David Endler and Michael Sutton did a presentation on bruteforcing session IDs at DEFCON last year. Links to the presentation, the "iDefense Session Auditor tool", and a video of the talk are all available at: http://www.defcon.org/html/links/defcon-media-archives.html Cheers, -L >-----Original Message----- >From: Indian Tiger [mailto:indiantigerat_private] >Sent: Tuesday, April 15, 2003 11:06 AM >To: pen test >Subject: Proof of Concept Tool on Web Application Security > > >Hi all, > >I have tried a lot to find any Proof of Concept Tool on Web Application >Security but still I am not able to find a single one. Let me give some >specific details. > >Session ID >Generally session ID is big enough and act as authentication >token. Most of >the time it only changes last few digits, lets say only three >digits from >the end. Even its doing this only its very tuff to guess these >last three >digits. I have made a testing site and tried but was not able >to do that. I >knew session ID is not the only authentication parameter. It >can contain >cookie, session tokens etc as well. I have tried Achilles, Web >Sleuth, Web >Inspect, Spike Proxy etc. I think at least they don't do such >brute force. >Is there any tool which does brute force on this and give session ID. > >Cookie Manipulation >Several Articles talk about Cookie Manipulation. How to get cookies of >others even in a LAN seems very tuff or not possible as per my >study on Web. >If a Attacker is able to redirect other person's traffic to >any Proxy like >Achilles, Web Sleuth than he can perform attacks. Now nobody >is allowing to >change his proxy setting and sending his output through >Attacker (Proxy). >Is there any tool which can give access/manipulate the cookie remotely? > >This manipulation can also be achieved if an Attacker can put >his Proxy (Web >Sleuth) on intermediate Router/Proxy. One Example is I am >accessing Hotmail >and on my ISP Router/Proxy, An attacker installs tool like Web >Sleuth. But >again question comes Router works on OSI layer 3 so attacker >can't put tool >like Web Sleuth. If intermediate hop is Proxy which is on >Application level, >there should be some tool which can be placed here. > >XSS >Cross Site Scripting has to use Client site scripting only. >What could be >the maximum impact of this? Can Attacker format a machine or >steal data by >this? If yes how? > >Please also tell any other Proof of Concept Tool on Web Application >Security. I read OWASP guides, WebGoat and some more to >understand three >things deeply and develop Proof of Concept Tool but no successes accept >Hidden field manipulation. Please recommend some good guides on this. > >Any help on this would be highly appreciated. > >Thanking You. >Sincerely, > >Indian Tiger, CISSP > > >-------------------------------------------------------------- >Costs are climbing and complaints are rising >as SPAM overloads your e-mail servers and Inboxes >SurfControl E-mail Filter puts the brakes on spam & viruses >and gives you the reports to prove it. >http://www.securityfocus.com/SurfControl-pen-test2 >Download a free trial and see just >what's going in and out of your organization. >-------------------------------------------------------------- > > -------------------------------------------------------------- Costs are climbing and complaints are rising as SPAM overloads your e-mail servers and Inboxes SurfControl E-mail Filter puts the brakes on spam & viruses and gives you the reports to prove it. http://www.securityfocus.com/SurfControl-pen-test2 Download a free trial and see just what's going in and out of your organization. --------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Apr 11 2003 - 10:29:43 PDT