ng. con/ Accept-Encoding: 3tier. Irrrr.T-:j-.rsr.;/cv - rn -"^ rn-n-H P ,______ ___________________________________ I t o e v e ry re q u e s t a n d re s p o n s e . B y d e f a u lt n o f ilt e r s a re in i t i a l l y e n a b le d . E n a b lin g a ll o f t h e f ilt e r s m a y s lo w d o w n d ie p r o x y . F u t u r e v e r s io n s o f d ie Z A P U s e r G u id e w il l d o c u m e n t Sidw p ffi t h e d e f a u lt f ilt e r s i n d e ta il. Al&its f t Searcn * » »c 1 ‫׳ 1 0 י‬ 1m 1 Current Scans £ 0 # 1 »-0 0 F I G U R E 2 .6 : P a ro s P r o x y w i t h T r a p o p t io n c o n te n t 2 2 . N o w c h a n g e th e q u e ry te x t f r o m C a r s to C a k e s in th e G E T re q u e s t. llntiWea Session -OWASP 7AP £4e Ealt V Analyk• Ropoit Toole H«p I«* J S sI* |_ ite , f t R Sites .‫ :־‬mtp/'A^.otngcom Q Request-v | Response^ [ Break M etioO I * j [Header. Ted )■] |Body Tot G ET hctp:// w » . ting.com/ search ?q=fcake3^go=tq3=n* rorm=QBI.Htf 1lc-al l*pq^Calcesfrsc-0 -:43p—l&ak- HTTP/1.1 L y = i F u z z in g is c o n f ig u r e d Hose: vw.Di n g , cox Proxy-Coonection: lreep-alive Uaer-Asenz: Mozilla/S.O !Windows NT 6.2; KCW 64) AcpleWeCK1537.4/ ‫( ־‬KHTML, l i t ‫ ־‬Geclccj CHzone/22.0.1229.94 SaEan/537.4 Acccpt: te x t/h tm l, app li cation/xhtm l‫ ־‬xml, appl ica tion /xm l; q-0.9, * / * ; q— 6 !‫־‬ C. Rererer: £ tt p : // v ‫־.־‬ ‫״‬v.bxr.g.con/ u s in g t h e O p t io n s F u z z in g s c re e n . A d d i t i o n a l f u z z i n g f ile s c a n b e a d d e d v ia t h is s c re e n o r c a n b e p u t . Accept-Encoding: sdcfc I r r . - r . T ‫ ־‬rn-T.^ r n ‫־‬n-a P . m a n u a lly i n t o t h e " f ii z z e r s " . 1 d ir e c t o r y w h e r e Z A P w a s in s t a lle d - t h e y w i l l t h e n *JfcltS f t Searcn -v b e c o m e a v a ila b le a f t e r r e s t a r t in g Z A P . 504 catowav n m o . 504 Gateway Time. . . 388mc 389ms, A «1te ‫0 י 0 מ‬ 1 ‫1 1׳ ז‬ ■ 2 3 . C li c k S u b m i t a n d s t e p t o n e x t r e q u e s t o r r e s p o n s e . 2 4 . S e a r c h f o r a ti tl e i n t h e R e s p o n s e p a n e a n d r e p l a c e C a k e s w i t h C a r s a s s h o w n 111 fo llo w in g fig u re . L y j ! T h e re q u e s t o r r e s p o n s e w i l l b e d is p la y e d i n t h e B r e a k t a b w h ic h a llo w s y o u t o c h a n g e d is a b le d o r h id d e n f ie ld s , a n d w i l l a llo w y o u t o b y p a s s c lie n t s id e v a lid a t io n ( o f t e n e n f o r c e d u s in g ja v a s c r ip t) . I t is a n e s s e n tia l p e n e t r a t io n t e s t in g t e c h n iq u e . C E H La b M anual Page 726 E th ic a l H ack in g and Counterm easures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
  • 13. M o d u le 11 - S e s s io n H ija c k in g UntitledSessio ‫ ־‬O ASP 7 P n W A £ile Edit Vie* Analyte Report Tools H*p I. ‫ ־‬u b .‫־‬I la ‫0 פ‬ Request■* |Response^- [ Break I 3«m1» I ‫ ׳‬ft FG s ®ile (3‫ א‬rwp/‫־‬ *w»ngcom ltea:c‫ ־‬l i • e• U3c- l i *j e! 1 1[ I HTTP/1.1 200 O K C*ch*‫ ־‬Concrol: p riva te , nax-age-0 Ctntent ‫־‬Type: texc/h snl; ch arae t-utf8‫־‬ Expirea: Mon, IS Oct 2012 12:30:19 G T M P2P: CF--NOS UST C M W 3TA LOC CURa DFVa PSAa P3Da O R IND" O AV U s 3_ce a,‫׳‬ rccuse down‫,״‬run0 t1 0 n(n! {s __ t 1st>1e.;event .srcElexer.t :a .ta rge t) >,0! . )<)‫״‬ * //) jx/ s c r 1 p t x c 1 cle|cakea| - B 1 ng</t1 t l e X l m k r.ref="/s/vlflag. icc• ze~"lc2 n”/xlir.t r rer— . ■ /3earth?(j-C ake34a1nc;Q -fiturp;q3‫*־‬n r»p forrc-O C Sa ; BL!lSan,p; file— ollSanr^EQ-Cakesfian p;3c=0-043Ex?3p=-l«axp;31c=iaap;format=r33" rel="alternace" t1rle="XML• rype= PortScan ‫־‬ j Furzer Breakpoints & [ B u eFo c rt re Search 1 GET 3 GET rlp f l N C n corV rtS f M . i g ncpv^w.cir^ co‫״‬ v A eIs PO . 0 l t 1 504 Gateway Tine . 504 Gateway‫׳‬ Tim©. . . 389ms ■ 389ms C r e tScans £ 0 ^ 0 ^ 0 urn ‫י‬ .0 ‫ת‬a , J S«‫| »( ״‬ R«qb»»tw~] R>spons*~ [ ▼ l£ I■ i e S:* Qj f HMpftktwwb n con! t ig 0*0 IJntiflf'd Session OWASP 7AP £0Edit View Analyse Report Tools Help 1 1 L Ul : ! Params Oufcut j ______ Alerts f t _____ X 1 |Hm»l.T«11 » B0O).T«l » | □ IJ | HTTP/1.1 20a O K Cache-Consrel: p riva te , nax-acre-0 ccntent-Type: text/r.tm i; cnars«t*ut1-8 Expires: Mon, 15 Get 2012 12:30:19 G T M P2P: C?-‫״‬SO TOI C0K HAV STA LO CURa DEVa PSAa PSDa O R HID" S C U ‫. -־‬ -. ■■ W.i. I L ■i i.mwfc.' ii .!arm * ; ,uaLun1.il‫ ■ ׳‬iuin ‫. .׳‬iuulliuu ‫׳‬ ■ . iw .■ ‫׳‬ 3j_bc _d, "wzusedown", fu n ctio n (nI <3i_ct (3b_ie?event•srcEleraent:n.target) >,0) ) ) (); / / J j x 3‫ ׳‬c r : . p r x 1 - ‫- ־‬e' jcars| - Sir.g</t1tlex11nic hrer="/ 3/v llla g .1co" re I s ‫ ־‬ic o n V x lin k h re f•/3sarch?3=Cake3£arx;gc=£a1np;q3=n£anp‫׳‬forrt=Q3LH£artp; f11c=all£anp;cq=Cake3£ar: • p;sc=o-04ar2:;sp=-liaxp;3Jc=iaa3?;rormat=r3s" rel="altemate" t1tle="XML• :ype= ActvsScan A Historj“ [ Spide ^ | r B u eForced rt [ PortScan: ] FuzzerW ‫ ן‬ParamsO Otu -c: |_______ Search _______ J __________ Breakpoints ^ __________1 ______ Alerts f t _____ h »*n 1 tin c rn ltp‫ ׳‬n g o f ' n / V V rqco tp ‫׳‬A k ,.c ‫״‬v A eis P0 . 0 l t 504 GatewayTime 504 catowa‫׳‬ Tine. . . 389ms 389ms 0*0 CurientScans £ 0 ^ 0 1*‫ו‬ F I G U R E 2 .7 : P a r o s P r o x y s e a r c h s t r in g c o n t e n t 2 5 . 111 t h e s a m e R e s p o n s e p a n e , r e p l a c e C a k e s w i t h C a r s a s s h o w n i n t h e fo llo w in g fig u re a t th e v a lu e s h o w n . ■ Untitled Session * OWASP ZAP T l i i s f u n c t io n a lit y is b a se d o n c o d e f r o m th e O W A S P J B r o F u z z p r o je c t a n d in c lu d e s f ile s f r o m t h e f u z z d b p r o je c t . N o t e t h a t s o m e f u z z d b f ile s h a v e b e e n l e f t o u t as t h e y c a u s e c o m m o n a n t i v ir u s s c a n n e r s t o f la g t h e m as c o n t a in i n g v ir u s e s . Y o u c a n r e p la c e t h e m (a n d u p g r a d e f u z z d b ) b y d o w n lo a d in g - I - U 2 J File Eon View Analyse Repoit Tools H«p la» id l‫־‬l & G O J Sites1 | * 'ft PSlles 4 H ■ ! ^ 0 Retjues♦“ * ] Response^ ! Break Heaser T r ‫״‬ en Bog :T x * y ci 0 r1napjfw M oing.com 'M . HIT*/1.1 i0 ‫׳‬u or. Cacr.e-Conrrcl: p r m : e , nax-age=o Ccntent-Type: texc/htm l; charset— tf-8 u Expirea: Mon, IS Cct 2012 12:30:19 G T M P3P: CF-'KON‫ ־‬tJKI C K HRV STi. LOC C Ra DFVa PSAa PSDa C IND" O U tJR ‫ ־ ■ ! ! ״‬s‫!_^׳‬j _5iA sua:.‫ .__׳‬ijuj. ‫׳‬ ‫ב‬a=‫3״‬v_cta■>3eca> ‫׳‬ . ‫ ׳‬dxvxdzv clas3 n w ci"> d v clas3=',3v_bn 1a=‫ ״‬swjD‫><״‬npuw.1 = 3 _b < ^ _ m *class—3 w q o ia="9b Com q* n " fe x" arae= n t.ltle="En1;er your search cera• :vp "q te x t* va l * ‫^ ־‬afceaf* or.focuoa=— ■‫ . ז פ912 =0ב‬ge-Elenentsyia ‫3 ' ן‬w b ‫ . ן י‬style .to rd e rco lo r = ' #3366‫= ״ ;יםש‬cn riu r ‫ד‬ docunent.qetElenentByld I ’ 3w_bt I .s ty le •borderColor - '4999'; " / X d iir • ‫ס‬la - 3— ‫3 ״‬v_dvar‫ ״‬x / d 1 v x input id - "sb_£orrt_go" cla33="3w_qbtn" t i t l e - *Search" t h e la t e s t v e r s io n o f f u z z d b a n d e x p a n d in g i t i n t h e Brjte Force j*• PortScan‫־‬ _____| Furrer | Paramsn | Output A itsft lfe Search ,f u z z e r s ' lib r a r y . 504 GatewayTine. 504 Gat»w3y lino. " ■ 389m$ 389msr Curient Scans v 0 4 t 0 1 />0 C E H La b M anual Page 727 0%>0 E th ic a l H ack in g and Counterm easures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
  • 14. M o d u le 11 - S e s s io n H ija c k in g U tiM Sessio ‫ ־‬O ASP 7 P n rd n W A [ £«e Ejii view Analyte Ropoil Tos ol H#p ► rl w 0 ‫ס‬ ti J S«Ufr 1_ Request■** | Response^ leaser leu ‫״‬ Break v ‫׳‬ Uo«y: T«a1 i HTTP/1.1 200 OK T lu s t o o l k e e p s t r a c k o f t h e e x is t in g H t t p C*ch*‫ ־‬C o n c ro l: p r iv a c a , r*ax-aga-0 C cnccn ‫״ ־‬Type: c e x c /h s n l; c h a r a e t - u t f 8‫־‬ S e s s io n s o n a p a r t i c u la r S ite Expirea: Xor., IS Oct 2012 12:30:19 GMT P2P: CF--NOS UST COM WAV STR LOC CURa DEVa PSAa P3Da OUR IND" a n d a llo w s t h e Z a p r o x y .5 w c t a*>B*c»</davx<11v Clas3 "= 3=‫3'׳‬w bd"><cl1v :ias3=‫ ״‬sw 6 " :2=‫ 3 ׳‬u f x 1 .:pu ‫־‬ . -la33-"3v_qfcox"id-"3b_Eonn_q" name-"q" title— "Enter your search tern1 type: u s e r t o f o r c e a ll re q u e s ts t o = text■ value=' 3 b e o n a p a r t ic u la r s e s s io n . B a s ic a lly , i t a llo w s t h e u s e r t o e a s ily s w it c h b e t w e e n Sp d-f £ t o c r e a te a n e w S e s s io n [ T u s e r s e s s io n s o n a S ite a n d w it h o u t " d e s tro y in g " th e 3nf ocua, tocunent.ge!‫ —־‬Elenenc3yId|,aw b 1).9tyle.borderColor='#3366fcb,;w onblur ' docunent.getElenentByld I*sw_b' J .style•borderColor' - ‫/";י 999#י‬X d i ▼ class— ‫3י‬v_dv:1r "></cL.v><input rd="sb_forrt_go" class="sw_qbtn" t!tle="Search" 1 3 GET GET Port Scan ' ] Furzer Break Points & B1 Force ‫*־׳‬e Search rlp f l N C n corV rtS f M . i g 9‫ י י - * * * ס ז‬co‫״‬v **‫׳£׳יי‬ jjf 504 Gateway Time . 504 Gateway Time. Params G j j________ Alerts Oufcut ______ 389ms 389ms e x is t in g o n e s . Current Scans £ 0 # 0 F IG U R E Z8: P a ro s w i t h ^ 0 _ 0 y o m o d if ie d tra p o p t io n c o n te n t N o te : H e r e w e a re c h a n g in g th e te x t C a k e s to C a rs ; th e b in g s e a r c h s h o w s C a rs , w h e r e a s th e re s u lts d is p la y e d a re f o r C a k e s. 2 6 . O b s e r v e t h e B in g s e a r c h w e b p a g e d i s p l a y e d 1 1 1 t h e b r o w s e r w i t h search q u e ry as “ C a k e s .” ‫ב ד‬ X WEB L y d J I t is b a s e d o n d ie H 2) www.bing.corn/search?q=cars&go=&qs‫־־‬n&form =Q BLH&filt=all&pq=cars&sc=0 IMAGES VDEOS HEWS MORE t> 1n q Beta c o n c e p t o f S e s s io n T o k e n s , w h i c h a re H T T P m e s s a g e 357.00 0 0 ‫ נ‬RESULTS p a r a m e t e r s ( f o r n o w o n ly l-naaes cflcakesl C o o k ie s ) w h ic h a llo w a n tnrq com/maces H T T P s e rv e r to c o n n e c t a re q u e s t m essage w ith a ny p r e v io u s re q u e s ts o r d a ta s t o r e d . I n t h e ca se o f Z a p r o x y , c o n c e p t u a lly , s e s s io n t o k e n s h a v e b e e n C a ke c la s s if ie d i n t o 2 c a te g o r ie s : W ikipo d ia th o fro o encyclopedia en w k p*da o‫־‬g Wkt/Cake Varieties Special-purpose cakes Shapes Cake flout Cake decorating Cake ts a forrr cf bread ot bread-like food In its modern forms, it is typically a sweet ba«od dessert In As oldest forms, cakoc •voro normally fnod broadc or d e f a u lt s e s s io n t o k e n s a n d s ite s e s s io n t o k e n s . T h e d e f a u lt s e s s io n t o k e n s a re F I G U R E 2 .6 : S e a rc h r e s u lt s w i n d o w a f t e r m o d if y in g t h e c o n t e n t th e o n e s th a t th e u s e r ca n s e t i n d ie O p t io n s S c re e n a n d a re t o k e n s t h a t a re , b y d e f a u lt , a u t o m a t ic a lly c o n s id e r e d s e s s io n t o k e n s 2 7 . T h a t 's it. Y o u j u s t f o r c e d a il u n s u s p e c t i n g w e b b r o w s e r t o g o t o a n y p a g e o f }7o u r c h o o s i n g . f o r a n y s ite (e g . p h p s e s s id , js e s s io n id , e tc ) . T h e s ite L a b A n a ly s is s e s s io n t o k e n s a re a s e t o f t o k e n s f o r a p a r t i c u la r s ite a n d a re u s u a lly s e t u p u s in g t h e p o p u p m e n u s a v a ila b le A n a ly z e a n d d o c u m e n t d i e r e s u lts r e l a te d t o d ie la b e x e rc is e . G iv e y o u r o p i n i o n o n y o u r ta r g e t’s s e c u n t y p o s t u r e a n d e x p o s u r e . in th e P a ra m s T a b . T o o l/U tility I n f o r m a tio n C o lle c te d /O b je c tiv e s A c h ie v e d ■ S S L c e rtif ic a te to h a c k in to a w e b s ite ■ R e d i r e c t i n g t h e r e q u e s t m a d e i n B in g Z e d A tta c k P ro x y C E H La b M anual Page 728 E th ic a l H ack in g and Counterm easures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
  • 15. P L E A S E TALK T O Y O U R I N S T R U C T O R IF YOU H A V E Q U E S T I O N S R E L A T E D T O T H I S LAB. Q u e s t io n s 1. E v a lu a t e e a c h o f t h e f o llo w in g P a r o s p r o x y o p ti o n s : a. T ra p R eq u est b. T ra p R esp o n se c. C o n tin u e B u tto n d. D r o p B u tto n I n te r n e t C o n n e c tio n R e q u ire d 0 Y es □ No P la tfo rm S u p p o rte d 0 C E H La b M anual Page 729 C la s s ro o m □ !L ab s E th ic a l H ack in g and Countem ieasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.