web hacking series part 2
TRANSCRIPT
![Page 1: Web Hacking series part 2](https://reader036.vdocuments.us/reader036/viewer/2022082619/587cb2b51a28ab38028b502f/html5/thumbnails/1.jpg)
~ Aditya Kamat
BMS College of Engineering
WEB HACKING SERIES PART-2
![Page 2: Web Hacking series part 2](https://reader036.vdocuments.us/reader036/viewer/2022082619/587cb2b51a28ab38028b502f/html5/thumbnails/2.jpg)
TOPICS LEARNT TILL NOW :--
• Basics of web and a little about networks.
• HTML injection.
• SQL injection to bypass authentication.
• Buffer overflow attack.
![Page 3: Web Hacking series part 2](https://reader036.vdocuments.us/reader036/viewer/2022082619/587cb2b51a28ab38028b502f/html5/thumbnails/3.jpg)
TO BE COVERED TODAY :
• Bypass Authentication Via Authentication Token Manipulation.
• Session hijacking.
• Brute forcing login pages using burp.
• HTTP parameter pollution.
![Page 4: Web Hacking series part 2](https://reader036.vdocuments.us/reader036/viewer/2022082619/587cb2b51a28ab38028b502f/html5/thumbnails/4.jpg)
BYPASS AUTHENTICATION VIA AUTHENTICATION TOKEN MANIPULATION
• Basic idea is to login as another user (preferably as admin) by changing a few values in the cookies stored for the particular site.
• Use Cookiemanager+ plugin to manipulate cookies.
• Usually admin will be in the first row of the users table.
![Page 5: Web Hacking series part 2](https://reader036.vdocuments.us/reader036/viewer/2022082619/587cb2b51a28ab38028b502f/html5/thumbnails/5.jpg)
SOLUTION:• Use Session variables to authenticate users instead of
cookies.
• Use a hashing methods to hash the id’s used to authenticate instead of keeping them in plaintext.
• Keep large numbers as id’s to prevent such attacks.
• Choose a random large number instead of incrementing id by one every time.
![Page 6: Web Hacking series part 2](https://reader036.vdocuments.us/reader036/viewer/2022082619/587cb2b51a28ab38028b502f/html5/thumbnails/6.jpg)
SESSION HIJACKING• This occurs when the client’s session cookie is used to identify
the session on the server.
• We just need to obtain the session of the user to login into his/her account.
• We can have access to the account as long as the user does not log out.
• Cookies can be obtained by MITM or by getting access to the victim’s machine.
![Page 7: Web Hacking series part 2](https://reader036.vdocuments.us/reader036/viewer/2022082619/587cb2b51a28ab38028b502f/html5/thumbnails/7.jpg)
PREVENTION :• USE SSL FOR THE ENTIRE SITE. This is the only way to
prevent MITM easily.
• Logout the user after a certain duration of inactivity. (More load on the server because it will have to maintain a timer for each user)
• Ask the users to logout every time before closing their browsers.
![Page 8: Web Hacking series part 2](https://reader036.vdocuments.us/reader036/viewer/2022082619/587cb2b51a28ab38028b502f/html5/thumbnails/8.jpg)
BRUTE FORCING LOGIN PAGES USING BURP
• Brute forcing is a method to try out all possible usernames and passwords from a given space.
• This attack is used to get the credentials of a legitimate user of a website.
• It is really fast when we have the username of the user.
• We use the intruder tool in burp to brute force login forms.
![Page 9: Web Hacking series part 2](https://reader036.vdocuments.us/reader036/viewer/2022082619/587cb2b51a28ab38028b502f/html5/thumbnails/9.jpg)
PREVENTION :
• Rate limiting has been proven to be the best solution and has been implemented in many well known websites.
• It check this based on username and the IP of the user trying to brute force.
• Force users to use secure passwords and inform them not to use the same password across multiple platforms.
• Use Captchas.
![Page 10: Web Hacking series part 2](https://reader036.vdocuments.us/reader036/viewer/2022082619/587cb2b51a28ab38028b502f/html5/thumbnails/10.jpg)
HTTP PARAMETER POLLUTION
• HTTP Parameter Pollution can occur when multiple parameters with the same name but different values are submitted to the application.
• Depending on the application server type, the parameter used may be the first, second, or a combination of the two.
• Demo: A1 injection(other)->HTTP parameter pollution->Poll question.
![Page 11: Web Hacking series part 2](https://reader036.vdocuments.us/reader036/viewer/2022082619/587cb2b51a28ab38028b502f/html5/thumbnails/11.jpg)
PREVENTION :• Take each variable as an array and accept only the first
element of the array as a valid input. Others have to be discarded.
• Validate user input to check if it is one of the expected results.
![Page 12: Web Hacking series part 2](https://reader036.vdocuments.us/reader036/viewer/2022082619/587cb2b51a28ab38028b502f/html5/thumbnails/12.jpg)
THANK YOU!!!