CEH Lab Manual

Session H ijacking
M odule 11


Module 11 - Session Hijacking

Hijacking Sessions
Session hijacking refers to the exploitation of a valid computer session, ))herein an
attachr takes over a session between two computers.
I CON
&

KE Y

Lab S cenario

Valuable information

S o u rc e : h ttp : / / k r e b s o n s e c u n t v . c o m / 2 0 1 2 / 1 1 / y a h o o - e m a il- s te a lin g - e x p lo it-

Test your knowledge

f e tc h e s - 7 0 0

H Web exercise
ca Workbook review

A c c o r d i n g to K r e b s o n S e c u r it y n e w s a n d in v e s tig a tio n , z e r o - d a v v u ln e r a b ility 111
y a h o o .c o m t h a t le ts a tta c k e r s h ija c k Y a h o o ! e m a il a c c o u n t s a n d r e d ir e c t u s e r s to

m a lic io u s w e b s i te s o t t e r s a f a s c in a tin g g lim p s e i n t o th e u n d e r g r o u n d m a r k e t f o r
la rg e -s c a le e x p lo its .
The

e x p lo it, b e i n g s o ld

f o r S 7 0 0 b y a n E g y p tia n h a c k e r o n

a n e x c lu s iv e

c y b e r c r im e f o r u m , ta r g e ts a “ c r o s s - s ite s c r ip t in g ” (X S S ) w e a k n e s s in v a h o o .c o m
th a t le ts a tta c k e r s s te a l c o o k ie s f r o m Y a h o o ! w e b m a il u s e rs . S u c h a f la w w o u ld
le t a tta c k e r s s e n d o r r e a d e m a il f r o m th e v i c t i m ’s a c c o u n t . 111 a tv p ic a l X S S
a tta c k , a n a t ta c k e r s e n d s a m a lic io u s lin k to a n u n s u s p e c ti n g u s e r; i f th e u s e r
c lic k s th e lin k , th e s c r ip t is e x e c u te d , a n d c a n a c c e s s c o o k ie s , s e s s io n t o k e n s , o r
o t h e r s e n s itiv e in f o r m a t i o n r e ta in e d b y th e b r o w s e r a n d u s e d w ith t h a t site.
T h e s e s c r ip ts c a n e v e n r e w r ite th e c o n t e n t o f th e H T M L p a g e .
K r e b s O n S e c u r ity .c o m a le r te d Y a h o o ! to th e v u ln e r a b ility , a n d th e c o m p a n y
say s it is r e s p o n d i n g to th e is s u e . R a m s e s M a r tin e z , d ir e c to r o f s e c u r ity a t
Y a h o o ! , sa id th e c h a lle n g e n o w is w o r k i n g o u t th e e x a c t v a h o o .c o m U R L t h a t
tr ig g e rs th e e x p lo it, w h ic h is d if f ic u lt to d is c e r n f r o m w a tc h in g th e v id e o .
T h e s e ty p e s o t v u ln e r a b ilitie s a re a g o o d r e m i n d e r to b e e s p e c ia lly c a u tio u s
a b o u t c lic k in g lin k s 111 e m a ils f r o m s tr a n g e r s o r 111 m e s s a g e s t h a t y o u w e r e n o t
e x p e c tin g .
B e in g a n d a d m in is t r a to r y o u s h o u ld i m p l e m e n t s e c u r ity m e a s u r e s a t A p p lic a tio n
le v e l a n d

N e tw o rk

le v e l to


p ro te c t y o u r n e tw o rk

fro m

s e s s io n

h ija c k in g .

N e t w o r k le v e l h ija c k s is p r e v e n t e d b y p a c k e t e n c r y p tio n w h ic h c a n b e o b ta in e d
b y u s in g p r o t o c o l s s u c h as I P S E C , S S L , S S H , e tc . I P S E C a llo w s e n c r y p tio n o f
p a c k e ts o n s h a r e d k e y b e t w e e n th e tw o s y s te m s in v o lv e d 111 c o m m u n ic a ti o n .
A p p lic a tio n - le v e l s e c u r ity is o b ta in e d b y u s in g s t r o n g s e s s io n I D . S S L a n d S S H
a ls o

p r o v id e s

s tr o n g

e n c r y p tio n

u s in g

SSL

c e r tif ic a te s

to

p r e v e n t s e s s io n


h ija c k in g .

Lab O b jectives
T h e o b je c tiv e o f th is la b is to h e lp s u id e n ts le a r n s e s s io n h ija c k in g a n d ta k e
n e c e s s a r y a c tio n s to d e f e n d a g a in s t s e s s io n h ija c k in g .
111 th is la b , y o u w ill:

■

C E H L a b M a n u a l P a g e 716

I n t e r c e p t a n d m o d if y w e b tr a f f ic

E th ic a l H a c k in g a n d C o u n te m ie a s u re s C opyright © by E C -C ouncil
All Rights Reserved. R epro d u ctio n is Stricdy Prohibited.


Module 11 - Session Hijacking

■

S 7T o o ls
d e m o n str a ted in
th is lab are
a v a ila b le in
D:\CEHTools\CEH v 8
M odule 11
S e s s io n H ijacking


S im u la te a T r o j a n , w h ic h m o d if ie s a w o r k s ta ti o n 's p r o x y s e r v e r s e ttin g s

Lab E nvironm ent
T o c a rry o u t tin s, y o u n e e d :
■

A c o m p u te r m im in g W indow s S erver 2 0 1 2 a s h o st m a ch in e

■

T in s la b w ill m n o n W indow s 8 v irtu a l m a c h in e

■

W e b b r o w s e r w ith I n te r n e t ac ce ss

■

A d m in is tra tiv e p riv ile g es to c o n fig u re se ttin g s a n d m n to o ls

Lab D uration
T im e : 2 0 M in u te s

O verview o f Session H ijackin g
m.

T A S K

1


O verview

S e ssio n h ija c k in g re fe rs to th e e x p lo ita tio n o f a v a lid c o m p u te r se ssio n w h e r e a n
a tta c k e r t a k e s o v er a s e s sio n b e tw e e n tw o c o m p u te r s . T h e a tta c k e r s t e a ls a v alid
s e ssio n I D , w h ic h is u s e d to g e t in to th e sy ste m a n d sn iff th e d ata.
111 TCP s e s s io n ln ja ck in g , a n a tta c k e r ta k e s o v e r a T C P s e ssio n b e tw e e n tw o
m a c h in e s . S in ce m o s t a u th e n tic a tio n s o c c u r o n ly a t th e s ta rt o f a T C P se ssio n , th is
allo w s th e a tta c k e r to gain a c c e s s to a m a c h in e .

Lab Tasks
P ic k a n o r g a n iz a tio n d ia t y o u fee l is w o r th y o f y o u r a tte n tio n . T in s c o u ld b e a n
e d u c a tio n a l in s titu tio n , a c o m m e r c ia l c o m p a n y , o r p e r h a p s a n o n p r o f it c h a n ty .
R e c o m m e n d e d la b s to assist y o u 111 se ssio n ln jack in g :
‫י‬

S e ssio n ln ja c k in g u s in g ZAP

Lab A nalysis
A n a ly z e a n d d o c u m e n t d ie re s u lts re la te d to th e la b ex ercise. G iv e y o u r o p in io n o n
y o u r ta rg e t’s se c u rity p o s tu r e a n d e x p o s u re .

P L E AS E TALK TO YOUR I N S T R U C T O R IF YOU HAVE Q U E S T I O N S
R E L A T E D T O T H I S LAB.

C E H L a b M a n u a l P a g e 717

E th ic a l H a c k in g a n d C o u n te rm e a s u re s C opyright © by E C -C ouncil
All Rights Reserved. R epro d u ctio n is Stricdy Prohibited.



Module 11 - Session Hijacking

Lab

Session Hijacking Using Zed A ttack
Proxy (ZAP)
The OWASP Zed Attack Proxy (ZAP) is an easy-to-use integratedpenetration
testing too1forfinding vulnerabilities in n‫׳‬eb applications.
1C <
ON

KEY

/ Valuable
information

Lab S cenario
A tta c k e r s a r e c o n t in u o u s ly w a tc h in g f o r w e b s ite s to h a c k a n d d e y e lo p e r s m u s t
b e p r e p a r e d to c o u n t e r - a tta c k m a lic io u s h a c k e r s b y w r i tin g s tr o n g s e c u r e c o d e s .

your
y5Test
knowledge

A c o m m o n f o r m o f a tta c k is s e s s io n h ija c k in g , i.e ., a c c e s s in g a w e b s ite u s in g

=

Web exercise


p a s s w o r d s , a n d o t h e r s e n s itiv e i n f o r m a t i o n t h a t c a n b e m is u s e d b y a h a c k e r .

m Workbook review

S e s s io n h ija c k in g a tta c k s a re p e r f o r m e d e ith e r b y s e s s io n I D g u e s s in g 01‫ ־‬b y

s o m e o n e e ls e ’s s e s s io n I D . A s e s s io n I D m ig h t c o n t a i n c r e d it c a r d d e ta ils ,

s to le n s e s s io n I D c o o k ie s . S e s s io n I D g u e s s in g in v o lv e s g a t h e r in g a s a m p le o f
s e s s io n I D s a n d “ g u e s s in g ‫ ״‬a v a lid s e s s io n I D a s s ig n e d to s o m e o n e else. I t is
a lw a y s r e c o m m e n d e d n o t to r e p la c e A S P .N E T s e s s io n I D s w i t h I D s o f y o u r
o w n , as th is w ill p r e v e n t s e s s io n I D g u e s s in g . S to le n s e s s io n I D c o o k ie s s e s s io n
h ija c k in g a tta c k c a n b e p r e v e n t b y u s in g S S L ; h o w e v e r , u s in g c r o s s - s ite s c r ip tin g
a tta c k s a n d o t h e r m e th o d s , a tta c k e r s c a n s te a l th e s e s s io n I D c o o k ie s . I f a n
a tta c k e r g e ts a h o l d o f a v a lid s e s s io n I D , th e n A S P .N E T c o n n e c t s t o th e
c o r r e s p o n d i n g s e s s io n w ith 110 f u r t h e r a u t h e n ti c a tio n .
T h e r e a r e m a n y to o ls e a sily a v a ila b le n o w t h a t a tta c k e r s u s e to h a c k i n t o
w e b s ite s 01‫ ־‬u s e r d e ta ils . O n e o f t h e to o ls is F ir e s lie e p , w h i c h is a n a d d -011 f o r
F ir e f o x . W h ile y o u a re c o n n e c t e d to a n u n s e c u r e w ir e le s s n e t w o r k , tin s F ir e f o x
a d d -011 c a n s n i f f t h e n e t w o r k tr a f f ic a n d c a p tu r e all y o u r in f o r m a t i o n a n d
p r o v id e it to th e h a c k e r 111 th e s a m e n e t w o r k . T h e a tta c k e r c a n n o w u s e tin s
in f o r m a t i o n a n d lo g in as y o u .
A s a n e t h ic a l h a c k e r , p e n e t r a t i o n te s te r , 01 s e c u r ity a d m in istr a to r, y o u
s h o u ld b e fa m ilia r w ith n e t w o r k a n d w e b a u t h e n ti c a tio n m e c h a n is m s . 111 y o u r
r o le o f w e b s e c u r ity a d m in is t r a to r , y o u n e e d to te s t w e b s e r v e r tr a f f ic f o r w e a k

s e s s i o n IDs, in s e c u r e h a n d lin g , id e n tity th e ft, a n d in form ation lo s s . A lw a y s
e n s u r e t h a t y o u h a v e a n e n c r y p te d c o n n e c t i o n u s in g h t t p s w h ic h w ill m a k e th e
s n if f in g o f n e t w o r k p a c k e ts d if f ic u lt f o r a n a tta c k e r . A lte r n a tiv e ly , Y P N


C E H L a b M a n u a l P a g e 718

E th ic a l H a c k in g a n d C o u n te rm e a s u re s C opyright © by E C -C ouncil
All Rights Reserved. R epro d u ctio n is Stricdy Prohibited.


Module 11 - Session Hijacking

c o n n e c t io n s to o c a n b e u s e d to sta y s a fe a n d a d v is e u s e r s to lo g o f f o n c e th e y
a re d o n e w ith th e ir w o r k . 111 tin s la b y o u w ill le a r n to u s e Z A P p r o x y to
in t e r c e p t p r o x ie s , s c a n n in g , e tc .

Lab O bjectives
T h e o b je c tiv e o f tin s la b is to h e lp s tu d e n ts le a r n s e s s io n h ija c k in g a n d h o w to
ta k e n e c e s s a r y a c tio n s to d e f e n d a g a in s t s e s s io n h ija c k in g .
111 tin s la b , y o u w ill:

Tools
dem onstrated in
this lab are
available in
D:\CEHTools\CEHv8
Module 11
Session Hijacking

■

I n t e r c e p t a n d m o d if y w e b tr a f f ic

■


S im u la te a T r o j a n , w h ic h m o d if ie s a w o r k s ta ti o n 's p r o x y s e r v e r s e ttin g s

Lab E nvironm ent
T o c a rry o u t th e la b , y o u n ee d :

■

P aros Proxy lo c a te d a t D:\CEH-Tools\CEHv 8 M odule 11 S e s s io n
H ija ck in g \S ession H ijacking T ools\Z aproxy

■

Y o u c a n a lso d o w n lo a d th e la te s t v e r s io n o f ZAP f r o m th e lin k
h ttp : / / c o d e . g o o g l e . c o m / p / z a p r o x v / d o w n l o a d s / l i s t

■

I f y o u d e c id e to d o w n lo a d th e l a t e s t v e r s io n , t h e n s c r e e n s h o t s s h o w n
111 th e la b m ig h t d if f e r

Win d o w s

■

A sy ste m w ith r u n n in g

‫י‬

R u n tin s to o l n i W indow s 8 V irtu a l M a c h in e


‫י‬

A w e b b r o w s e r w ith I n te r n e t ac ce ss

‫י‬

A d m in is tra tiv e p riv ile g es to c o n fig u re se ttin g s a n d r u n to o ls

‫י‬

S e rv e r 2 0 1 2 H o s t M a c h in e

E n s u r e th a t J a v a Run T im e E nvironm ent (JRE) 7 (o r a b o v e ) is n istalled . I f
n o t, g o to h t t p : / / i a v a .s u n .c o m / i2 s e to d o w n lo a d a n d in stall it.

Lab D uration
T im e : 2 0 M in u te s

O verview o f Z ed A tta c k Proxy (ZA P)
Z e d A tta c k P ro x y (Z A P ) is d e s ig n e d to b e u s e d b y p e o p le w ith a w id e r a n g e o f
se c u rity e x p e rie n c e a n d as s u c h is id e a l f o r d e v e lo p e rs a n d fu n c tio n a l te ste rs w h o are
n e w to p e n e tr a tio n te s tin g as w e ll as b e in g a u s e fu l a d d itio n to a n e x p e rie n c e d p e n
te s te r ’s to o lb o x . I ts fe a tu re s in c lu d e in te r c e p tin g p ro x y , a u to m a te d s c a n n e r, p a ssiv e
s c a n n e r, a n d sp id e r.

Lab Tasks
1.
m.


T A S K

L o g 111 t o y o u r W in d o w s 8 V ir tu a l M a c h in e .

1

Setting-up ZAP
C E H L a b M a n u a l P a g e 719

E th ic a l H a c k in g a n d C o u n te m ie a s u re s C opyright © by E C -C ouncil
All Rights Reserved. R epro d u ctio n is Stricdy Prohibited.


Module 11 - Session Hijacking

2.

111 W in d o w s 8 V ir tu a l M a c h in e , f o llo w th e w iz a r d - d r iv e n in s ta lla tio n

s te p s to in s ta ll ZAP.
3.

T o la u n c h ZAP a f te r in s ta lla tio n , m o v e y o u r m o u s e c u r s o r to th e lo w e r le f t c o r n e r o f y o u r d e s k to p a n d c lic k S tart.

£ 7

Y o u can also

d o w n lo ad Z A P
h ttp :/ / c o d e.g o o g le .c o m /p

/z a p ro s y /d o w n lo a d s /lis t

F IG U R E 2.1: P aros p ro s y m ain w indow

C lic k ZAP 1.4 .1 111 th e S ta r t m e n u a p p s .

! 2 2 A t its h eart Z A PS in
ail in tercep tin g pro sy . Y o u
n e ed to configure yo u r
b ro w ser to c o n n ec t to d ie
w eb application you w ish
to te st th ro u g h ZA P . I f
required yo u can also
configure Z A P to co n n ect
th ro u g h a n o th e r p ro s y this is o fte n necessary in a
c o rp o rate environm ent.

Admini-PC

m

4S

Mozilla
Firefox

Microsoft
Excel 2010

SkyOiftt


* ‫י‬

Safari

jr

©

S

tlim w
M icrosoft
PowerPoint
2010
‫־ ־׳ ־‬

ZAP 1.4.1

£

‫| ן‬

Microsoft
Publisher
2010

(2

I f y ou k n o w h o w to

set u p p ro sie s in y o u r w eb
b ro w ser th e n go ahead and
give it a go!
I f y ou are un su re th e n have
a lo o k a t the C onfiguring
p ro sie s section.

C E H L a b M a n u a l P a g e 720

F IG U R E 2.2: P aros p ro s y m ain w indow

5.

T h e m a in in te r f a c e o f ZAP a p p e a r s , as s h o w n 111 th e f o llo w in g
s c re e n sh o t.

6.

I t w ill p r o m p t y o u w i t h SSL R oot CA c e r t ific a te . C lic k G e n e r a te to
c o n tin u e .

E th ic a l H a c k in g a n d C o u n te n n e a s u r e s C opyright © by E C -C ouncil
All Rights Reserved. R epro d u ctio n is Stricdy Prohibited.


Module 11 - Session Hijacking

O n c e you have
configured Z A P as yo u r
b row ser's p ro x y th e n try to

c o n n ec t to d ie w eb
application yo u will be
testing. I f y o u can n o t
c o n n ec t to it th e n check
y o u r p ro s y settings again.
Y o u will n eed to check
y o u r b row ser's p roxy
settings, and also Z A P 's
p ro x y settings.

‫ט‬

•

.

.

F IG U R E 2.3: Paros proxy main window

Active scanning

a ttem p ts to find p o ten tial
vulnerabilities by using
kn o w n attacks against the
selected targets.

r

y


‘

O p tio n s w in d o w , s e le c t D y n a m ic SSL c e r t if ic a t e s t h e n c lic k
r
‫י‬
G e n e r a te to g e n e r a te a c e r tif ic a te . T h e n c lic k S a v e .
^

K *

Options

A ctive scanning is an attack
o n th o se targets. Y o u
sh o u ld N O T use it o n w eb
applications th a t y ou do
n o t ow n.

' Options
Active Scan

cem n cate s

Arti c s r f T0K3ns
API

Root CA certificate

Applicators

Authertc330n
Ernie Force
certncate

I t should b e n o te d th at
active scanning can only
find certain types o f
vulnerabilities. Logical
vulnerabilities, su ch as
b ro k e n access c o ntro l, will
n o t be fo u n d b y any active
o r a u to m ated vulnerability
scanning. M anual
p e n etra tio n testing should
always be p e rfo rm ed in
add itio n to active scanning
to find all types o f
vulnerabilities.

Check Fee Updates

Connection
Dataoase

Pi5pa<____
Diay

Ercod et)e ccde
Extensions
Fuzier

Language
Local prarr
Passive Scar
P oll Scan
Session Tokens

Spider

(_2!L 1
F IG U R E 2.4: P aros proxy m ain w indow

8.

S a v e th e c e r tif ic a te 111 th e d e f a u lt lo c a ti o n o f ZAP. I f th e c e r tif ic a te
a lre a d y e x is ts , r e p la c e i t w ith th e n e w o n e .

C E H L a b M a n u a l P a g e 721

E th ic a l H a c k in g a n d C o u n te n n e a s u r e s C opyright © by E C -C ouncil
All Rights Reserved. R epro d u ctio n is Strictly Prohibited.


Module 11 - Session Hijacking

‫וי ד‬

Options
r Options

c enmr.aies


Active 3can
*‫ «־‬CSRF TOKMS 1

R oolC A caitncate

API

Actficaions

u a A 11 alert is a p o ten tial

■q ■Generate j

A^ntrvcaagn,__

vulnerability an d is
associated w ith a specific
request. A req u est can have
m o re th a n o n e alert.

Look m:

IB

Music

[a l Pictures

Downloads


jy u ic s

IB
IB
IB

Saved Games

1 ^ D o a n e its

IB

S e a rs e s

Favorites

JK02 . hv

cly

ODZ3H:0.

tit II a
IB

Contacts

JMz•♦ur

Hlc9X0VN0TFplZC3BdHahV;«cUHJv»HVj-Jn9vdCBI|r

! ! j A d m ri FC

Desktop

IB
IB

MI 10 3 : CCAsaaAwIBAal:

1

, a in n ! a

‫ן‬

1

|Q | owasp_23p_root_ca.ccr 1

Videos
OV/ASP ZAP

Pie Name‫־‬

|owasp_zap_roct_ca cer |

Fles DfTypo

Al Pias______________

. " ‫ ־‬1e w

‫ן‬

.

3d r e

F IG U R E 2.5: P aros proxy m ain w indow

9.

C lic k OK in th e O p tio n s w in d o w .

Q ‫ ־‬J A n ti C SR F to k en s are
(pseudo) ra n d o m
p aram eters u sed to p ro te c t
against C ross Site R equest
Forgery (CSRF) attacks.
H o w ev er th ey also m ake a
p en etra tio n testers job
h ard er, especially if the
to k en s are regenerated
every tim e a fo rm is
requested.

10. Y o u r P a r o s p r o x y s e r v e r is n o w r e a d y to in t e r c e p t r e q u e s ts .

C E H L a b M a n u a l P a g e 722

E th ic a l H a c k in g a n d C o u n te rm e a s u re s C opyright © by E C -C ouncil
All Rights Reserved. R epro d u ctio n is Stricdy Prohibited.


Module 11 - Session Hijacking

U ntitled
£ile Cdit View Maiy5e Report

‫ נ‬U id ,‫ ־‬sji

D 0

Session ‫ ־‬OWASP 7AP

Toaa Help
V

© «‫» ־‬

] s»«§Q __

► 0
| KsquMI

| R«spons«4»

H©3c«r •xt

ActvoScan $

|~

SpidorS^;

Brute Force ^

)

J Brea* . j

▼J Body: !•xt

Port Scan :

_▼)

}

lT‫־‬l I

Fuzzsri,^

]

PararrtSLj

Break Points v-i

[

3utput

0_

0

AJ9:t3

Filter.CFF

m

Z A P detects anti
C SR F to k en s purely by
attrib u te nam es - th e list o f
attrib u te nam es considered
to b e anti C SR F tokens is
configured u sing th e
O p tio n s A n ti C SR F screen.
W h en Z A P d etects these
to k en s it records d ie to k en
value an d w h ich U R L
g en erated th e token.

Aieits ^0 k-0 . 0 a o

current scans

ft 0

F IG U R E 2.7: P aros proxy m ain w indow

11. L a u n c h a n y w e b b r o w s e r , 111 th is la b w e a re u s in g th e C hrom e b r o w s e r .
12. Y o u r V M w o r k s ta ti o n s h o u ld h a v e C h rom e v e r s io n 2 2 .0 o r la te r
in s ta lle d .
13. C h a n g e th e P roxy S e r v e r s e t t in g s 111 C h r o m e , b y c lic k in g th e

C u sto m iz e an d c o n tr o l G o o g le C h rom e b u t t o n , a n d t h e n c lic k
S e t t in g s .
Tab

M

C

‫י‬

Foi quickkcc; placeycurbcclrwfaSe‫־‬eanSietntroti bs‫׳‬

Newtab
New vwodow
Nr*■inccgniro window

Bocfcmiria
EM

Cut

Cop, P»ae

- ‫להגו‬. - Q
S«vt p»9«
Find...
Tods

r «T |

Sign in to Chiwn*..

0 ‫ זי‬0 >‫ •יי‬W«b S:c‫׳‬#

F IG U R E 2.8: IE Internet O ptions window

14. O il th e G o o g le C h r o m e S e td n g s p a g e , c lic k th e S h o w a d v a n c e d

s e t t in g s ... lin k b o t t o m o f th e p a g e , a n d t h e n c lic k d ie C h a n g e p roxy
LUsi Z A P provides an
A pplication P ro g ram m in g
In terface (API) w h ich
allows y o u to in teract w ith
Z A P program m atically.

s e t t in g s ... b u t t o n .

T lie A P I is available in
J S O N , H T M L and X M L

form ats. T h e A P I
d o c u m e n tatio n is available
via th e U R L h t t p : / / z a p /
w h e n you are proxying via
ZAP.

C E H L a b M a n u a l P a g e 723

E tliic a l H a c k in g a n d C o u n te n n e a s u r e s C opyright © by E C -C ouncil
All Rights Reserved. R epro d u ctio n is Stricdy Prohibited.


Module 11 - Session Hijacking

»‫ *»■ ־ ־‬C

Chrome

Li <‫*־‬rorr*//chrome/settings/

Settings
Ocoy't ih c 'H o 1&ngj cuf tcnpvtar't 1, 111‫ !״‬prwy 1«M!‫ ״‬ji to cenntct to tht nctwoi

I Ch»»91p>**ym«1

|

LtnguigK
C*v*«0t ,X*•*CN0(*« ►MTxjk•; Md topt*>5‫־‬Unguises
l»9<‫׳‬u»9« «td ifxa-

«/ Cfltris t»*nti*te a»cr» tKx aren't in 1 Language I read

Dsvmlc*d k-n&ott C'.C1er1’.AdrTw1\Eownlc«[ I *•4 n»^t 10

Change..

«K» fifc M c‫׳‬i dc*‫״‬l
HTTPVSSL
M «^e(0t1A ul6_ Chedtforseva certrfieaterrwecation
Google Ooud Pnnt
Google Cloud Mrs las youseeettth« ee»np«jter 5 printers fromanywhere. Click to enab

B30tg‫־‬w,‫־‬d apes
• i Co'it'-v* v «9 t*v 91-‫״‬c-j‫־׳‬J tfi-. *f‫«־‬n0ocgl«Ch1cr
Hide *‫ג‬.*‫ נ»>י׳‬$*‫׳?**זז‬,

F IG U R E 2.9: P aros proxy m ain w indow

15. 111 In te r n e t P r o p e r tie s w iz a r d , c lic k C o n n e c tio n s a n d c lic k LAN

S e ttin g s .
Internet Properties
General

Security

Privacy

Content | " Connections [ Prpgrame

To set up an In •erne: connection, dek
Setup.

*\dvanced

Setup

Dial-up and Virtual Private Network settings

Settirgc
% Never d a a c c m e o o n
C ) Oial whenever a network connection is not present
4 ‫ '־‬Always dal m y d e fa it ccnnection
C u re ‫*־‬

None

Set default

Local Area Network (LAN) settings
LAS Settjngsdo not apoly to dialup connections.
Choose Settngs aoove for dal ■up settngs.

|

LAN settings

|

F IG U R E 2.10: IE Internet O ptions window w ith Connections tab

16. C h e c k U s e a p roxy s e r v e r for you r LAN, ty p e 1 2 7 .0 .0 1 111 th e A d d r e ss,
e n t e r 8 0 8 0 111 th e Port tie ld , a n d c lic k OK.

Q=a! Click O K several
tim es un til all configuration
dialog boxes are closed.

C E H L a b M a n u a l P a g e 724

E th ic a l H a c k in g a n d C o u n te rm e a s u re s C opyright © by E C -C ouncil
All Rights Reserved. R epro d u ctio n is Stricdy Prohibited.


£ Q I t should be n o te d
th a t th ere is m inim al
security built in to th e A P I,
w h ich is w h y it is disabled
b y default. I f enabled th e n
th e A P I is available to all
m achines th a t are able to
use Z A P as a proxy. By
d efau lt Z A P listens only o n
'localhost' and so can only
be u sed from th e h o st
m achine.

Module 11 - Session Hijacking

Local Area Network (LAN) Settings
A utom atic configuration
A utom atic co nfig uratio n m ay o verrid e manual settings. To ensure the
use o f manual se ttin g s, disable autom atic configuration.
@ A u to m a tica ly d e te c t settin g s

T h e A P I p ro v id es access to
th e core Z A P features such
as th e active scanner and
spider. F u tu re versions o f
Z A P will increase the
functionality available via
th e APi.

□

Use autom atic config uratio n script

Address
P ro xy se rve r
r a L ls e a p ro x y se rve r fo r yo ur LAN (These settin g s will n o t apply to
L J d ia l- u p o r VPN connections).
Address:

1 2 7 .0 .0 .1

P ort:

| 8080|

|

Advanced

Bypass p ro x y se rve r fo r local addresses

Cancel

F IG U R E 211: IE Internet O ptions W indow w ith Proxy Settings W indow

17. C lic k S e t b rea k on all r e q u e s t s a n d S e t b rea k on all r e s p o n s e s to
o

T A S K

2

H ijacking V ictim ’s
S e s s io n

tr a p all th e r e q u e s ts a n d r e s p o n s e s f r o m th e b r o w s e r .
5 --------------------------------------

pybiifci g o /
J

m Z A P allows y ou to try
to b ru te force directories
and files.

Untitled Session - OWASP 7AP

£ 11• EJit Vi*A Aiulyb• Repoil T0Jt* H *p

►e

Sites(*‫ ׳‬j____________________ Request-^
_

Sites

] Response*-

[Header Icxi

*

~
[ Break X ]

jtoay: Text

▼j

PI

A set o f files are pro v id ed
w h ich contain a large
n u m b e r o f file and

d irecto ry nam es.

Active Scan A

Spdet

|

Brute Force v-~

‫^דז‬

j

Furrer W

.

PatamsLJ

Cunent Scans £

0

0

0‫״‬

m

A break p o in t allows
y o u to in te rc e p t a req u est
fro m your b ro w ser and to
change it b efo re is is
su b m itted to th e w eb
application yo u are testing.
Y o u can also change the
resp o n ses received from
th e application T h e req u est
o r resp o n se will be
displayed in th e B reak tab
w h ich allows y o u to change
disabled o r h id d e n fields,
an d will allow you to
bypass client side validation
(o ften en fo rced using
javascript). I t is an essential
p en etra tio n testin g
technique.

C E H L a b M a n u a l P a g e 725

F IG U R E 2.12: P aros proxy m ain w indow

18. N o w n a v ig a te to a c h r o m e b r o w s e r , a n d o p e n w w w .b in g .c o m .
19. S ta r t a s e a r c h f o r “C a r s.”
2 0 . O p e n ZAP, w h i c h s h o w s f ir s t t r a p p e d in c o m in g w e b tr a ffic .
2 1 . O b s e r v e th e f ir s t f e w lin e s o f t h e t r a p p e d tr a f f ic 111 th e trap w in d o w s ,
a n d k e e p c lic k in g S u b m it an d s t e p to n e x t r e q u e s t or r e s p o n s e u n til
y o u s e e c a rs 111 th e GET r e q u e s t 111 th e B reak ta b , as s h o w n 111 th e

f o llo w in g s c r e e n s h o t.

E th ic a l H a c k in g a n d C o u n te rm e a s u re s C opyright © by E C -C ouncil
All Rights Reserved. R epro d u ctio n is Strictly Prohibited.


Module 11 - Session Hijacking

UntiMrd Session ‫ ־‬OWASP 7AP
£de Euu VtaA Analyse Report Tools H«p
t o k i ‫ ו־ו‬u i

v

‫ כי‬Q

| S ite s* ‫ן‬
F®Giles
(3 ‫ א‬r«p/‫*־‬w » n g co r1 ‫׳‬

m Filters add extra
features th a t can be applied
to every request and
response. By default n o
filters are initially enabled.
E nabling all o f the filters
m ay slow d o w n d ie proxy.
F u tu re versions o f d ie Z A P
U ser G uide will do cu m en t
the d efault filters in detail.

C P 4 -‫ ׳‬£> |> ©

\Break >41

Request-v | Response‫־*־‬
Mer.03

Heoaer: re*1

* j uoav: ‫ ו‬ext

▼J

h c t p :/ /w M .b ln g .c c m /a » a r c ft? q = fa g a k q o = * q * - n fc fo m ^ 0 B IJ U r 1 1 t- a a 1 fc p q ^ * r « t .» ? J 0 -0
43p‫ ־‬- : s a k - H T T P /1 .1
H ose : w v w .M n g .c o x
P r o x y - C o n n e c tio n : k e e p - a liv e
U3er A ;e r.‫ ־‬: M o z illa /S .G IW indows NT 6 . 2 ; KOW64) Acp leW ecK 1 t/‫ ׳‬S 3 7.4 (KHTHL,
l i r e secJc:. c n r o n e /2 2 .0 .1 2 2 9 .9 4 s a r a n / 5 3 7 . 4
A c c e p t: t e x t / h e r ! , a p p l i c a tio n /x h tm l■ *• xm l f a p p l i c a c i o n / x m l; q - 0 . 9 , * / * ; q - 0 . 8
R e re re r: h t tp : //v w v .b n g . con/

Accept-Encoding: 3tier.

.

1

Irrrr.T-:j-.rsr.-.nev - r n - " ^ r n - n - H fl___________ ______________________________________________ I

Spider^
Searcn

*1»m »c 11‫ י‬0

Al&its f t

1‫׳‬

Current Scans £ 0 # 1

u- 0

0

FIG U R E 2.6: Paros Proxy w ith Trap option content

2 2 . N o w c h a n g e th e q u e r y te x t f r o m C ars to C a k e s in th e G E T r e q u e s t.
llntiWea Session - OWASP 7AP
£4e Eait VIe* Analyte Report Toole Help

J

Sites I * |_

R e quest-v | R e s p o n s e ^ [ Brea►

, f t PSies

I

Met!00* j ^Header. Ted )■] |Body Tot

Q ^ nup/'AiMvangcorn
GET
h c t p : / / w » . t i n g . com / s e a rc h ?q=fcaice3^g o = tq 3 = n * rorm =Q B I.H tf 1 l c - a l l * p q ^Calcesfrs c - 0
- :4 3 p — l& a k - HTTP !, 1 . 1
H ose: v w . D i n g , c o x
P r o x y - C o o n e c tio n : lr e e p - a liv e
U a e r-A s e n z : M o z illa /S .O !W indows NT 6 . 2 ; KCW64) A c p le W e C K 1 5 3 7 .4 ‫ ־‬/ ‫( ׳‬KHTHL,
l i t ‫ ־‬Geclcoj C H za n e /2 2 .0 .1 2 2 9 .9 4 S a E a n /5 3 7 .4
A c c c p t: t e x t / h t m l , a p p l i c a t io n / x h t m l ‫־!־‬x m l, a p p l ic a c io n / x m l; q - 0 .9 , * / * ; q—C . 6
R e f e r e r : £ t t p : / / v w v . b r.g .c o n /
A c c e p t-E n c o d in g : sdcfc
I r r . - r . T ‫ ־‬rn-T.^ r n ‫־‬n - a P.
.

Ly=i Fuzzing is configured
using th e O p tio n s Fuzzing
screen. A dditional fuzzing
files can be added via this
screen o r can b e p u t
m anually in to the "fiizzers"
directory w here Z A P was
installed - they will th en
becom e available after
restarting ZA P.

.

1

*JfcllS f t

Searcn - v

504 cataway u r n o .
504 Gateway Time...

Aieits ‫ מ‬C 1 1■‫ י‬0

1

388mc
389m s,

‫׳ ז‬

2 3 . C lic k S u b m it and s t e p to n e x t r e q u e s t or r e s p o n s e .
2 4 . S e a r c h f o r a title in th e R e s p o n s e p a n e a n d re p la c e C a k e s w ith C ars as
s h o w n 111 f o llo w in g fig u re .

Lyj! T h e request o r
response will be displayed
in th e B reak tab w hich
allows yo u to change
disabled o r h id d en fields,
an d will allow you to
bypass client side validation

(often enforced using
javascript). I t is an essential
p en etratio n testing
technique.

C E H L a b M a n u a l P a g e 726

E th ic a l H a c k in g a n d C o u n te n n e a s u r e s C opyright © by E C -C ouncil
All Rights Reserved. R epro d u ctio n is Stricdy Prohibited.


Module 11 - Session Hijacking

Untitled Session ‫ ־‬OWASP 7AP
£ile EOil Vie* Analyte Report Tools H *p

la

I . ‫ ־‬u b .‫־‬I

‫ פ‬0
Request■* | Response^- [ Break

I 3«m 1» I

‫ ׳‬f t F®Giles

lte a : c ‫ ־‬lei•

•

U3c- lei!

*j

1 1[ I

(3 ‫ א‬r*tp/‫*־‬wo1hgcor1‫׳‬
H T T P /1.1 200 OK
C ic h e - C o n c r o l : p r i v a t e , n a x - a g e - 0
C c a t e a ‫ ־ ־‬T y p e : t e x c / h s n l ; c h a r a e t - u t f 8‫־‬
E x p ir e a : Moa, I S O c t 2 0 1 2 1 2 : 3 0 : 1 9 GMT
P2P: CF--NOS UST COM WAV 3TA LOC CURa DFVa PSAa P3Da OUR TND"
s 3_ c e

d , ‫׳‬r c c u s e do v a ‫ ״‬, r u n 0t 10n ( a ! {s

t 1st> 1 e .;e v e a t .s r c E l e x e a t : a . t a r g e t ) > ,0 ! .

__

) < ) ‫*״‬
//) j x / s c r 1 p t x c 1 c l e |c a k e a | - B1 a g < / t 1 t l e X l m k r . r e f = " / s / v l f l a g . i c c • ze~Bl e a a " / x l l a k r.r e r —
*/3caxch?(j-Calre3601nc;oc-6turp;q3-nfiar»p; forrc-OBL!Uan,p; f i l e —a llfia n r^ ij-C a k e s fia n
p ;3 c = 0 - 0 4 3 E x ? 3 p = - l« a x p ; 3 J c = i a a p ;f o r m a c = r 3 3 " r e l = " a l t e r n a c e " t1 tle = " X M L • r y p e =
B1‫*־׳‬e Force

[

1

3

GET
GET

Furzer

Params

504 Gateway Tine .
504 Gateway‫ ׳‬Tim©...

389ms
389ms

Alerts f t _______

-

Current Scans £ 0 ^

0 ‫י‬

Oufcut

j_____

Break Points &

http SfflMN.Cing corV

co‫״‬v

Ale Its F*0 1* 1

j

Port Scan ‫־‬

Search

0 ^ 0

0 * 0

Untitled Session OWASP 7AP
£110 Edit View Aruly*e Repoil Tools Help

c. ‫ ת‬a

Li

. 0

,

JH W ]

R«qb»»tw~] R*spons*~ [

▼l £ l1‫ ׳־‬Sifts

|H m »l.T«11

Qj ‫ ־מ‬http

»|

X 1

B0O ).T«l » |

□

IJ

bir»g corn
H T T P /1.1 200 OK
C a c h e - C o n s r e l: p r i v a t e , n a x - a a e - 0
c c n t« a t-T y p « : c * x c /n c n l; c n a r * tt* u t1 -8
E x p ir e s : Mon, 1 5 G et 2 0 1 2 1 2 : 3 0 : 1 9 GMT
P2P: C?‫ ״ ־‬SOS UNI COK WAV STA LOC CURa DEVa PSAa PSDa OUR IHD"
‫־‬- .
-■
■
. W . i . I L ■i i . m w f c . ' i i . . a rm * ; ,■u a L u n 1. i l ‫׳‬. ■i wi u i n 1 ,‫׳‬. «.‫ ׳‬u u i n u u ‫׳‬
s j _ b e _ d , "w zusedow n ", f u n c t i o n ( n I < 3 i _ c t ( 3 b _ i e ? e v e n t • s r c E le r te n t : n . t a r g e t ) > ,0 ) )

) ();
/ / } j x ' 3 c r 1 . p r x r - 1 - e ' |c a r s | - S i a g < / t 1 t l e x 1 1 a i c h r e r = " / 3 / v l l l a g . 1 co" r e I s
‫ ־‬ic a n V x lin k h r e f•/3 sa r c h ? 3 = C a J r e3 £ a r x ;g c = £ a 1 n p ;q 3 = a £ a n p ‫ •׳‬f orrt=Q3LH£artp; f 1 1 t = a ll£ a n p ; c q = £ a k e 3 £ a r :

p ; s r = o - 0 £ a r 2 : ; s p — lia a 5 > ;3 J c = ia a p ;r o r m a c = r 3 s‫ ״‬r e l = " a l t e r a a ‫־‬:e" t1 tle= " X M L • r v p e =
Active Scan A

[

Spds f ^ |

Brute Forced

[

http ii'fttvw ting conV

]

FuzzerW

‫ן‬

504 Gateway Time
504 catowa\‫ ׳‬T ine...

ntp/‫׳‬AVkV,.crqco‫״‬v

Ale Its F* 0 . 0

Port S can:

ParamsO

O-tcu:

|_________ Search ^ _________ J_____________Breakpoints ^ ____________ 1________ Alerts f t _______

Historj“

1 * 1

389ms
389ms

-

0 *0

Current Scans fc 0 0^ ■ ‫־‬

F IG U R E 2.7: P aros Proxy search string c o n te n t

2 5 . 111 th e s a m e R e s p o n s e p a n e , r e p la c e C a k e s w ith C ars a s s h o w n i n th e
f o llo w in g f ig u re a t th e v a lu e s h o w n .
Tliis functionality is
b ased o n code fro m th e
O W A S P JB ro F u zz p ro ject
and includes files fro m th e
fu zzd b project. N o te th a t
so m e fuzzdb files have
b een left o u t as th ey cause
c o m m o n anti virus
scanners to flag th em as

containing viruses. Y o u can
replace th e m (and upgrade
fuzzdb) by dow nloading
th e latest v ersion o f fuzzdb
and expanding it in th e
,fuzzers' library.

■

U n title d Session * OWASP ZAP

m

- I - U

la» i d

J

l‫־‬l &

G O

Sites 1* |
' f t PS lles

Q r: mip/'A^.angcorn

4

H

■

!

^

0

Retjues♦“ * ] Response>r‫ ! ■־‬Break

n e a :e ‫ ־‬lec ‫״‬

Bogy: Text *

H lT t/l.l ZOU Oil
C a c r .e - C o a r r c l: p r i v a t e , n a x - a g s = o
C c n te n t - T y p e : t e x c / h t m l ; c h a r s e t —u t f - 8
E x p ir e a : Mon, I S C ct 2 0 1 2 1 2 : 3 0 : 1 9 GMT
P 3P : C r=‫ ־‬SON OKI COK BRV STA. LOC CURa DEVa PSAa PSDa CtJR IND"

‫ ־ ■!! ״‬s‫! _^׳‬j _‫׳‬
3 v _ fc ta " = 12 ‫׳‬, < 3 e t a > ‫׳׳‬d i v x d i v c l a s 3 = ‫ ״‬aw_fcd ‫ ״‬x d 1 v c la s 3 = ', 3 v _ b n 1a= "3w _C "> o.np uc
c la 9 3 = " 3 w qfcox" I3 = " 9b rorm q* name="qn t l t l e = " E n t e r y o u r s e a r c h c e r a • t y p e
t e x t * •m * ‫'— ״יי ו‬
- o n fo c n a
a o c m e a t . g e t E l e n e a t s y l d ■ ‫ ' ן‬3w b ‫ ן י‬. 3 t y i e . t o r d e r c o l o r = ‫ ׳‬# 3 3 6 6 ‫ = ״ ; י ם ש‬c n r iu r
d o c u n c n t .g e t E le n e n t B y l d I ’ 3w _bt I . s t y l e •b o r d e r C o lo r - ' 4 9 9 9 ' ; " / X d i v • ‫ ס‬l a - 3—
‫ ״‬3 v _ d v a r ‫ ״‬x / d 1 v x 1 a p u t 1 d = " sb _ fo rr t_ g o " c la 3 3 = " 3 w _ q b tn " t i t l e = ■ S e a r c h "

Br jte Force j* •

\

Pott Scan ‫| _____־‬

Furrer *

|

P a ta m s n

Searcn

|

Output

Alfeits f t

504 Gateway T ine .
504 Gat»w3y l i n o .

389ms "■
389m sr

Current Scans v 0 :4 t 0 1/> 0

C E H L a b M a n u a l P a g e 727

2 J

File Eon vie a Analyse Repot Tools H«p

0%>0

E th ic a l H a c k in g a n d C o u n te rm e a s u re s C opyright © by E C -C ouncil
All Rights Reserved. R epro d u ctio n is Stricdy Prohibited.


Module 11 - Session Hijacking

UntiMrd Session ‫ ־‬OWASP 7AP
| £«e Edit v i** Analyfc• Ropoil Tools H#p

►t i r l w

0 ‫ס‬

J S«Ufr 1_

R equest | Response^
! leaser leu ‫״‬

i

HTTP/1 .1 200 OK
C *c h *‫ ־‬C o n c ro l: p r iv a c a , r*a x -a g a -0
C cnccn ‫ ״ ־‬T y p e : c e x c / h s n l; c h a r a e t - u t f 8‫־‬
E x p ir e a : Xor., IS O c t 2012 1 2 : 3 0 :1 9 GMT

P2P: CF--NOS UST COM WAV STR LOC CURa DEVa PSAa P3Da OUR IN D "

Tliis to o l keeps track
o f th e existing H ttp
Sessions o n a particular Site
and allows the Z ap ro x y
u ser to force all requests to
be o n a particular session.
Basically, it allows d ie u ser
to easily sw itch betw een
u ser sessions o n a Site and
to create a n ew Session
w ith o u t "destroying" th e
existing ones.

Break v‫׳‬

Uo«y: red

.5wct a*>B*c»- la 3 3 -" 3 v _ q fc o x " id - " 3 b _ E o n n _ q " nam e-"q" t i t l e —" E n ter y o u r s e a r c h t e r n 1 t y p e :

=te x t■ valu e = '

3

3n f ocua,

t o c u n e n t .g e !'‫— ־‬E l e n e n c 3 y I d | , aw b 1) .9 t y le .b o r d e r C o lo r = '# 3 3 6 6 f c b , ; w o n b lu r
d o c u n e n t .g e t E le n e n t B y l d I , a i ^ b 1 1 .s t y l e • b o r d e r C o l o r ' ‫ י ־־‬# 9 9 9 ‫ " ; י‬/ X d i▼ c l a s s —

‫ י‬3v_dv:1r " > < /cL .v> < in pu t r d = " s b _ f orrt_go" c la s s = " s w _ q b t n " t ! t l e = " S e a r c h "

Sp d-f £

1
3

GET
GET

B1‫*־׳‬e Force y

[

T

Port Scan '

Search

]

Furzer j j f

Params G j

rrltp SfflMN.Cing corV
n t p t f A w a ‫ ^־׳‬co‫״‬v

Oufcut

j _________ Alerts f C____

Break Points &

504 Gateway Time .
504 Gateway Time.

389ms
389ms

Current Scans £ 0 ^ 0

^0

_ 0 y o

F IG U R E Z 8 : Paros w ith modified trap option content

N o te: H e r e w e a re c h a n g in g th e te x t C a k e s to C a rs ; th e b in g s e a r c h s h o w s
C a rs , w h e r e a s th e r e s u lts d is p la y e d a r e f o r C a k e s .
2 6 . O b s e r v e th e B ing s e a r c h w e b p a g e d is p la y e d 111 th e b r o w s e r w ith
s e a r c h q u e r y a s “ C a k e s .”

H

‫ב ד‬
X

2) www.bing.corn/search?q=cars&go=&qs‫־־‬n&form=QBLH&filt=all&pq=cars&sc=0

WEB

LydJ I t is b ased o n d ie
c o n ce p t o f Session T o k en s,
w h ich are H T T P m essage
p aram eters (for n o w only
Cookies) w h ich allow an
H T T P server to c o n n ec t a
re q u e st m essage w ith any
p rev io u s requests o r data
stored. I n th e case o f
Z aproxy, conceptually,
session to k en s have b een
classified in to 2 categories:
default session tokens and
site session tokens. T h e
d efau lt session to k en s are
th e ones th a t th e u ser can
set in die O p tio n s Screen
and are to k en s th a t are, by
default, autom atically
co n sid ered session tokens
fo r any site (eg. phpsessid,
jsessionid, etc). T h e site
session tokens are a set o f
to k en s fo r a particular site
an d are usually set u p using
th e p o p u p m en u s available
in th e P aram s Tab.

IMAGES

VDEOS

HEWS

MORE

t>1nq

Beta

357.0000‫ נ‬RESULTS
Inaaes cflcakesl
tnrq com/maces

Cake

W ik ip o d ia

thofroooncvdopedia

en w k p*d a o ‫־‬g W kt/Cake
V aieties Special-purpose cakes Shapes Cake flout Cake decorating
Cake ts a forrr cf bread or bread-like food In its modern forms, it is typically a sweet
ba«od dessert In As oldest forms, cakoc •voro normally fnod broadc or

FIGURE 2.6: Search results w indow

after

modifying d ie

c o n te n t

2 7 . T h a t 's it. Y o u ju s t f o r c e d a n u n s u s p e c ti n g w e b b r o w s e r to g o to a n y
p a g e o f }7o u r c h o o s in g .

Lab A nalysis
A n a ly z e a n d d o c u m e n t d ie re s u lts r e la te d to d ie la b ex e rcise . G iv e y o u r o p in io n o n
y o u r ta rg e t’s s e c u n ty p o s tu r e a n d e x p o s u re .
T o o l/U tility

I n f o r m a tio n C o lle c te d /O b je c tiv e s A c h ie v e d
■

S S L c e r tif ic a te to h a c k i n t o a w e b s ite

■

R e d ir e c tin g th e r e q u e s t m a d e in B in g

Z e d A t t a c k P ro x y

C E H L a b M a n u a l P a g e 728

E th ic a l H a c k in g a n d C o u n te rm e a s u re s C opyright © by E C -C ouncil
All Rights Reserved. R epro d u ctio n is Stricdy Prohibited.

P L E A SE TALK TO YOUR I N S T R U C T O R IF YOU HAVE Q U E S T I O N S
R E L A T E D T O T H I S LAB.

Q uestions
1.

E v a lu a te e a c h o f th e fo llo w in g P a r o s p r o x y o p tio n s :
a.

T ra p R eq u est

b.

T ra p R esp o n se

c.

C o n tin u e B u tto n

d.

D r o p B u tto n

In te rn e t C o n n e c tio n R e q u ire d

0

Y es

□ No

P la tfo rm S u p p o rte d
0

C E H L a b M a n u a l P a g e 729

C la s s ro o m

□ !L a b s

E th ic a l H a c k in g a n d C o u n te m ie a s u re s C opyright © by E C -C ouncil
All Rights Reserved. R epro d u ctio n is Stricdy Prohibited.