More Web Hacking & Tools: HTML Source and Site Linkage Analysis (MSS book) csci5931 Web Security.
Download ReportTranscript More Web Hacking & Tools: HTML Source and Site Linkage Analysis (MSS book) csci5931 Web Security.
More Web Hacking & Tools: HTML Source and Site Linkage Analysis (MSS book) csci5931 Web Security 1 Topics A. Ch. 7 (Reading between the lines) B. Ch. 8 (Site Linkage Analysis) csci5931 Web Security 2 Reading between the lines Whenever you view a Web page through a browser, you see only the browser’s interpretation and rendering of the content delivered to it. Vast amount of information may be hidden from view: HTML comments, hidden input fields, <META> tags, JavaScript codes, … What you see isn’t necessarily what you get. What you can’t see isn’t necessarily not there! csci5931 Web Security 3 Reading between the lines Source sifting: Going through the HTML source of a Web page to find clues for Web hacking Manual source sifting can be a painstaking task. There exist automated source sifting techniques and tools. Information leakage through HTML may seem trivial, but it adds pieces of information to the attacker’s toolbox. csci5931 Web Security 4 Reading between the lines c.f., source code disclosure attacks Techniques whereby the Web server is tricked into sending the source code of a script or an application without its being parsed or executed; The attacker gets to see the source code as it was coded in the original script. Source sifting only lets the viewer see the HTML content generated by the script, not the actual code of the script. csci5931 Web Security 5 Source Sifting using the Browser Netscape Navigator: View | Page Source Internet Explorer: View | Source For HTML specification, refer to http://www.w3.org/TR/html4/ csci5931 Web Security 6 Source Sifting: Clues to look for A. HTML comments revision history, details about the developer/author, cross-references to files and scripts, reminders and placeholders, comments inserted by Web application servers, old “commented-out” codes csci5931 Web Security 7 Source Sifting: Clues to look for B. Internal and external hyperlinks Hyperlinks may link resources within the same Web site, or to resources on external Web sites. <A HREF= …> <FORM ACTION=…> Studying hyperlinks helps to reveal how the application is structured and thus may help to identify the weak link. csci5931 Web Security 8 Source Sifting: Clues to look for C. E-mail addresses and usernames <A HREF=mailto: … > or as part of the comments “e-mail harvesting”: Using a Web crawler program to gather e-mail addresses from Web pages D. Keywords and meta tags an HTML page = the HTML header + the body The header holds information about the contents of the body section, such as the title, the name of the author, etc. csci5931 Web Security 9 Source Sifting: Clues to look for E. Hidden input fields <INPUT TYPE=HIDDEN NAME=… VALUE=…> Problems: F. 1. information leakage 2. possible tampering of the hidden fields Client-side scripts Problems: visible and modifiable by the users Lessons: Use server-side scripts if possible. csci5931 Web Security 10 Automated Source Sifting wget grep Sam Spade Black Widow http://www.softbytelabs.com/ Teleport Pro (shareware, up to 40 trials before http://www.gnu.org registration) http://www.tenmax.com/company/downloads.htm Teleport Ultra (trial version available) csci5931 Web Security 11 Teleport Pro - New project wizard csci5931 Web Security 12 Teleport Pro - New project wizard csci5931 Web Security 13 Teleport Pro - New project wizard csci5931 Web Security 14 Teleport Pro - New project wizard csci5931 Web Security 15 Teleport Pro csci5931 Web Security 16 Teleport Pro csci5931 Web Security 17 Teleport Pro csci5931 Web Security 18 Teleport Pro csci5931 Web Security 19 Topics Ch. 8 (Site Linkage Analysis) csci5931 Web Security 20 Site linkage analysis • Method to understand the conceptual links between web resources and their functionality. – the purpose of a web page – its type – the overall structure of the web site The result: An inventory of web resources of a site csci5931 Web Security 21 Procedure of site linkage analysis csci5931 Web Security 22 Automated tools wget Black Widow http://www.softbytelabs.com/ Funnel web profiler http://www.gnu.org http://www.quest.com/solutions/download.asp csci5931 Web Security 23 Site linkage analysis (example) - Funnel web profiler csci5931 Web Security 24 Site linkage analysis (example) - Funnel web profiler csci5931 Web Security 25 Site linkage analysis (example) - Funnel web profiler csci5931 Web Security 26 Site linkage analysis (example) - Funnel web profiler csci5931 Web Security 27 Site linkage analysis (example) - Funnel web profiler csci5931 Web Security 28 Site linkage analysis (example) - Funnel web profiler csci5931 Web Security 29 csci5931 Web Security 30