The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Attackers can exploit the meaning within this session token to attempt to

guess the current sessions of other application users. Using a list of enumer-

ated or common usernames, they can quickly generate large numbers of

potentially valid tokens and test these to confirm which are valid.

Tokens that contain meaningful data often exhibit some structure — that is,

they contain several components, often separated by a delimiter, which can be

extracted and analyzed separately to allow an attacker to understand their

function and means of generation. Components that may be encountered

within structured tokens include:

■■

The account username.

■■

The numeric identifier used by the application to distinguish between

accounts.

■■

The user’s first/last human name.

■■

The user’s email address.

■■

The user’s group or role within the application.

■■

A date/time stamp.

■■

An incrementing or predictable number.

■■

The client IP address.

Each different component within a structured token, or indeed the entire

token, may be encoded in different ways, either as a deliberate measure to

obfuscate their content, or simply to ensure safe transport of binary data via

HTTP. Encoding schemes that are commonly encountered include XOR,

Base64, and hexadecimal representation using ASCII characters (see Chapter 3).

It may be necessary to test various different decodings on each component of

a structured token to unpack it to its original form.

Download 5,76 Mb.

Do'stlaringiz bilan baham: