CA647 Lab #09

Darragh O'Brien B.Sc. Ph.D., School of Computing, Dublin City University

• Home
• Lab 01
• Lab 02
• Lab 03
• Lab 04
• Lab 05
• Lab 06
• Lab 07
• Lab 08
• Lab 09
• Lab 10

Handy Unix commands

• mkdir makes a directory
• cd changes directory
• ls lists directory contents
• pwd displays current directory
• rm deletes a file
• man system call gives help on that system call

Example

To create a directory called ca647 with a subdirectory called lab01 and launch our text editor, emacs, we would issue the following commands in a terminal window:

$ mkdir ca647
$ cd ca647
$ mkdir lab01
$ cd lab01
$ ls [after downloading getpid.c]
getpid.c
$ emacs getpid.c &
[1] 3054

Overview

There is not a whole lot of work in this lab. It's mainly about trying out some software.

• Try Microsoft's SQL injection and XSS labs
• Try tampering with HTTP headers with Firefox
• Install and have a look at WebScarab
• Try some web vulnerability scanning

A. Microsoft's virtual labs

These exercises can only be completed in Internet Explorer and require the installation of an Active X control. The lab machines in L1.28 have the Active X control installed already so you should be able to use them. Alternatively, install the Active X control on your own machine. You will find the Microsoft security labs here.

B. Firefox tamper data

Add the tamper data plug-in to your Firefox installation and use it to verify you can use to modify HTTP header parameters in transit. You'll get it here.

C. WebScarab

Download and install WebScarab (for simplicity make sure you download the self-contained version) from here.

This is a handy tool and worth learning to use. Among other things it can act as a proxy between your web browser and the web. All traffic to and from your browser is intercepted and held until you decide to pass it on. You can view and manipulate all form data, cookies, hidden fields etc. en route. It contains a lot of functionality so here's a a Getting Started page.

To launch WebScarab, do the following (note the path to the newer version of Java, using the older/default Java installation can cause problems):

$ /usr/local/jdk1.6.0_02/bin/java -jar ./webscarab-selfcontained-[numbers].jar &

Once it is up and running:

• Use the Tools menu to have WebScarab use the School's proxy server and change your browser's settings to use localhost:8008 as its proxy server as this is where WebScarab is waiting
• You may have to use an alternative browser to Firefox e.g. Konqueror as Firefox's proxy settings may be hard-coded
• Under Tools select the full interface and restart so you can access all of the functions WebScarab offers
• When intercepting traffic specify a regular expression to filter by or it becomes unusable for sites that contain lots of embedded content that cause a flood of HTTP requests

After picking some web site to look at you could try investigating: where the session ID kept, whether it changes after login, its randomness (there is a session ID analyser in WebScarab, you can use it to download e.g. 1000 session IDs and check for patterns).

D. Nikto

Last up is a web server vulnerability scanner. Download it it from here and point it at a web server and see what it says. It is usually used as part of the Nessus suite of vulnerability analysis tools but here we try it on its own.

Valid XHTML | Valid CSS | Copyright © Darragh O'Brien | Design by SmallPark