1 / 23

Basic Web Hacking & Tools (MSS book)

Explore basic web hacking and security tools, including Netcat, Achilles, HTTP, and HTTPS. Learn about URLs, HTML forms, web application components, and network utility programs. Understand HTTP history, methods, response codes, security, authentication, and more.

lworsham
Download Presentation

Basic Web Hacking & Tools (MSS book)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Basic Web Hacking & Tools(MSS book) csci5931 Web Security

  2. Topics • Ch. 4, 15 (Netcat, Achilles, HTTP, HTTPS) • Ch. 5 (URLs, HTML Forms) • Ch. 6 (Web Application Components) csci5931 Web Security

  3. Network Utility Programs • Netcat http://www.atstake.com/research/tools/network_utilities/ • Cryptcat http://sourceforge.net/projects/cryptcat/ csci5931 Web Security

  4. Network Utility Programs • Example Use of Netcat • To get a web page: nc sce.uhcl.edu 80 GET / HTTP/1.0 HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 Date: Wed, 26 Feb 2003 15:08:22 GMT Connection: Keep-Alive Content-Length: 10166 Content-Type: text/html Set-Cookie: ASPSESSIONIDSASQDDAR=MECEBLAAEIKECJGFFELEBJMA; path=/ Cache-control: private <html> <head> <title>SCE Home Page</title> … csci5931 Web Security

  5. Network Utility Programs • Example Use of Netcat • To get the meta information of a web page: nc sce.uhcl.edu 80 HEAD / HTTP/1.0 HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 Date: Wed, 26 Feb 2003 15:11:33 GMT Connection: Keep-Alive Content-Length: 10166 Content-Type: text/html Set-Cookie: ASPSESSIONIDSASQDDAR=PECEBLAAKMPGGDIHEGJOAJLJ; path=/ Cache-control: private csci5931 Web Security

  6. Network Utility Programs • Other Uses of Netcat • Have Netcat listen at a particular port: (AT the listening side) nc -L -p 53 -e cmd.exe (At the remote side) nc –v hostAddress 53 • Allows the administrator to see if a port is available, for example, through a firewall. csci5931 Web Security

  7. Achilles • Acts like a web proxy • Allows a person to intercept and modify information sent from a web server to a web browser • Download: achilles-0-27.zip • Proxy configuration on the browser csci5931 Web Security

  8. Achilles csci5931 Web Security

  9. HTTP & History of the WWW • [HTTP 1991]  The Original HTTP as defined in 1991 • [HTTP 1992]  Basic HTTP as defined in 1992 • [HTTP 1996]  RFC1945: Hypertext Transfer Protocol -- HTTP/1.0.  Informational. • [HTTP 1999] RFC2616: Hypertext Transfer Protocol -- HTTP/1.1.   • [irt.org 1998] WWW – How It All Began. • [isoc.org 2000] The Internet Society.  A Brief History of the Internet.  August 4, 2000. csci5931 Web Security

  10. HTTP • An application-level protocol • Lightness and speed necessary for distributed, collaborative, hypermedia information systems • A stateless protocol • can be used for many tasks, such as name servers and distributed object management systems, through extension of its request methods • Its data typing feature allows systems to be built independently of the data being transferred. csci5931 Web Security

  11. HTTP • Its data typing feature allows systems to be built independently of the data being transferred. The Content-Type entity-header field indicates the media type of the Entity-Body sent to the recipient or, in the case of the HEAD method, the media type that would have been sent had the request been a GET. Content-Type = "Content-Type" ":" media-type Media types are defined in Section 3.6 of RFC1945. An example of the field is Content-Type: text/html csci5931 Web Security

  12. HTTP Request Methods • GET Retrieves the information requested from the file system. • HEAD Almost identical to the GET method, but only return the meta-information. • POST Requests that the server accept the enclosed information and act on it. Commonly used when server-side scripting is involved. • More request methods in HTTP/1.1: Table 4-4 (pp.126-127) csci5931 Web Security

  13. HTTP Response • Response code See Table 4-2 (p.122) • Header fields Additional information about the response Table 4-3 (p.124), 4-5 (p.128) • Data The body of the response csci5931 Web Security

  14. HTTP Security • HTTP provides a simple challenge-response authentication mechanism which may be used by a server to challenge a client request and by a client to provide authentication information. • The HTTP protocol does not restrict applications to this simple challenge-response mechanism for access authentication. Additional mechanisms may be used, such as encryption at the transport level or via message encapsulation, and with additional header fields specifying authentication information. However, these additional mechanisms are not defined by this specification. csci5931 Web Security

  15. HTTP Security • The "basic" authentication scheme is based on the model that the user agent must authenticate itself with a user-ID and a password for each realm. • The server will authorize the request only if it can validate the user-ID and password for the protection space of the Request-URI. There are no optional authentication parameters. • The "basic" authentication scheme is not a secure method of user authentication, nor does it prevent the Entity-Body from being transmitted in clear text across the physical network used as the carrier. csci5931 Web Security

  16. HTTP Security Considerations • The GET and HEAD methods should never have the significance of taking an action other than retrieval. • These methods should be considered “safe”. True? • It is not possible to ensure that the server does not generate side-effects as a result of performing a GET request. csci5931 Web Security

  17. HTTP Security Considerations • Abuse of Server Log Information: A server is in the position to save personal data about a user's requests which may identify their reading patterns or subjects of interest. This information is clearly confidential in nature and its handling may be constrained by law in certain countries. csci5931 Web Security

  18. HTTP Security Considerations • Transfer of Sensitive Information: HTTP cannot regulate the content of the data that is transferred, nor is there any a priori method of determining the sensitivity of any particular piece of information within the context of any given request. Revealing the specific software version of the server may allow the server machine to become more vulnerable to attacks against software that is known to contain security holes. Implementors should make the Server header field a configurable option. csci5931 Web Security

  19. HTTP Security Considerations • Attacks Based On File and Path Names: Implementations of HTTP origin servers should be careful to restrict the documents returned by HTTP requests to be only those that were intended by the server administrators. For example, Unix, Microsoft Windows, and other operating systems use ".." to indicate a directory level above the current one. Files intended for reference only internally to the server (such as access control files, configuration files, and script code) must be protected from inappropriate retrieval. csci5931 Web Security

  20. HTTPS • HTTP over SSL SSL encrypts traffic between two hosts, significantly reducing the ability of an attacker to access sensitive traffic and record information such as passwords. But, SSL does not truly provide security, if the SSL certificate is exposed. Tools such as ssldump can be used to decrypt SSL traffic. A network packet analyzer: Snort (Assignment #2?) (http://www.snort.org/dl/binaries/1.8.7/) csci5931 Web Security

  21. Ch 6: Web Application Components • Fig. 6-1: A typical Web application (p.166) • Fig. 6-2: Interfacing Web application servers with front-end web servers (p.170) • The native application processing environment (e.g., ASP on MS IIS) • Web server APIs and plug-ins (e.g., MS ISAPI extensions, Netscape NSAPI modules, …) csci5931 Web Security

  22. Ch 6: Web Application Components • URL Mapping and internal proxying The application server listens on a TCP port other than the one used by the web server. The web server is configured to map specific URLs onto the application server. • Proxying with back-end application server (e.g., Fig. 6-4, p.174) csci5931 Web Security

  23. Next • Midterm • Ch. 7: HTML source sifting, wget, Teleport Pro • Ch 8: Site Linkage Analysis • Core JAVA Security Model (GS: 7) • Team Presentations csci5931 Web Security

More Related