The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

via attacks that compromise user cookies, and in the case of persistent

cookies, by anyone who gains access to the client’s local file system.

Even if the credentials are encrypted, an attacker can still simply replay

the cookie and so log in as a user without actually knowing her creden-

tials. Chapter 12 describes various ways in which an attacker can target

other users to capture their cookies.

Many applications use HTTP for unauthenticated areas of the application

and switch to HTTPS at the point of login. If this is the case, then the correct

place to switch to HTTPS is when the login page is loaded in the browser,

enabling a user to verify that the page is authentic before entering credentials.

However, it is common to encounter applications that load the login page itself

using HTTP, and switch to HTTPS at the point where credentials are submit-

ted. This is unsafe, because a user cannot verify the authenticity of the login

page itself and so has no assurance that the credentials will be submitted

securely. A suitably positioned attacker can intercept and modify the login

page, changing the target URL of the login form to use HTTP. By the time an

astute user realizes that the credentials have been submitted using HTTP, they

will have been compromised.

HACK STEPS

■■

Download 5,76 Mb.

Do'stlaringiz bilan baham: