Web application attack and defense (1)

Bkjia.com exclusive translator] Do you want to beat hackers in person? Okay, no problem. First, you need to know how hackers are looking for security vulnerabilities, and second, how hackers are exploiting Web application vulnerabilities, the last step is to understand how they organize attacks. This article will take Jarlsberg, a program that is full of loopholes, as an example to explain the attack and defense methods of Web applications and comprehensively dissect hacker behavior and countermeasures. Jarlsberg is written in Python. Therefore, a slightly understanding of Python will help you understand this article, but it doesn't matter even if you don't understand it, because the vulnerability and vulnerability fixing methods are basically language-independent. In addition, we will involve black box hackers and white box hackers. The so-called black box hackers observe the response and changes of Web applications by manipulating input fields or URL parameters, try to find an attack means to make it wrong. Here we usually view HTTP/HTTPS requests and responses. We recommend two great auxiliary tools, Burp and WebScarab; white-box hackers analyze the source code of Web applications and try to identify bugs and launch attacks.

You can build a penetration test environment based on the content described in this article, and do exercises on your own to improve your skills. Of course, the most important thing is to draw inferences from learning, you can also find and fix the vulnerability in the future.

If you want to run Jarlsberg locally, install Python 2.5 first. Other versions may not work. Run the following command to install Jarlsberg:

$ Cd $./Jarlsberg. py

Replace jarlsberg.appspot.com in all files with localhost: 8008, and replace the default ID 123 with the unique ID assigned to you.

If the Jarlsberg instance is created directly on the AppEngine, there are many restrictions on its resource usage, such as its inability to access and interfere with other Jarlsberg instances, if your Jarlsberg instance cannot run, you can use the following URL to reset it, but note that all historical data will be cleared.

http://jarlsberg.appspot.com/resetbutton/123

Replace 123 with your own ID.

Introduction to various Jarlsberg source files:

◆ Jarlsberg. py is a Jarlsberg Web server.

◆ Jdata. py stores default data in the database. There is an administrator account and two default users.

◆ Jtl. py is the Jarlsberg template language.

◆ Jsanitize. py is a module for Jarlsberg to protect its HTML from attacks.

◆ Resources/... directory stores all templates, images, CSS and other files

XSS)

Cross-site scripting (XSS) refers to the Code implanted by hackers in websites that are not controlled by themselves, usually HTML or JavaScript. When a victim browses such a webpage, the embedded code will be executed in the victim's browser, so that the victim's personal information related to website requests can be easily stolen.

In a reflection-type XSS attack, the attack is usually embedded in the request URL, and the victim is attacked when browsing the malicious URL constructed by the hacker. In a stored XSS attack, attackers Save the attack code in the application. When the victim browses such a webpage, the execution of the attack code is triggered.

Suppose http://www.google.com/search? Q = the URL returned by flowers contains the following HTML fragments:

Your search for 'flowers' returned the following results:

The value of the query parameter q is embedded in the page returned by Google. If www.google.com does not verify or ignore q, attackers can construct a link similar to the following for attack attempts:

http://www.google.com/search?q=flowers+%3Cscript%3Eevil_script()%3C/script%3E

The next step is to trick the victim into clicking this link. When the victim clicks this link, his browser will parse the following code:

Your search for 'flowers' returned the following results:

The browser will execute evil_script (), so the victim's browser status and all the cookies corresponding to this domain name are exposed.

Sometimes, even if the victim does not directly click a malicious link, it will be attacked. For example, if the attacker owns www.evil.example.com domain name