Chapter 13  ■ Automating Bespoke Attacks

Because of what you know about the structure and handling of session

tokens, your attack only needs to modify the final portion of the token. In fact,

because of the sequence identified, the most productive initial attack will mod-

ify only the last few digits of the token. Accordingly, you configure Intruder

with a single payload position, as shown in Figure 13-2.

Figure 13-2:  Setting a custom payload position

Your payloads need to sequence through all possible values for the final

three digits. The token appears to use the same character set as hexadecimal

numbers: 0–9 and a–f. So you configure a payload source to generate all hexa-

decimal numbers in the range 0x000–0xfff, as shown in Figure 13-3.

Download 5,76 Mb.

Do'stlaringiz bilan baham: