Scribd Logo
Upload

Welcome to Scribd!

  • Web Security Testing Tools

    Uploaded by

    Anonymous ZSteIKuG
    25 views24 pages
    Web Security Wargames

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Web Security Wargames

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    25 views24 pages

    Web Security Testing Tools

    Uploaded by

    Anonymous ZSteIKuG
    Web Security Wargames

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 24

    Web Security Tools

    Web Security Wargames

    Compass Security AG
    Glrnischstrasse 7
    Postfach 1628
    CH-8640 Rapperswil

    Tel.+41 55-214 41 60
    Fax+41 55-214 41 61
    team@csnc.ch
    www.csnc.ch

    Howto analyze Web Applications


    Inspection Proxies

    Paros
    Burp
    Web Scarab
    Charles Proxy

    Firefox
    Firebug
    Tamper Data | LiveHttpHeader | SwitchProxy | Add N Cookie Editor

    Internet Explorer
    Fiddler
    HttpAnalyze

    Opera
    Java Script Debugger
    Compass Security AG

    www.csnc.ch

    Slide 2

    Inspection Proxy

    Compass Security AG
    Glrnischstrasse 7
    Postfach 1628
    CH-8640 Rapperswil

    Tel.+41 55-214 41 60
    Fax+41 55-214 41 61
    team@csnc.ch
    www.csnc.ch

    Inspection Proxies
    Introduction
    HTTP/S request
    modification tool
    Is a HTTP proxy

    Console

    Browser
    HTTP/S

    Features
    HTTPS traffic inspection
    by terminating HTTPS
    connection
    On the fly request
    modification based
    on regular expressions
    Record and replay of whole
    HTTP requests

    Compass Security AG

    www.csnc.ch

    Inspection
    Proxy
    HTTP/S

    Request
    Repository

    Regular
    Expressions

    Server

    Slide 4

    Configure Proxy in Browser


    Inspection Proxy
    Start browser
    Configure your
    Firefox by plug-in
    or manually

    Modify proxy settings


    http
    127.0.0.1:8080
    https
    127.0.0.1:8080
    Press OK or Apply button to
    activate settings

    Compass Security AG

    www.csnc.ch

    Slide 5

    Proxy:Paros
    Usage
    Switch to the 'Trap pane
    Tick the 'Trap Request' checkbox to intercept requests
    Change the requests parameters directly in the 'Header' or in the 'Body' text
    area
    Click 'Continue' to release the modified request

    Compass Security AG

    www.csnc.ch

    Slide 6

    Proxy:Paros
    Header Auto Replacement
    Switch to the 'Filters' pane
    Check the 'ReplaceRequestHeader' box
    Click the 'ReplaceRequestHeader' button, insert your regular expression and
    activate it

    Compass Security AG

    www.csnc.ch

    Slide 7

    Proxy:Burp Suite

    Compass Security AG

    www.csnc.ch

    Slide 8

    Proxy:Charles Proxy (Commercial)

    Compass Security AG

    www.csnc.ch

    Slide 9

    Proxy:Web Scarab

    Compass Security AG

    www.csnc.ch

    Slide 10

    Firefox Extensions

    Compass Security AG
    Glrnischstrasse 7
    Postfach 1628
    CH-8640 Rapperswil

    Tel.+41 55-214 41 60
    Fax+41 55-214 41 61
    team@csnc.ch
    www.csnc.ch

    Firefox::LiveHttpHeader Plugin

    Compass Security AG

    www.csnc.ch

    Slide 12

    Firefox::Tamper Plugin

    Compass Security AG

    www.csnc.ch

    Slide 13

    Firefox::Firebug Plugin

    Compass Security AG

    www.csnc.ch

    Slide 14

    Firefox:Cookie Editor Plugin

    Compass Security AG

    www.csnc.ch

    Slide 15

    System Tools for Monitoring

    Compass Security AG
    Glrnischstrasse 7
    Postfach 1628
    CH-8640 Rapperswil

    Tel.+41 55-214 41 60
    Fax+41 55-214 41 61
    team@csnc.ch
    www.csnc.ch

    HTTP Analyze (Commercial)

    Compass Security AG

    www.csnc.ch

    Slide 17

    Fiddler (Free Microsoft Tool)

    Compass Security AG

    www.csnc.ch

    Slide 18

    Web Scanner

    Compass Security AG
    Glrnischstrasse 7
    Postfach 1628
    CH-8640 Rapperswil

    Tel.+41 55-214 41 60
    Fax+41 55-214 41 61
    team@csnc.ch
    www.csnc.ch

    Acunetix (Commercial)

    Compass Security AG

    www.csnc.ch

    Slide 20

    Acunetix Firefox Plugin

    Compass Security AG

    www.csnc.ch

    Slide 21

    Landing Page

    Compass Security AG
    Glrnischstrasse 7
    Postfach 1628
    CH-8640 Rapperswil

    Tel.+41 55-214 41 60
    Fax+41 55-214 41 61
    team@csnc.ch
    www.csnc.ch

    What is a landing page


    Hacking-Lab staff members play the role of the victim
    They will click on an URL you provide
    Therefore, you should have your own web server with you, a web
    server on your local computer, a landing page
    Please take a webserver with you

    Compass Security AG

    www.csnc.ch

    Slide 23

    Compass Security AG

    www.csnc.ch

    Slide 24

    You might also like