Difference between revisions of "Siege: cookie"

From OnnoWiki
Jump to navigation Jump to search
(Created page with "==Cookie== The answer is to use --header="Cookie: --COOKIE_DATA--"")
 
Line 1: Line 1:
 +
==Sadap==
 +
 +
Sadap traffic ke web tersebut menggunakan wireshark. Untuk belajar ada baiknya akses ke web DVWA, login dan klik beberapa menu. Paket sebagai berikut
 +
 +
Frame 272: 549 bytes on wire (4392 bits), 549 bytes captured (4392 bits) on interface 0
 +
Linux cooked capture
 +
Internet Protocol Version 4, Src: 192.168.88.82, Dst: 192.168.88.240
 +
Transmission Control Protocol, Src Port: 50430, Dst Port: 80, Seq: 1920, Ack: 7175, Len: 481
 +
Hypertext Transfer Protocol
 +
    GET /DVWA-1.9/vulnerabilities/sqli/ HTTP/1.1\r\n
 +
    Host: 192.168.88.240\r\n
 +
    User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0\r\n
 +
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n
 +
    Accept-Language: en-US,en;q=0.5\r\n
 +
    Accept-Encoding: gzip, deflate\r\n
 +
    Referer: http://192.168.88.240/DVWA-1.9/vulnerabilities/sqli_blind/\r\n
 +
    Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1\r\n
 +
    Connection: keep-alive\r\n
 +
    Upgrade-Insecure-Requests: 1\r\n
 +
    \r\n
 +
    [Full request URI: http://192.168.88.240/DVWA-1.9/vulnerabilities/sqli/]
 +
    [HTTP request 5/5]
 +
    [Prev request in frame: 266]
 +
    [Response in frame: 273]
 +
 +
Maka Cookie adalah
 +
 +
Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1\r\n
 +
 +
Jangan matikan browser,
 +
 +
 
==Cookie==
 
==Cookie==
  
The answer is to use --header="Cookie: --COOKIE_DATA--"
+
Gunakan tambahan header di siege
 +
 
 +
--header="Cookie: --COOKIE_DATA--"
 +
--header="Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1\r\n"
 +
 
 +
 
 +
==Run Siege==

Revision as of 05:22, 7 December 2018

Sadap

Sadap traffic ke web tersebut menggunakan wireshark. Untuk belajar ada baiknya akses ke web DVWA, login dan klik beberapa menu. Paket sebagai berikut

Frame 272: 549 bytes on wire (4392 bits), 549 bytes captured (4392 bits) on interface 0
Linux cooked capture
Internet Protocol Version 4, Src: 192.168.88.82, Dst: 192.168.88.240
Transmission Control Protocol, Src Port: 50430, Dst Port: 80, Seq: 1920, Ack: 7175, Len: 481
Hypertext Transfer Protocol
    GET /DVWA-1.9/vulnerabilities/sqli/ HTTP/1.1\r\n
    Host: 192.168.88.240\r\n
    User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0\r\n
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n
    Accept-Language: en-US,en;q=0.5\r\n
    Accept-Encoding: gzip, deflate\r\n
    Referer: http://192.168.88.240/DVWA-1.9/vulnerabilities/sqli_blind/\r\n
    Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1\r\n
    Connection: keep-alive\r\n
    Upgrade-Insecure-Requests: 1\r\n
    \r\n
    [Full request URI: http://192.168.88.240/DVWA-1.9/vulnerabilities/sqli/]
    [HTTP request 5/5]
    [Prev request in frame: 266]
    [Response in frame: 273]

Maka Cookie adalah

Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1\r\n

Jangan matikan browser,


Cookie

Gunakan tambahan header di siege

--header="Cookie: --COOKIE_DATA--"
--header="Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1\r\n"


Run Siege