Malware and Vulnerability Analysis Lecture4-1 Vulnerability Analysis #4-1
Agenda 웹취약점점검
웹사이트취약점점검 HTTP and Web Vulnerability
HTTP Protocol 웹브라우저와웹서버사이에하이퍼텍스트 (Hyper Text) 문서송수신하는데사용하는프로토콜 Default Port : 80
HTTP Server/Client 모델
HTTP HTTP Request HTTP Method 종류, Protocol 버전, 기본페이지 User-Agent : 웹브라우저의종류와버전정보 Host : 요청한 URL 에나타난호스트명을상세하게나타낼때사용 Cookie : 서버가쿠키로설정한값을쿠키를다시서버로전달
HTTP HTTP Request
HTTP HTTP Request Method GET POST HEAD
HTTP HTTP Request Method GET 주소입력란에직접데이터를입력하여데이터를서버로전송 http://google.co.kr/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1 주요입력창에입력할수있는데이터길이제한으로인해전송할수있는데이터길이에제한이있음
HTTP HTTP Request Method POST GET 과다르데데이터를 HTTP Body 부분에데이터전송 전송하는데이터의길이제한이없음
HTTP HTTP Request Method HEAD 서버에서 HTTP Request 에대응하는 Header 만을 Response 로전송
HTTP HTTP Request Method OPTIONS 서버에서지원하는 Method 종류 Return
HTTP HTTP Request Method OPTIONS
Netcat nc TCP 나 UDP 프로토콜기반으로네트워크연결에서데이터를읽고쓰는간단한유틸리티프로그램
curl curl 명령기반의 HTTP Request 도구로다양한옵션을통해 HTTP Request 를수정하여전송가능
curl curl HTTP Request 의 Header 와 Body 부분을직접수정하여전송가능 Python 과 PHP Library 를사용하여 HTTP Request 를만들고전송할수있음
curl curl curl -i -s -k -X 'GET' -H 'User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2;.NET CLR 2.0.50727;.NET CLR 3.5.30729;.NET CLR 3.0.30729; Media Center PC 6.0;.NET4.0C)' -b 'family_site_info_popup=done [URL]
HTTP 응답코드 1xx : 전보전송, 2xx : HTTP 요청이정상적으로처리되었음을의미 3xx : HTTP 요청을처리하기위해추가적인동작필요 (Rediretion) 4xx : HTTP 요청에의해클라이언트에러발생 5xx : HTTP 요청에의해서버오류발생
HTTP 응답코드 Code Description 200 OK The request is OK 301 Moved Permanently The requested page has moved to a new url 400 Bad Request The server did not understand the request 401 Unauthorized The requested page need a username and a password 403 Forbidden Access is forbidden to the requested page 404 Not Found The server can not find the requested page
HTTP 응답코드 Code Description 405 Method not allowed The method specified in the request is not allowed 500 Internal Server Error The request was not completed. The server met an unexpected condition 504 Gateway Timeout The gateway has timed out
Proxy 정의 In computer networks, a proxy server is a server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server and the proxy server evaluates the request as a way to simplify and control its complexity.(from Wikipedia)
Proxy 개요
Proxy Proxy 서버설정 Proxy 서버설정을통해외부에서바라보는현재 Host 의 IP 를바꿀수있음
Proxy Proxy 서버설정 외부에서제공하는 Proxy Server 리스트
Web Proxy Web Proxy 종류 Paros OWASP Zed Application Proxy Burpsuite Fiddler
Web Proxy Web Proxy : Paros
Web Proxy Web Proxy : ZAP
Web Proxy Web Proxy : Burpsuite
Web Proxy Web Proxy : Fiddler
Web Proxy Web Proxy : Burpsuite Default Port : 8080 Proxy 탭의 Intercept is on 을사용하여 Request/Response 를각각서버또는웹브라우저로전송하기전에확인 / 수정할수있음
Web Proxy Web Proxy : Burpsuite
Web Proxy Web Proxy : Burpsuite HTTP Request 와 Response 내용확인및재전송
Web Proxy Web Proxy : Burpsuite HTTP Request 와 Response 내용확인및재전송
Web Proxy Web Proxy : Burpsuite HTTP Request 를 curl 명령으로변경 curl -i -s -k -X 'GET' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0' -b 'NNB=CY5C4OMPR5SVI; npic=xzmvwl8qu+athhlpiaqg8fvzvmewtk2lwrnl62qplzzq4nxe0/e2sdibsu HgcKvdCA==; wrdbook_notice_popup_endic=close; _naver_usersession_=6ghdcqvwjuglksn2ecwl+w==' 'http://www.naver.com/'
Web Proxy Web Proxy : Burpsuite Decoder 메뉴에서 En/Decoding 가능 URL HTML Base64 ASCII HEX
Encoding Encoding 종류 Base64 인코딩 ASCII URL 인코딩 HTML 인코딩
Encoding Base64 8bit 이진데이터를 ASCII 문자열 ([0-9A-Za-z=/+] 로변경하는 Encoding 방식
Encoding ASCII Encoding 1Byte 중, 7bit 를이용하여 128 개의문자표현 http://www.asciitable.com
Encoding URL Encoding URL 은 ASCII 집합에서출력가능한문자들 (0x20 ~ 0x7e) 만포함 URL 메타문자를인코딩할때사용 % + 기존문자열의 Hex 값문자 URL 인코딩 공백 %20 or + % %25? %3f & %26 = %3d ; %3b + %2b # %23 개행 (LF) %0a NULL %00
Encoding URL Encoding URL 은 ASCII 집합에서출력가능한문자들 (0x20 ~ 0x7e) 만포함 URL 메타문자를인코딩할때사용 % + 기존문자열의 Hex 값
Encoding HTML Encoding 문자 HTML Entity 10진법 16진법 " " " ' ' ' & & & & < < < < > > > > 공백 A A A a a a
JavaScript JavaScript 클라이언트에서동작하는 Script 언어 중요한입력값검증등에사용되는경우가흔함 프록시도구를통해우회가능
JavaScript JavaScript
Q&A