Zacharia Dis
-
date post
05-Oct-2015 -
Category
Documents
-
view
236 -
download
0
description
Transcript of Zacharia Dis
-
,
...
2010-2011
:
: ....
:
:
: /1049
mail: [email protected]
. : 28-02-2012
-
: 1 ...
-
: 2 ...
, ,
.
,
.
,
.... ( ).
....
.
.
-
: 3 ...
-
: 4 ...
tester .
,
,
, testers.
, PHP. ,
web browser,
web server
client WUI (Web User Interface). ,
web server
.
web applications
.
Information Disclosure, Cross Site
Scripting SQL Injection.
: Web Vulnerability Assessment, Penetration Testing
: Web Vulnerability Assessment, Cross Site Scripting, SQL
Injection, Information Disclosure
-
: 5 ...
-
: 6 ...
1. ........................................................................................................ 10
2. Web Vulnerability Assessment ................................ 12
2.1 Crawler based vulnerability scanners ......................................................... 12
2.2 Proxy based vulnerability scanners ............................................................. 18
2.3 ................................................................... 23
3. .......................................................................... 25
4. ............................................................... 39
5. ................................................... 42
6. ................................................................................ 44
-
: 7 ...
2.1: WebSecurify crawler based vulnerability scanning tool ................... 13
2.2: WebSecurify vulnerability scanning process ..................................... 14
2.3: XSS WebSecurify.......................................................... 15
2.4: interface w3af ................................................................. 17
2.5: w3af output ........................................................................................ 18
2.6: Interface OWASP ZAP .............................................................. 20
2.7: proxy 8080 .................................................................. 21
2.8: ............................... 22
2.9: OWASP ZAP Alerts, vulnerabilities .............................................. 22
2.10: ZAP crawling .................................... 23
3.1: VAbB tool ................................................. 26
3.2: VAbB browser . 27
3.3: VAbB assessment . 28
3.4: Output WUI crawling .................................. 30
3.5: Output WUI vulnerability assessment ......... 31
3.6: VAbB tool ........................................... 31
3.7: banner disclosure ........................................................ 32
3.8: reflected XSS .............................................................. 33
3.9: openeclass student ................................................... 34
3.10: Session Cookie openclass ....................................... 35
3.11: authentication cookie pattern ... 35
-
: 8 ...
3.12: VAbB openeclass student user .... 36
3.13: VAbB openeclass
student user ....................................................................................................... 37
3.14: SQL Injection error .......................................................................... 38
-
: 9 ...
WUI Web User Interface
XSS CSS Cross Site Scripting
w3af Web Application Attack and Audit Framework
OWASP Open Web Application Security Project
ZAP Zed Attack Proxy
-
: 10 ...
1
Web Hacking .
,
,
. blogs
.
. ,
.
.
,
.
.
,
.
Nessus
, Metasploit ..
.
-
: 11 ...
Web vulnerability scanner tools
Web vulnerability assessment.
.
-
: 12 ...
2
Web Vulnerability
Assessment
Web vulnerability scanners .
Crawler
scanning, pattern
matching , web server (http requests)
assessment.
,
. repeater
http request scanner ,
fuzzer, decoder .
crawler proxy
. ,
browser
.
crawler proxy based
vulnerability scanners,
.
2.1 Crawler based vulnerability scanners
crawler based vulnerability scanner,
, tester links
HTML
-
: 13 ...
. POST GET
links variables
crawling , vulnerability scanning.
crawling.
server
( 80),
crawl, keywords
keywords .
3
crawler.
crawler based vulnerability scanning
WebSecurify [11] w3af [9].
crawling vulnerability
scanning. 2.1 interface WebSecurify
tester .
WebSecurify 2.1 portable, multi -
platform . Windows, Linux, MAC
2.1: WebSecurify crawler based vulnerability scanning tool
-
: 14 ...
(smartphones),
extension browsers Google Chrome, Mozilla Firefox.
extension
Google Chrome MS Windows 7.
enter,
2.2.
openeclass [19], 2.3.1.
2.2: WebSecurify vulnerability scanning process
crawling
vulnerability scanning banner disclosure
web server framework
eclass. crawling process
-
: 15 ...
Cross Site
Scripting
hackers. 2.3 XSS. output
2.3: XSS WebSecurify
tester requested URL, POST GET,
variables GET POST
XSS.
-
: 16 ...
request POST request prenom_form
%22'%3Ckf9vt%3E hex "' ascii.
XSS SQL Injection .
.
w3af .
Java .
profiles tester
. 2.4
interface w3af profiles , target
URL , plugins
output tester
.
profile OWASP_TOP10.
OWASP Top 10 [20]
.
OWASP. tester
profile plugin .
profile
.
output security audit 2.5. output
.
.
y vulnerabilities
info
vulnerabilities information disclosure
.
-
: 17 ...
2.4: interface w3af
2.5 vulnerabilities ,
WebSecurify, .
.
-
: 18 ...
2.5: w3af output
2.2 Proxy based vulnerability scanners
vulnerability scanning tools proxy,
browser .
http request responses.
.
-
: 19 ...
proxy based vulnerability scanning tool
tester.
tester browser . tester
SQL Injection HTML ,
responses . tester
SQL Injection .
tester
URLs tester
.
OWASP-ZAP [10]
Burp Suite [8]. 2.6 interface ZAP.
(sites) tester
browser. ZAP
browser proxy.
ZAP 8080. Google Chrome
proxy ( 2.8).
localhost ZAP host browser.
links (sites)
link . , 2.8 IP
eclass .
(flags)
vulnerability scanning .
tab alerts. 2.9 alerts
. request ZAP
-
: 20 ...
2.6: Interface OWASP ZAP
alert. tab Active Scan, ZAP
requests tester browser.
.
-
: 21 ...
2.7: proxy 8080
ZAP proxy based , crawler. crawler
tab spider. spider
Active Scan. Alerts vulnerabilities.
2.10 flags, XSS.
-
: 22 ...
2.8:
2.9: OWASP ZAP Alerts, vulnerabilities
-
: 23 ...
2.10: ZAP crawling
2.3
crawler proxy based :
1) crawler based tester
. proxy based
.
2) tester crawl
(login), crawler
session cookie
. crawler based tester
cookie ,
proxy based
browser ( http requests), session
cookies. login browser,
.
3) flash,
, crawler links
POST .
proxy based
.
-
: 24 ...
4) html submit
JavaScript crawler
link submission.
attribute action JavaScript.
5)
http requests. , crawler based
proxy based
web
browser. proxy based connection
browser
web server.
redirections
http request.
http connections
. sockets
http
status code
http responses .
. ZAP
2.2
.
-
: 25 ...
3
crawler
. VAbB
. VAbB
Vulnerability Assessment by Browsing.
tester .
, testers.
, PHP.
PHP server side ,
server. ,
web browser. ,
web server
smartphone tablet.
,
() profile .
VAbB
. PHP .
. 3.1
VAbB.
-
: 26 ...
3.1: VAbB tool
Controller .
. index.php output.php
-
: 27 ...
. html php CSS
JavaScript script
WUI. index.php browser
3.2.
3.2: VAbB browser
Options
crawling process,
cookie crawling
authentication, profile
security modules
.
pattern . ,
vulnerability scanning authentication,
crawler. 3.3.
-
: 28 ...
3.3: VAbB assessment
tester pattern
links crawler.
-
: 29 ...
pattern #logout#i link
http://www.example.com/user/logout.php logout
( i pattern).
logout
log.php pattern link.
tester
patterns.
URL link openeclass.
URL
3.2, Start Scan.
output.php Controller
crawling. crawling
links crawl, 3.4.
links crawl.
crawler, , ,
vulnerability scanning. 3.5
XSS links.
GET POST
vulnerability. openeclass
XSS guest user.
3.6. Information Disclosure
tester
. openeclass
Banner Disclosure Private IP Disclosure.
private IP disclosure, openeclass private
links openclass
http://192.168.1.100/openeclass/. banner disclosure
-
: 30 ...
server .
(+) 3.6 banner disclosure
. 3.7
web server apache 2.2.20,
Ubuntu framework php 5.3.6. ,
reflected XSS 3.8.
3.4: Output WUI crawling
-
: 31 ...
3.5: Output WUI vulnerability assessment
3.6: VAbB tool
-
: 32 ...
3.7: banner disclosure
-
: 33 ...
3.8: reflected XSS
-
: 34 ...
security modules
cookie login
eclass. groups openeclass student, professor,
administrator guest. guest .
student. browser
openeclass credentials account
vulnerability assessment ( 3.9).
3.9: openeclass student
-
: 35 ...
session cookie
. plugin Google Chrome
cookies . 3.10
cookie VAbB.
3.10: Session Cookie openclass
3.11 cookie VAbB.
pattern crawler logout link link
profile . pattern,
crawler , profile
assessment.
3.11: authentication cookie pattern
3.12 assessment. links
-
: 36 ...
guest user. guest crawler 12 links student user 76 links.
vulnerability scanning 53 GET POST links.
3.12: VAbB openeclass student user
3.13.
-
: 37 ...
3.13: VAbB openeclass student user
vulnerabilities
guest user. SQL Injection vulnerability
. browser
requested URL error database,
input VAbB. 15 SQLi
forum openeclass.
3.14 error VAbB.
GET browser
error.
-
: 38 ...
3.14: SQL Injection error
-
: 39 ...
4
web server Apache PHP.
desktop / windows
Xampp [17]. Xampp apache/php, mysql, filezilla
ftp server, Mercury email server, phpMyAdmin
MySql ..
VAbB Ubuntu
Server 10.04 [16] Virtual Machine
VirtualBox [15]. extension PECL PHP
Linux .
VAbB Linux Server
.
Ubuntu Server
LAMP XAMPP Windows.
Linux based ,
repositories LAMP
. configuration
apache.conf http.conf, php.ini .
.
extension PHP PECL-HTTP [6].
http connections.
VAbB. PECL
PHP. PECL-HTTP extension
-
: 40 ...
Ubuntu (
Linux,
):
1. PEAR extensions
PECL:
sudo apt-get install php-pear
2. php5-dev
php compilation ,
PECL_HTTP:
sudo apt-get install php5-dev
3. libcurl3-openssl-dev:
sudo apt-get install libcurl3-openssl-dev
4. extension PECL_HTTP:
sudo pecl install pecl_http
inputs default
enter.
5. , php.ini
section
Dynamic Extensions:
extension=http.so
php.ini path:
sudo nano /etc/php5/apache2/php.ini
6. apache php.ini
:
sudo /etc/init.d/apache2 restart sudo /etc/init.d/httpd restart
PECL_HTTP extension
http://www.mkfoster.com/2009/01/04/how-to-use-the-pecl-http-pecl_http-
extension-to-make-http-requests-from-php/
-
: 41 ...
IDE
eclipse Indigo IDE [18]. eclipse
Aptana studio [19] PHP .
eclipse Java multi platform IDE.
eclipse plug-in , .php
text-based, text editor .
-
: 42 ...
.
vulnerability assessment
Information Disclosure, Reflected XSS, Stored XSS SQL
Injection.
SQL Injection
version
VAbB.
.
. crawling vulnerability scanning
process . crawling
, vulnerability
scanning. crawling
, browser
VAbB.
Page Limit tester
crawling.
.
crawling
XSS SQLi.
,
links crawl,
output.php,
.
-
: 43 ...
threads.
VAbB. PHP
threads .
extension PHP () supported
.
extension
crawler scanner,
native .
.
page limit
pattern .
, .
:
1. extension php
threads
crawler scanner.
2. crawler http connections
sockets.
PECL_HTTP.
3. index.php output.php.
JQuery Ajax .
4. SQL Injection false
positives.
5. .
OWASP Top 10 [21] .
-
: 44 ...
1. PHP Language - http://www.php.net/
2. PHP Crawler - http://phpcrawl.cuab.de/
3. Regular Expressions - http://weblogtoolscollection.com/regex/regex.php
4. HTTP Protocol - http://www.w3.org/Protocols/rfc2616/rfc2616.html
5. Cookies - http://en.wikipedia.org/wiki/HTTP_cookie
6. PECL HTTP Extension - http://pecl.php.net/package/pecl_http
7. Web Vulnerability Scanners - http://sectools.org/tag/web-scanners/
8. Burp Suite - http://portswigger.net/burp/
9. w3af - http://w3af.sourceforge.net/
10. OWASP ZAP -
https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
11. WebSecurify - http://www.websecurify.com/
12. Information Gathering - http://www.milescan.com/milescan-
help/1.8.0/index.html?information_gathering.htm
13. Cross Site Scripting - https://www.owasp.org/index.php/Cross-
site_Scripting_(XSS)
14. SQL Injection - https://www.owasp.org/index.php/SQL_Injection
15. VirtualBox - https://www.virtualbox.org/
16. Ubuntu Server - http://www.ubuntu.com/business/server/overview
17. XAMPP - http://www.apachefriends.org/en/index.html
18. Eclipse - http://www.eclipse.org/
19. Aptana Studio, Eclipse plugin - http://aptana.com/
20. Open eclass - http://www.openeclass.org/
21. OWASP Top 10 - https://www.owasp.org/images/0/0f/OWASP_T10_-
_2010_rc1.pdf
-
: 45 ...