Testprimero
Páginas: 37 (9005 palabras)
Publicado: 13 de noviembre de 2012
Hacking / Hacking Exposed Web Applications / Scambray / 174064-3
1
eb
ng W
cki 101
Ha
pps
A
1
01-ch01.indd 1
9/28/2010 11:09:35 PM
Hacking / Hacking Exposed Web Applications / Scambray / 174064-3
2
H acking Exposed Web Applications
T
his chapter provides a brief overview of the “who, what, when, where, how, and
why” of web application hacking. It’s designed toset the stage for the subsequent
chapters of the book, which will delve much more deeply into the details of web
application attacks and countermeasures. We’ll also introduce the basic web application
hacking toolset, since these tools will be used throughout the rest of the book for
numerous purposes.
WHAT IS WEB APPLICATION HACKING?
We’re not going to waste much time defining webapplication—unless you’ve been hiding
under a rock for the last ten years, you likely have firsthand experience with dozens of
web applications (Google, Amazon.com, Hotmail, and so on). For a more in-depth
background, look up “web application” on Wikipedia.org. We’re going to stay focused
here and cover purely security-relevant items as quickly and succinctly as possible.
We define a web applicationas one that is accessed via the HyperText Transfer
Protocol, or HTTP (see “References & Further Reading” at the end of this chapter for
background reading on HTTP). Thus, the essence of web hacking is tampering with applications
via HTTP. There are three simple ways to do this:
• Directly manipulating the application via its graphical web interface
• Tampering with the Uniform ResourceIdentifier, or URI
• Tampering with HTTP elements not contained in the URI
GUI Web Hacking
Many people are under the impression that web hacking is geeky technical work best left
to younger types who inhabit dark rooms and drink lots of Mountain Dew. Thanks to the
intuitive graphical user interface (GUI, or “gooey”) of web applications, this is not
necessarily so.
Here’s how easy web hacking canbe. In Chapter 6, we’ll discuss one of the most
devastating classes of web app attacks: SQL injection. Although its underpinnings are
somewhat complex, the basic details of SQL injection are available to anyone willing to
search the Web for information about it. Such a search usually turns up instructions on
how to perform a relatively simple attack that can bypass the login page of a poorlywritten web application, inputting a simple set of characters that causes the login function
to return “access granted”—every time! Figure 1-1 shows how easily this sort of attack
can be implemented using the simple GUI provided by a sample web application called
Hacme Bank from Foundstone, Inc.
Some purists are no doubt scoffing at the notion of performing “true” web app
hacking using justthe browser, and sure enough, we’ll describe many tools later in this
chapter and throughout this book that vastly improve upon the capabilities of the basic
web browser, enabling industrial-strength hacking. Don’t be too dismissive of the
browser, however. In our combined years of web app hacking experience, we’ve
01-ch01.indd
01-ch01.indd 2
9/28/2010 11:09:36 PM
Hacking / HackingExposed Web Applications / Scambray / 174064-3
C hapter 1:
Hacking Web Apps 101
3
Figure 1-1 Entering the string ‘OR 1=1-- bypasses the login screen for Foundstone’s sample
Hacme bank application. Yes, it can be this easy!
determined it’s really the basic logic of the application that hackers are trying to defeat,
no matter what tools they use to do it. In fact, some of the mostelegant attacks we’ve
seen involved only a browser.
Even better, such attacks are also likely to provide the greatest motivation to the web
application administrator/developer/manager/executive to fix the problem. There is
usually no better way of demonstrating the gravity of a vulnerability than by illustrating
how to exploit it with a tool that nearly everyone on the planet is familiar...
1
eb
ng W
cki 101
Ha
pps
A
1
01-ch01.indd 1
9/28/2010 11:09:35 PM
Hacking / Hacking Exposed Web Applications / Scambray / 174064-3
2
H acking Exposed Web Applications
T
his chapter provides a brief overview of the “who, what, when, where, how, and
why” of web application hacking. It’s designed toset the stage for the subsequent
chapters of the book, which will delve much more deeply into the details of web
application attacks and countermeasures. We’ll also introduce the basic web application
hacking toolset, since these tools will be used throughout the rest of the book for
numerous purposes.
WHAT IS WEB APPLICATION HACKING?
We’re not going to waste much time defining webapplication—unless you’ve been hiding
under a rock for the last ten years, you likely have firsthand experience with dozens of
web applications (Google, Amazon.com, Hotmail, and so on). For a more in-depth
background, look up “web application” on Wikipedia.org. We’re going to stay focused
here and cover purely security-relevant items as quickly and succinctly as possible.
We define a web applicationas one that is accessed via the HyperText Transfer
Protocol, or HTTP (see “References & Further Reading” at the end of this chapter for
background reading on HTTP). Thus, the essence of web hacking is tampering with applications
via HTTP. There are three simple ways to do this:
• Directly manipulating the application via its graphical web interface
• Tampering with the Uniform ResourceIdentifier, or URI
• Tampering with HTTP elements not contained in the URI
GUI Web Hacking
Many people are under the impression that web hacking is geeky technical work best left
to younger types who inhabit dark rooms and drink lots of Mountain Dew. Thanks to the
intuitive graphical user interface (GUI, or “gooey”) of web applications, this is not
necessarily so.
Here’s how easy web hacking canbe. In Chapter 6, we’ll discuss one of the most
devastating classes of web app attacks: SQL injection. Although its underpinnings are
somewhat complex, the basic details of SQL injection are available to anyone willing to
search the Web for information about it. Such a search usually turns up instructions on
how to perform a relatively simple attack that can bypass the login page of a poorlywritten web application, inputting a simple set of characters that causes the login function
to return “access granted”—every time! Figure 1-1 shows how easily this sort of attack
can be implemented using the simple GUI provided by a sample web application called
Hacme Bank from Foundstone, Inc.
Some purists are no doubt scoffing at the notion of performing “true” web app
hacking using justthe browser, and sure enough, we’ll describe many tools later in this
chapter and throughout this book that vastly improve upon the capabilities of the basic
web browser, enabling industrial-strength hacking. Don’t be too dismissive of the
browser, however. In our combined years of web app hacking experience, we’ve
01-ch01.indd
01-ch01.indd 2
9/28/2010 11:09:36 PM
Hacking / HackingExposed Web Applications / Scambray / 174064-3
C hapter 1:
Hacking Web Apps 101
3
Figure 1-1 Entering the string ‘OR 1=1-- bypasses the login screen for Foundstone’s sample
Hacme bank application. Yes, it can be this easy!
determined it’s really the basic logic of the application that hackers are trying to defeat,
no matter what tools they use to do it. In fact, some of the mostelegant attacks we’ve
seen involved only a browser.
Even better, such attacks are also likely to provide the greatest motivation to the web
application administrator/developer/manager/executive to fix the problem. There is
usually no better way of demonstrating the gravity of a vulnerability than by illustrating
how to exploit it with a tool that nearly everyone on the planet is familiar...
Leer documento completo
Regístrate para leer el documento completo.