Siege: test squirrelmail

From OnnoWiki
Revision as of 16:23, 7 December 2018 by Onnowpurbo (talk | contribs) (→‎attack)
Jump to navigation Jump to search

Sadap menggunakan wireshark untuk dapat semua parameter yang dibutuhkan. Saat login ke squirrelmail akan tampak


Frame 2223: 709 bytes on wire (5672 bits), 709 bytes captured (5672 bits) on interface 0
Linux cooked capture
Internet Protocol Version 4, Src: 192.168.88.82, Dst: 192.168.88.240
Transmission Control Protocol, Src Port: 50376, Dst Port: 80, Seq: 1, Ack: 1, Len: 641
Hypertext Transfer Protocol
    POST /squirrelmail/src/redirect.php HTTP/1.1\r\n
    Host: 192.168.88.240\r\n
    User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0\r\n
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n
    Accept-Language: en-US,en;q=0.5\r\n
    Accept-Encoding: gzip, deflate\r\n
    Referer: http://192.168.88.240/squirrelmail/src/login.php\r\n
    Content-Type: application/x-www-form-urlencoded\r\n
    Content-Length: 77\r\n
    Cookie: SQMSESSID=jd0tis57a3hmp846rurn28rop7; PHPSESSID=cu6ai52hnttq3s4fpvotkos3a0\r\n
    Connection: keep-alive\r\n
    Upgrade-Insecure-Requests: 1\r\n
    \r\n
    [Full request URI: http://192.168.88.240/squirrelmail/src/redirect.php]
    [HTTP request 1/3]
    [Response in frame: 2225]
    [Next request in frame: 2232]
    File Data: 77 bytes
HTML Form URL Encoded: application/x-www-form-urlencoded
    Form item: "login_username" = "onno"
    Form item: "secretkey" = "123456"
    Form item: "js_autodetect_results" = "1"
    Form item: "just_logged_in" = "1" 

attack

siege --content-type='application/x-www-form-urlencoded' --header='Cookie: SQMSESSID=jd0tis57a3hmp846rurn28rop7; PHPSESSID=cu6ai52hnttq3s4fpvotkos3a0, Referer: http://192.168.88.240/squirrelmail/src/login.php' -d1 -r10 -c25 'http://192.168.88.240/squirrelmail/src/redirect.php POST login_username=onno&secretkey=123456&js_autodetect_results=1&just_logged_in=1'