More Web Hacking & Tools: HTML Source and Site Linkage Analysis (MSS book)TopicsReading between the linesSlide 4Slide 5Source Sifting using the BrowserSource Sifting: Clues to look forSlide 8Slide 9Slide 10Automated Source SiftingTeleport Pro - New project wizardSlide 13Slide 14Slide 15Teleport ProSlide 17Slide 18Slide 19Slide 20Site linkage analysisProcedure of site linkage analysisAutomated toolsSite linkage analysis (example) - Funnel web profilerSlide 25Slide 26Slide 27Slide 28Slide 29Slide 30csci5931 Web Security 1More Web Hacking & Tools:HTML Source and Site Linkage Analysis(MSS book)csci5931 Web Security 2TopicsA. Ch. 7 (Reading between the lines)B. Ch. 8 (Site Linkage Analysis)csci5931 Web Security 3Reading between the linesWhenever you view a Web page through a browser, you see only the browser’s interpretation and rendering of the content delivered to it.Vast amount of information may be hidden from view: HTML comments, hidden input fields, <META> tags, JavaScript codes, …What you see isn’t necessarily what you get.What you can’t see isn’t necessarily not there!csci5931 Web Security 4Reading between the linesSource sifting: Going through the HTML source of a Web page to find clues for Web hackingManual source sifting can be a painstaking task.There exist automated source sifting techniques and tools.Information leakage through HTML may seem trivial, but it adds pieces of information to the attacker’s toolbox.csci5931 Web Security 5Reading between the linesc.f., source code disclosure attacksTechniques whereby the Web server is tricked into sending the source code of a script or an application without its being parsed or executed;The attacker gets to see the source code as it was coded in the original script.Source sifting only lets the viewer see the HTML content generated by the script, not the actual code of the script.csci5931 Web Security 6Source Sifting using the BrowserNetscape Navigator:View | Page SourceInternet Explorer:View | SourceFor HTML specification, refer to http://www.w3.org/TR/html4/csci5931 Web Security 7Source Sifting: Clues to look forA. HTML commentsrevision history, details about the developer/author, cross-references to files and scripts, reminders and placeholders, comments inserted by Web application servers, old “commented-out” codescsci5931 Web Security 8Source Sifting: Clues to look forB. Internal and external hyperlinksHyperlinks may link resources within the same Web site, or to resources on external Web sites.<A HREF= …><FORM ACTION=…>Studying hyperlinks helps to reveal how the application is structured and thus may help to identify the weak link.csci5931 Web Security 9Source Sifting: Clues to look forC. E-mail addresses and usernames<A HREF=mailto: … > or as part of the comments“e-mail harvesting”: Using a Web crawler program to gather e-mail addresses from Web pagesD. Keywords and meta tagsan HTML page = the HTML header + the bodyThe header holds information about the contents of the body section, such as the title, the name of the author, etc.csci5931 Web Security 10Source Sifting: Clues to look forE. Hidden input fields<INPUT TYPE=HIDDEN NAME=… VALUE=…>Problems: 1. information leakage2. possible tampering of the hidden fieldsF. Client-side scriptsProblems: visible and modifiable by the usersLessons: Use server-side scripts if possible.csci5931 Web Security 11Automated Source Siftingwget http://www.gnu.orggrepSam Spade Black Widow http://www.softbytelabs.com/ Teleport Pro (shareware, up to 40 trials before registration) http://www.tenmax.com/company/downloads.htm Teleport Ultra (trial version available)csci5931 Web Security 12Teleport Pro- New project wizardcsci5931 Web Security 13Teleport Pro- New project wizardcsci5931 Web Security 14Teleport Pro- New project wizardcsci5931 Web Security 15Teleport Pro- New project wizardcsci5931 Web Security 16Teleport Procsci5931 Web Security 17Teleport Procsci5931 Web Security 18Teleport Procsci5931 Web Security 19Teleport Procsci5931 Web Security 20TopicsCh. 8 (Site Linkage Analysis)csci5931 Web Security 21Site linkage analysis•Method to understand the conceptual links between web resources and their functionality.–the purpose of a web page–its type–the overall structure of the web siteThe result:An inventory of web resources of a sitecsci5931 Web Security 22Procedure of site linkage analysiscsci5931 Web Security 23Automated toolswget http://www.gnu.orgBlack Widow http://www.softbytelabs.com/ Funnel web profiler http://www.quest.com/solutions/download.aspcsci5931 Web Security 24Site linkage analysis (example)- Funnel web profilercsci5931 Web Security 25Site linkage analysis (example)- Funnel web profilercsci5931 Web Security 26Site linkage analysis (example)- Funnel web profilercsci5931 Web Security 27Site linkage analysis (example)- Funnel web profilercsci5931 Web Security 28Site linkage analysis (example)- Funnel web profilercsci5931 Web Security 29Site linkage analysis (example)- Funnel web profilercsci5931 Web Security
View Full Document
Unlocking...