Top Banner

of 18

ATTACKING SCENARIO

Apr 08, 2018

Download

Documents

Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
  • 8/7/2019 ATTACKING SCENARIO

    1/18

    ATTACKING SCENARIO

  • 8/7/2019 ATTACKING SCENARIO

    2/18

  • 8/7/2019 ATTACKING SCENARIO

    3/18

    Hidden Price Field

    In this ex. the server stores the price of thetransaction in the form sent back to the client--itis trusting the client

    This price is stored in a hidden form field

    So you cant see a price field in confir Page But the client/user can view the html source code

    for confir form by selecting view|source in thebrowsers menu bar

    only visually hidden from the user but areeffectively sent in the clear from the securitypoint of view.

    Malicious clients can easily access & modify them.

  • 8/7/2019 ATTACKING SCENARIO

    4/18

    Order page

  • 8/7/2019 ATTACKING SCENARIO

    5/18

  • 8/7/2019 ATTACKING SCENARIO

    6/18

    ServerSide php script for confir page

  • 8/7/2019 ATTACKING SCENARIO

    7/18

    Confirmation Page

  • 8/7/2019 ATTACKING SCENARIO

    8/18

    View|Source

  • 8/7/2019 ATTACKING SCENARIO

    9/18

    TheHTML code that user can view

  • 8/7/2019 ATTACKING SCENARIO

    10/18

  • 8/7/2019 ATTACKING SCENARIO

    11/18

    Changing the value of hidden field

    The attacker can change the value in the hiddenform field from 10 to whatever value he wants.

    Then he simply saves the modified HTML to the

    disk, Reopens it with a browser,

    And finally submits the form with the modifiedprice to the server.

    When he clicks yes in the reopened html pagethe http requesttats constructed based on themanipulated form is for $1 instead of $10.

  • 8/7/2019 ATTACKING SCENARIO

    12/18

  • 8/7/2019 ATTACKING SCENARIO

    13/18

    Deduction of Modified Bill AmtAfter the gateway authorizes the card the modified billamt is deducted from the clients account.

  • 8/7/2019 ATTACKING SCENARIO

    14/18

    curl And Wget Instead of using browser and txt editor

    the atkr can use cmd line tools like.

    Curl & Wget

    These are open source cmd line tools that can beused to generate HTTP requests and other typesof requests in an automated fashion.

    Consider this http request

    GET/submit_order?price=1&pay=yes HTTP/1.0

    This is the request sent by the modified html page

  • 8/7/2019 ATTACKING SCENARIO

    15/18

    curl & Wget command

    This http request can be automatically generatedby issuing the foll curl command

    If the form uses GET method

    Curl https://www.deliver-me-

    pizza.com/submit_order?price=1&pay=yes

    If the form uses POST method

    Curl dprice=0.01 dpay=yes https://www.deliver-

    me-pizza.com/submit_order Wget command for POST parameters

    Wget post-data price=1&pay=yeshttps://www.deliver-me-pizza.com/submit_order

  • 8/7/2019 ATTACKING SCENARIO

    16/18

    Conclusion.. The attacker does not have to traverse through the

    order or confir web pages to issue the HTTP requeststo purchase the pizzas.

    The server trusts and sends the transaction state

    back to the client, By this it gives the client the ability to tamper withthe state

    Solutions:(two among many)

    1. involves keeping an authoritative copy of thesession state in a DB.

    2.sending the authoritative state back to the client

    with a signature

  • 8/7/2019 ATTACKING SCENARIO

    17/18

  • 8/7/2019 ATTACKING SCENARIO

    18/18

    THANK YOU