The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws


within each decoded token or component. Calculate the differences



Download 5,76 Mb.
Pdf ko'rish
bet339/875
Sana01.01.2022
Hajmi5,76 Mb.
#293004
1   ...   335   336   337   338   339   340   341   342   ...   875
Bog'liq
3794 1008 4334

within each decoded token or component. Calculate the differences

between successive values. Even if these appear to be chaotic, there

may be a fixed set of observed differences that narrows down the

scope of any brute-force attack considerably.



Obtain a similar sample of cookies after waiting for a few minutes,



and repeat the same analysis. Try to detect whether any of the tokens’

content is time-dependent.



If a pattern is detected, reperform the token harvesting exercise from a



different IP address and (if relevant) a different username, to identify

whether the same pattern is detected, and whether tokens received in

the first exercise could be extrapolated to identify tokens received in the

second. Sometimes, the sequence of tokens received by a script running

on a single machine will manifest a pattern, but this will not allow

straightforward extrapolation to the tokens issued to other users

because information such as source IP is used as a source of entropy

(such as a seed to a random number generator).



If you believe you have enough insight into the token generation algo-



rithm to mount an automated attack against other users’ sessions, it is

likely that the best means of achieving this is via a customized script,

which can generate tokens using the specific patterns you have observed,

and apply any necessary encoding. See Chapter 13 for some generic tech-

niques for applying automation to this type of problem.



If source code is available, closely review the code responsible for gener-



ating session tokens to understand the mechanism used and determine

whether it is vulnerable to prediction.

190

Chapter 7 



Attacking Session Management

70779c07.qxd:WileyRed  9/14/07  3:13 PM  Page 190


Full-Blown Tests for Randomness

Due to the importance of robust session token generation, performing an effec-

tive attack against a security-critical application such as an online bank may

require carrying out a full-blown methodology to test the randomness of its

tokens. If you do not have access to source code, this will be a black-box exercise.

HACK STEPS



Determine the theoretical maximum number of unique tokens that are



available, based on the character set being used and number of bytes

within the token that are actually being validated (as described earlier).



Compare each character transition from one token to the next to deter-



mine whether particular transitions are more common than others. If


Download 5,76 Mb.

Do'stlaringiz bilan baham:
1   ...   335   336   337   338   339   340   341   342   ...   875



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish