A larger version of this issue's cover can be found at: http://images4.fanpop.com/image/photos/18200000/Legends-silent-movies-18236311-1680-1050.jpg
The sections marked in red are today's updates.
Chapter 4, Testing Authentication and Session Management
4.2. Dictionary attack on landing pages using Burp Suite
4.3. Use Hydra to force a violent attack
4.4, using Metasploit to crack the password of Tomcat
4.5、Manual mining of vulnerabilities in cookies
4.6. Attacking session fixation vulnerabilities
4.7. Evaluating the quality of session identifiers using Burp sorters
4.8, the abuse of unsafe direct object references
4.9. Execution of cross-site request forgery attacks
When an application manages information that is not publicly available, a mechanism is needed to verify that users are allowed to see certain data, which is called authentication. The most common method of authentication in today's web applications is to use a combination of a username (or identifier) and a password.
HTTP is a stateless protocol, which means that each of its requests is unique, so applications also need a way to distinguish between requests from different users and allow them to perform a series of requests that may need to be performed by the same user and tasks performed by multiple users connected at the same time. This is called session management. Session identifiers in cookies are the most common method of session management in modern web applications, although Token tokens (containing the value of user identification information sent in the authorization header of each request) are becoming increasingly popular in certain types of applications, such as back-end web services.
In this chapter， We will describe the detectionweb Some of the most common vulnerabilities in application authentication and session management of process， and how attackers can abuse these vulnerabilities to gain access to restricted information of interviews。
The first step to cracking the user/password authentication mechanism is to discover a valid username. One way to do this is by enumerating ; Enumerating users in a web application is done by analyzing the response when a username is submitted at locations such as the login, registration, and password recovery pages.
In this subsection, we will submit multiple requests to the application using a list of common usernames and compare the responses to determine which submitted names belong to existing users.
For this subsection we will be using WebGoat vulnerable hosts in the vm_1 target machine and Burp Suite as our proxy on Kali Linux.
almost all of The applications all provide users with the ability to recover or reset their passwords in case they forget them of channel。 When no user name exists， These apps can recognize it too， This can be used to enumerate the names of existing of list:
1. Open WebGoat (http://192.168.56.11/WebGoat/attack) from your Kali Linux browser and use WebGoat as the username and password if the login dialog pops up.
2. Once in WebGoat, go to Authentication Flaws | Forgot Password. If we submit any username and that user does not exist in the database, we will receive a message saying that the username is invalid: