Difference between revisions of "Siege: cookie"

From OnnoWiki
Jump to navigation Jump to search
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
==Sadap==
 
==Sadap==
  
Sadap traffic ke web tersebut menggunakan wireshark. Untuk belajar ada baiknya akses ke web DVWA, login dan klik beberapa menu. Paket sebagai berikut
+
Sadap traffic ke web tersebut menggunakan wireshark. Untuk belajar pola header waktu akses ke web DVWA, login dan klik beberapa menu. Contoh paket yang di tangkap oleh wireshark adalah sebagai berikut
  
 
  Frame 272: 549 bytes on wire (4392 bits), 549 bytes captured (4392 bits) on interface 0
 
  Frame 272: 549 bytes on wire (4392 bits), 549 bytes captured (4392 bits) on interface 0
Line 28: Line 28:
 
  Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1\r\n
 
  Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1\r\n
  
Jangan matikan browser,
+
Jangan matikan browser karena Cookie "menempel" pada aktifitas browser tersebut.
 
 
  
 
==Cookie==
 
==Cookie==
Line 42: Line 41:
  
 
Buka web DVWA, login, capture Cookie menggunakan Wireshark tambahan di siege --header=
 
Buka web DVWA, login, capture Cookie menggunakan Wireshark tambahan di siege --header=
 
  
 
  siege -u http://192.168.88.240/DVWA-1.9/vulnerabilities/exec/ --header='Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1' -d1 -r10 -c25
 
  siege -u http://192.168.88.240/DVWA-1.9/vulnerabilities/exec/ --header='Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1' -d1 -r10 -c25
Line 53: Line 51:
  
 
  siege -u http://192.168.88.240/DVWA-1.9/vulnerabilities/sqli/?id=%'+or+'0'='0 --header='Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1' -d1 -r10 -c25
 
  siege -u http://192.168.88.240/DVWA-1.9/vulnerabilities/sqli/?id=%'+or+'0'='0 --header='Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1' -d1 -r10 -c25
 
  
 
  siege -u http://192.168.88.240/DVWA-1.9/vulnerabilities/exec/ --header='Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1' -d1 -r10 -c25
 
  siege -u http://192.168.88.240/DVWA-1.9/vulnerabilities/exec/ --header='Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1' -d1 -r10 -c25
Line 60: Line 57:
  
 
  siege --concurrent=5 --reps=100 --header='sdk:3.0, config:3.0,zid:0' 'https://google.com/api/REGME POST uid=a8qn&aid=43ZK0'
 
  siege --concurrent=5 --reps=100 --header='sdk:3.0, config:3.0,zid:0' 'https://google.com/api/REGME POST uid=a8qn&aid=43ZK0'
 +
 +
 +
==Pranala Menarik==
 +
 +
* [[siege]]

Latest revision as of 15:56, 7 December 2018

Sadap

Sadap traffic ke web tersebut menggunakan wireshark. Untuk belajar pola header waktu akses ke web DVWA, login dan klik beberapa menu. Contoh paket yang di tangkap oleh wireshark adalah sebagai berikut

Frame 272: 549 bytes on wire (4392 bits), 549 bytes captured (4392 bits) on interface 0
Linux cooked capture
Internet Protocol Version 4, Src: 192.168.88.82, Dst: 192.168.88.240
Transmission Control Protocol, Src Port: 50430, Dst Port: 80, Seq: 1920, Ack: 7175, Len: 481
Hypertext Transfer Protocol
    GET /DVWA-1.9/vulnerabilities/sqli/ HTTP/1.1\r\n
    Host: 192.168.88.240\r\n
    User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0\r\n
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n
    Accept-Language: en-US,en;q=0.5\r\n
    Accept-Encoding: gzip, deflate\r\n
    Referer: http://192.168.88.240/DVWA-1.9/vulnerabilities/sqli_blind/\r\n
    Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1\r\n
    Connection: keep-alive\r\n
    Upgrade-Insecure-Requests: 1\r\n
    \r\n
    [Full request URI: http://192.168.88.240/DVWA-1.9/vulnerabilities/sqli/]
    [HTTP request 5/5]
    [Prev request in frame: 266]
    [Response in frame: 273]

Maka Cookie adalah

Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1\r\n

Jangan matikan browser karena Cookie "menempel" pada aktifitas browser tersebut.

Cookie

Gunakan tambahan header di siege

--header="Cookie: --COOKIE_DATA--"
--header="Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1\r\n"


Run Siege

Buka web DVWA, login, capture Cookie menggunakan Wireshark tambahan di siege --header=

siege -u http://192.168.88.240/DVWA-1.9/vulnerabilities/exec/ --header='Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1' -d1 -r10 -c25
siege -u http://192.168.88.240/DVWA-1.9/vulnerabilities/sqli/ --header='Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1' -d1 -r10 -c25
siege -u http://192.168.88.240/DVWA-1.9/vulnerabilities/upload/ --header='Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1' -d1 -r10 -c25
siege -u http://192.168.88.240/DVWA-1.9/vulnerabilities/sqli/?id=1 --header='Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1' -d1 -r10 -c25
siege -u http://192.168.88.240/DVWA-1.9/vulnerabilities/sqli/?id=%'+or+'0'='0 --header='Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1' -d1 -r10 -c25
siege -u http://192.168.88.240/DVWA-1.9/vulnerabilities/exec/ --header='Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1' -d1 -r10 -c25

Contoh lain

siege --concurrent=5 --reps=100 --header='sdk:3.0, config:3.0,zid:0' 'https://google.com/api/REGME POST uid=a8qn&aid=43ZK0'


Pranala Menarik