More Web Hacking & Tools: HTML Source and Site Linkage Analysis (MSS book) csci5931 Web Security.

Download Report

Transcript More Web Hacking & Tools: HTML Source and Site Linkage Analysis (MSS book) csci5931 Web Security.

More Web Hacking & Tools:
HTML Source and Site Linkage Analysis
(MSS book)
csci5931 Web Security
1
Topics
A.
Ch. 7 (Reading between the lines)
B.
Ch. 8 (Site Linkage Analysis)
csci5931 Web Security
2
Reading between the lines

Whenever you view a Web page through a
browser, you see only the browser’s
interpretation and rendering of the content
delivered to it.

Vast amount of information may be hidden from
view: HTML comments, hidden input fields, <META>
tags, JavaScript codes, …

What you see isn’t necessarily what you get.

What you can’t see isn’t necessarily not there!
csci5931 Web Security
3
Reading between the lines

Source sifting:
Going through the HTML source of a Web page to
find clues for Web hacking

Manual source sifting can be a painstaking task.

There exist automated source sifting techniques and
tools.

Information leakage through HTML may seem
trivial, but it adds pieces of information to the
attacker’s toolbox.
csci5931 Web Security
4
Reading between the lines

c.f., source code disclosure attacks
Techniques whereby the Web server is tricked into
sending the source code of a script or an application
without its being parsed or executed;
The attacker gets to see the source code as it was coded in
the original script.

Source sifting only lets the viewer see the HTML
content generated by the script, not the actual
code of the script.
csci5931 Web Security
5
Source Sifting using the Browser

Netscape Navigator:
View | Page Source

Internet Explorer:
View | Source

For HTML specification, refer to
http://www.w3.org/TR/html4/
csci5931 Web Security
6
Source Sifting: Clues to look for
A.
HTML comments
revision history,
details about the developer/author,
cross-references to files and scripts,
reminders and placeholders,
comments inserted by Web application servers,
old “commented-out” codes
csci5931 Web Security
7
Source Sifting: Clues to look for
B.
Internal and external hyperlinks
Hyperlinks may link resources within the same Web
site, or to resources on external Web sites.
<A HREF= …>
<FORM ACTION=…>
Studying hyperlinks helps to reveal how the
application is structured and thus may help to
identify the weak link.
csci5931 Web Security
8
Source Sifting: Clues to look for
C.
E-mail addresses and usernames
<A HREF=mailto: … > or as part of the comments
“e-mail harvesting”: Using a Web crawler program to
gather e-mail addresses from Web pages
D.
Keywords and meta tags
an HTML page = the HTML header + the body
The header holds information about the contents of
the body section, such as the title, the name of the
author, etc.
csci5931 Web Security
9
Source Sifting: Clues to look for
E.
Hidden input fields
<INPUT TYPE=HIDDEN NAME=… VALUE=…>
Problems:
F.
1.
information leakage
2.
possible tampering of the hidden fields
Client-side scripts
Problems: visible and modifiable by the users
Lessons: Use server-side scripts if possible.
csci5931 Web Security
10
Automated Source Sifting

wget

grep

Sam Spade

Black Widow http://www.softbytelabs.com/

Teleport Pro (shareware, up to 40 trials before
http://www.gnu.org
registration) http://www.tenmax.com/company/downloads.htm
Teleport Ultra (trial version available)
csci5931 Web Security
11
Teleport Pro
- New project wizard
csci5931 Web Security
12
Teleport Pro
- New project wizard
csci5931 Web Security
13
Teleport Pro
- New project wizard
csci5931 Web Security
14
Teleport Pro
- New project wizard
csci5931 Web Security
15
Teleport Pro
csci5931 Web Security
16
Teleport Pro
csci5931 Web Security
17
Teleport Pro
csci5931 Web Security
18
Teleport Pro
csci5931 Web Security
19
Topics
Ch. 8 (Site Linkage Analysis)
csci5931 Web Security
20
Site linkage analysis
• Method to understand the conceptual links
between web resources and their
functionality.
– the purpose of a web page
– its type
– the overall structure of the web site
The result:
An inventory of web resources of a site
csci5931 Web Security
21
Procedure of site linkage analysis
csci5931 Web Security
22
Automated tools

wget

Black Widow http://www.softbytelabs.com/

Funnel web profiler
http://www.gnu.org
http://www.quest.com/solutions/download.asp
csci5931 Web Security
23
Site linkage analysis (example)
- Funnel web profiler
csci5931 Web Security
24
Site linkage analysis (example)
- Funnel web profiler
csci5931 Web Security
25
Site linkage analysis (example)
- Funnel web profiler
csci5931 Web Security
26
Site linkage analysis (example)
- Funnel web profiler
csci5931 Web Security
27
Site linkage analysis (example)
- Funnel web profiler
csci5931 Web Security
28
Site linkage analysis (example)
- Funnel web profiler
csci5931 Web Security
29
csci5931 Web Security
30