RE: Proof of Concept Tool on Web Application Security

["Einecker, Leah" <Leah_Einecker () Intuit com>]

David Endler and Michael Sutton did a presentation on bruteforcing session
IDs at DEFCON last year.  Links to the presentation, the "iDefense Session
Auditor tool", and a video of the talk are all available at:
http://www.defcon.org/html/links/defcon-media-archives.html

Cheers,
-L

> -----Original Message-----
> From: Indian Tiger [mailto:indiantiger () mailandnews com]
> Sent: Tuesday, April 15, 2003 11:06 AM
> To: pen test
> Subject: Proof of Concept Tool on Web Application Security
>
>
> Hi all,
>
> I have tried a lot to find any Proof of Concept Tool on Web Application
> Security but still I am not able to find a single one. Let me give some
> specific details.
>
> Session ID
> Generally session ID is big enough and act as authentication 
> token. Most of
> the time it only changes last few digits, lets say only three 
> digits from
> the end. Even its doing this only its very tuff to guess these 
> last three
> digits. I have made a testing site and tried but was not able 
> to do that. I
> knew session ID is not the only authentication parameter. It 
> can contain
> cookie, session tokens etc as well. I have tried Achilles, Web 
> Sleuth, Web
> Inspect, Spike Proxy etc. I think at least they don't do such 
> brute force.
> Is there any tool which does brute force on this and give session ID.
>
> Cookie Manipulation
> Several Articles talk about Cookie Manipulation. How to get cookies of
> others even in a LAN seems very tuff or not possible as per my 
> study on Web.
> If a Attacker is able to redirect other person's traffic to 
> any Proxy like
> Achilles, Web Sleuth than he can perform attacks. Now nobody 
> is allowing to
> change his proxy setting and sending his output through 
> Attacker (Proxy).
> Is there any tool which can give access/manipulate the cookie remotely?
>
> This manipulation can also be achieved if an Attacker can put 
> his Proxy (Web
> Sleuth) on intermediate Router/Proxy. One Example is I am 
> accessing Hotmail
> and on my ISP Router/Proxy, An attacker installs tool like Web 
> Sleuth. But
> again question comes Router works on OSI layer 3 so attacker 
> can't put tool
> like Web Sleuth. If intermediate hop is Proxy which is on 
> Application level,
> there should be some tool which can be placed here.
>
> XSS
> Cross Site Scripting has to use Client site scripting only. 
> What could be
> the maximum impact of this? Can Attacker format a machine or 
> steal data by
> this? If yes how?
>
> Please also tell any other Proof of Concept Tool on Web Application
> Security. I read OWASP guides, WebGoat and some more to 
> understand three
> things deeply and develop Proof of Concept Tool but no successes accept
> Hidden field manipulation. Please recommend some good guides on this.
>
> Any help on this would be highly appreciated.
>
> Thanking You.
> Sincerely,
>
> Indian Tiger, CISSP
>
>
> --------------------------------------------------------------
> Costs are climbing and complaints are rising
> as SPAM overloads your e-mail servers and Inboxes
> SurfControl E-mail Filter puts the brakes on spam & viruses
> and gives you the reports to prove it.
> http://www.securityfocus.com/SurfControl-pen-test2
> Download a free trial and see just
> what's going in and out of your organization. 
> --------------------------------------------------------------


--------------------------------------------------------------
Costs are climbing and complaints are rising
as SPAM overloads your e-mail servers and Inboxes
SurfControl E-mail Filter puts the brakes on spam & viruses
and gives you the reports to prove it.
http://www.securityfocus.com/SurfControl-pen-test2
Download a free trial and see just
what's going in and out of your organization. 
--------------------------------------------------------------