The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Obtain a single token from the application, and modify it in systematic

Download 5,76 Mb. Pdf ko'rish bet 323/875 Sana 01.01.2022 Hajmi 5,76 Mb. #293004

Bu sahifa navigatsiya:

• Log in as several different users at different times and record the tokens

Obtain a single token from the application, and modify it in systematic ways to determine whether the entire token is validated, or whether some subcomponents of the token are ignored. Try changing the token’s value one byte at a time (or even one bit at a time) and submitting the modified token back to the application to determine whether it is still accepted. If you find that certain portions of the token are not actually required to be correct, you can exclude these from any further analysis, potentially reducing the amount of work that you need to perform. ■ Log in as several different users at different times and record the tokens received from the server. If self-registration is available and you can choose your username, log in with a series of similar usernames contain- Download 5,76 Mb. Do'stlaringiz bilan baham: