Siege: cookie

From OnnoWiki
Revision as of 05:22, 7 December 2018 by Onnowpurbo (talk | contribs)
Jump to navigation Jump to search

Sadap

Sadap traffic ke web tersebut menggunakan wireshark. Untuk belajar ada baiknya akses ke web DVWA, login dan klik beberapa menu. Paket sebagai berikut

Frame 272: 549 bytes on wire (4392 bits), 549 bytes captured (4392 bits) on interface 0
Linux cooked capture
Internet Protocol Version 4, Src: 192.168.88.82, Dst: 192.168.88.240
Transmission Control Protocol, Src Port: 50430, Dst Port: 80, Seq: 1920, Ack: 7175, Len: 481
Hypertext Transfer Protocol
    GET /DVWA-1.9/vulnerabilities/sqli/ HTTP/1.1\r\n
    Host: 192.168.88.240\r\n
    User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0\r\n
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n
    Accept-Language: en-US,en;q=0.5\r\n
    Accept-Encoding: gzip, deflate\r\n
    Referer: http://192.168.88.240/DVWA-1.9/vulnerabilities/sqli_blind/\r\n
    Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1\r\n
    Connection: keep-alive\r\n
    Upgrade-Insecure-Requests: 1\r\n
    \r\n
    [Full request URI: http://192.168.88.240/DVWA-1.9/vulnerabilities/sqli/]
    [HTTP request 5/5]
    [Prev request in frame: 266]
    [Response in frame: 273]

Maka Cookie adalah

Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1\r\n

Jangan matikan browser,


Cookie

Gunakan tambahan header di siege

--header="Cookie: --COOKIE_DATA--"
--header="Cookie: security=low; PHPSESSID=n4rbm0nva5qatce4c3jp8b8pk1\r\n"


Run Siege