Công Nghệ Thông Tin
Quản trị mạng
Tải bản đầy đủ - 0 (trang)
2 Viewing the Source, Advanced
2 Viewing the Source, Advanced
Tải bản đầy đủ - 0trang
Figure 3-2. Searching for Amazon in bookmarks
To filter out portions of the website in the source chart, click on the HTML tag at the
top of that portion. Further searches will not find text in that area. For instance, in
Figure 3-2, the top definition term (
tag) is folded, and thus not searched.
While this may seem a trivial task, using a tool like this to view the source saves us time.
For instance, the simple-looking pages on http://apple.com will regularly include upward of 3,000 lines of code.
The Source Chart parses the HTML and displays HTML tags in nested boxes. Clicking
on any one box will hide it for the moment and prevent searching of that hidden area.
This functionality excels when dealing with templates, as one can locate particular
template areas under test and hide everything else.
When running through many test cases, each requiring manual HTML validation, one
can just copy and paste the test case expected result right into the Find field.
Often times when viewing a page’s source, one will see frame elements, such as:
These frames include another page of HTML, hidden from the normal source viewer.
With View Source Chart, one can view the HTML of a frame by left-clicking anywhere
within that frame, prior to right clicking to select “View Source Chart.” Manipulating
frames is a common cross-site scripting attack pattern. If vulnerable, they allow an
34 | Chapter 3: Basic Observation
attacker to create a frame that covers the entire page, substituting attacker-controlled
content for the real thing. This is discussed in detail in Recipe 12.2.
While some will use command-line tools to fetch and parse web pages, as we’ll discuss
in Chapter 8, attackers often view the effects of failed attacks in the source. An attacker
can find a way around defenses by observing what is explicitly protected—and slogging
through the source is often a useful exercise. For instance, if your application filters out
try these substitutes to see which make it past the filter, and into the source code:
Some revealing tidbits to look for are the ever-popular hidden form fields, as discussed
in Recipe 3.4. You can find these by viewing the HTML source and then searching for
hidden. As that recipe discusses, hidden fields can often be manipulated more easily
than it would seem.
onClick or onLoad. These are discussed in Recipe 3.10, and you’ll learn how to circumvent these checks in Chapter 8, but first it’s nice to be able to look them up quickly.
Simple reconnaissance shines in finding defaults for a template or platform. Check the
meta tags, the comments, and header information for clues about which framework or
platform the application was built on. For example, if you find the following code lying
around, you want to make sure you know about any recent WordPress template
If you notice that a lot of the default third-party code was left in place, you may have
a potential security issue. Try researching a bit online to find out what the default
administration pages and passwords are. It’s amazing how many security precautions
can be bypassed by trying the default username (admin) and password (admin). Basic
observation of this type is crucial when so many platforms are insecure out of the box.
3.2 Viewing the Source, Advanced | 35
Figure 3-3. Firebug dissecting benwalther.net
3.3 Observing Live Request Headers with Firebug
When conducting a thorough security evaluation, typically a specialist will construct
a trust boundary diagram. These diagrams detail the exchange of data between various
software modules, third parties, servers, databases, and clients—all with varying degrees of trust.
By observing live request headers, you can see exactly which pages, servers, and actions
the web-based client accesses. Even without a formal trust boundary diagram, knowing
what the client (the web browser) accesses reveals potentially dangerous dependencies.
In Firefox, open Firebug via the Tools menu. Be sure to enable Firebug if you have not
already. Via the Net tab, browse to any website. In the Firebug console, you’ll see
various lines show up, as shown in Figure 3-3.
Each line corresponds to one HTTP request and is titled according to the request’s
URL. Mouse over the request line to see the URL requested, and select the plus sign
next to a request to reveal the exact request headers. You can see an example in Figure 3-4, but please don’t steal my session (details on stealing sessions can be found in
36 | Chapter 3: Basic Observation
Figure 3-4. Firebug inspecting request headers
Figure 3-5. Basic web request model
Threat modeling and trust boundary diagrams are a great exercise for assessing the
security of an application, but is a subject worthy of a book unto itself. However, the
first steps are to understand dependencies and how portions of the application fit together. This basic understanding provides quite a bit of security awareness without the
effort of a full assessment. For our purposes, we’re looking at something as simple as
what is shown in Figure 3-5. A browser makes a request, the server thinks about it, and
In fact, you’ll notice that your browser makes many requests on your behalf, even
though you requested only one page. These additional requests retrieve components
of the page such as graphics or style sheets. You may even see some variation just visiting
the same page twice. If your browser has already cached some elements (graphics, style
3.3 Observing Live Request Headers with Firebug | 37
Tài liệu liên quan
1335 web security testing cookbook
1 What Is Security Testing?
2 What Are Web Applications?
3 Web Application Fundamentals
5 It’s About the How
8 Installing the ViewState Decoder
14 Installing Apache HTTP Server
3 Observing Live Request Headers with Firebug
4 Observing Live Post Data with WebScarab
6 Observing Live Response Headers with TamperData
10 Track Element Attributes Dynamically
Tài liệu mới
Đường giới hạn khả năng sản xuất
Nghịch lý nước và kim cương
Lý thuyết về giá trị
ảnh hưởng thay thế âm
Sở thích bộc lộ và ảnh hưởng thay thế
Đường cầu cá nhân
Tổng kết ảnh hưởng thay thế và ảnh hưởng thu nhập
Thay đổi giá một hàng hoá
Đường cầu tuyến tính
Co giãn của cầu theo giá và doanh thu
Tài liệu bạn tìm kiếm đã sẵn sàng tải về
2 Viewing the Source, Advanced
1335 web security testing cookbook -0 (trang)
Tải bản đầy đủ ngay(0 tr)