Siege: cookie

Sadap

Sadap traffic ke web tersebut menggunakan wireshark. Untuk belajar pola header waktu akses ke web DVWA, login dan klik beberapa menu. Contoh paket yang di tangkap oleh wireshark adalah sebagai berikut

Frame 272: 549 bytes on wire (4392 bits), 549 bytes captured (4392 bits) on interface 0
Linux cooked capture
Internet Protocol Version 4, Src: 192.168.88.82, Dst: 192.168.88.240
Transmission Control Protocol, Src Port: 50430, Dst Port: 80, Seq: 1920, Ack: 7175, Len: 481
Hypertext Transfer Protocol
    GET /DVWA-1.9/vulnerabilities/sqli/ HTTP/1.1\r\n
    Host: 192.168.88.240\r\n
    User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0\r\n
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n
    Accept-Language: en-US,en;q=0.5\r\n
    Accept-Encoding: gzip, deflate\r\n
    Referer: http://192.168.88.240/DVWA-1.9/vulnerabilities/sqli_blind/\r\n
    Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1\r\n
    Connection: keep-alive\r\n
    Upgrade-Insecure-Requests: 1\r\n
    \r\n
    [Full request URI: http://192.168.88.240/DVWA-1.9/vulnerabilities/sqli/]
    [HTTP request 5/5]
    [Prev request in frame: 266]
    [Response in frame: 273]

Maka Cookie adalah

Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1\r\n

Jangan matikan browser karena Cookie "menempel" pada aktifitas browser tersebut.

Cookie

Gunakan tambahan header di siege

--header="Cookie: --COOKIE_DATA--"
--header="Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1\r\n"

Run Siege

Buka web DVWA, login, capture Cookie menggunakan Wireshark tambahan di siege --header=

siege -u http://192.168.88.240/DVWA-1.9/vulnerabilities/exec/ --header='Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1' -d1 -r10 -c25

siege -u http://192.168.88.240/DVWA-1.9/vulnerabilities/sqli/ --header='Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1' -d1 -r10 -c25

siege -u http://192.168.88.240/DVWA-1.9/vulnerabilities/upload/ --header='Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1' -d1 -r10 -c25

siege -u http://192.168.88.240/DVWA-1.9/vulnerabilities/sqli/?id=1 --header='Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1' -d1 -r10 -c25

siege -u http://192.168.88.240/DVWA-1.9/vulnerabilities/sqli/?id=%'+or+'0'='0 --header='Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1' -d1 -r10 -c25

siege -u http://192.168.88.240/DVWA-1.9/vulnerabilities/exec/ --header='Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1' -d1 -r10 -c25

Contoh lain

siege --concurrent=5 --reps=100 --header='sdk:3.0, config:3.0,zid:0' 'https://google.com/api/REGME POST uid=a8qn&aid=43ZK0'