The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Download 5,76 Mb.

Pdf ko'rish

bet	338/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 334 335 336 337 338 339 340 341 ... 875

Bog'liq
3794 1008 4334

HACK STEPS (continued)

■

In most cases, there is no real substitute for a manual analysis of the

sample of tokens. There is no magic formula for this, but the following

steps should get you on your way:

■

Apply the knowledge you have already gleaned regarding which com-

ponents and bytes of the token are actually being processed by the

server. Ignore anything that is not processed, even if it varies between

samples.

■

If it is unclear what type of data is contained within the token, or any

individual component of it, try applying various decodings to see if

any more meaningful data emerges. It may be necessary to apply sev-

eral decodings in sequence.

■

Try to identify any patterns in the sequences of values contained

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 334 335 336 337 338 339 340 341 ... 875