The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

ing small variations between them, such as A, AA, AAA, AAAA, AAAB

Download 5,76 Mb.

Pdf ko'rish

bet	324/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 320 321 322 323 324 325 326 327 ... 875

Bog'liq
3794 1008 4334

ing small variations between them, such as A, AA, AAA, AAAA, AAAB,

AAAC, AABA, and so on. If other user-specific data is submitted at the

login or stored in user profiles (such as an email address), perform a

similar exercise to vary that data systematically and record the tokens

received following login.

■

Analyze the tokens for any correlations that appear to be related to the

username and other user-controllable data.

■

Analyze the tokens for any detectable encoding or obfuscation. Where the

username contains a sequence of the same character, look for a corre-

sponding character sequence in the token, which may indicate the use of

XOR obfuscation. Look for sequences in the token containing only hexa-

decimal characters, which may indicate a hex-encoding of an ASCII string

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 320 321 322 323 324 325 326 327 ... 875