Siege: cookie
Jump to navigation
Jump to search
Sadap
Sadap traffic ke web tersebut menggunakan wireshark. Untuk belajar pola header waktu akses ke web DVWA, login dan klik beberapa menu. Contoh paket yang di tangkap oleh wireshark adalah sebagai berikut
Frame 272: 549 bytes on wire (4392 bits), 549 bytes captured (4392 bits) on interface 0 Linux cooked capture Internet Protocol Version 4, Src: 192.168.88.82, Dst: 192.168.88.240 Transmission Control Protocol, Src Port: 50430, Dst Port: 80, Seq: 1920, Ack: 7175, Len: 481 Hypertext Transfer Protocol GET /DVWA-1.9/vulnerabilities/sqli/ HTTP/1.1\r\n Host: 192.168.88.240\r\n User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0\r\n Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n Accept-Language: en-US,en;q=0.5\r\n Accept-Encoding: gzip, deflate\r\n Referer: http://192.168.88.240/DVWA-1.9/vulnerabilities/sqli_blind/\r\n Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1\r\n Connection: keep-alive\r\n Upgrade-Insecure-Requests: 1\r\n \r\n [Full request URI: http://192.168.88.240/DVWA-1.9/vulnerabilities/sqli/] [HTTP request 5/5] [Prev request in frame: 266] [Response in frame: 273]
Maka Cookie adalah
Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1\r\n
Jangan matikan browser karena Cookie "menempel" pada aktifitas browser tersebut.
Cookie
Gunakan tambahan header di siege
--header="Cookie: --COOKIE_DATA--" --header="Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1\r\n"
Run Siege
Buka web DVWA, login, capture Cookie menggunakan Wireshark tambahan di siege --header=
siege -u http://192.168.88.240/DVWA-1.9/vulnerabilities/exec/ --header='Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1' -d1 -r10 -c25
siege -u http://192.168.88.240/DVWA-1.9/vulnerabilities/sqli/ --header='Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1' -d1 -r10 -c25
siege -u http://192.168.88.240/DVWA-1.9/vulnerabilities/upload/ --header='Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1' -d1 -r10 -c25
siege -u http://192.168.88.240/DVWA-1.9/vulnerabilities/sqli/?id=1 --header='Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1' -d1 -r10 -c25
siege -u http://192.168.88.240/DVWA-1.9/vulnerabilities/sqli/?id=%'+or+'0'='0 --header='Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1' -d1 -r10 -c25
siege -u http://192.168.88.240/DVWA-1.9/vulnerabilities/exec/ --header='Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1' -d1 -r10 -c25
Contoh lain
siege --concurrent=5 --reps=100 --header='sdk:3.0, config:3.0,zid:0' 'https://google.com/api/REGME POST uid=a8qn&aid=43ZK0'