dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Insecure Login lesson plan and solution

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@328 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
wirth.marcel 2008-04-13 22:17:49 +00:00
parent 5bcf14ba75
commit c99dd85aab
2 changed files with 75 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
main/project/WebContent/lesson_plans/InsecureLogin.html Normal file
View File

@ -0,0 +1,14 @@
<div align="Center">
<p><b>Lesson Plan Title:</b> Insecure Login</p>
</div>
<p><b>Concept / Topic To Teach:</b> </p>
<!-- Start Instructions -->
Sensitive data should never sent in plaintext! Often applications
switch to a secure connection after the authorization. An attacker
could just sniff the login and use the gathered information to
break into an account. A good webapplication always takes care of
encrypting sensitive data.
<p><b>General Goal(s):</b> </p>
See how easy it is to sniff a password in plaintext.<br>
Understand the advantages of encrypting the login data!
<!-- Stop Instructions -->

61
main/project/WebContent/lesson_solutions/InsecureLogin.html Normal file
View File

@ -0,0 +1,61 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insecure Login</title>
<link rel="stylesheet" type="text/css" href="/WebGoat/lesson_solutions/formate.css">
</head>
<body>
<p><b>Lesson Plan Title:</b>Insecure Login</p>
<p><b>Concept / Topic To Teach:</b><br/>
Sensitive data should never sent in plaintext!
Often applications switch to a secure connection after the authorization.
An attacker could just sniff the login and use the gathered information
to break into an account. A good webapplication always takes care of
encrypting sensitive data.
</p>
<p><b>General Goal(s):</b><br/>
See how easy it is to sniff a password in plaintext. <br>
Understand the advantages of encrypting the login data!
</p>
<b>Solution:</b><br/>
<p>This lesson has two stages. In the first stage you try to sniff a password
which is sent in plaintext. In the second stage you try the same
but on a secure connection.</p>
<p>You need a client server setup for this lesson. Please refer
to the Tomcat Setup in the Introduction section.</p>
<b>Stage 1</b>
<p>Start a sniffer. If you do not have one we recommend wireshark, which
is free: <a href="http://www.wireshark.org/"> Wireshark</a>. Make sure
you are capturing on the right interface. Click on
the submit button ans stop the capturing. Now analyze the captured data.</p>
<div align="center">
<img src="stub">
<font size="2"> <b>Figure 1: Sniffed Traffic</b></font>
</div>
<p>As you can see we are interested in the HTTP Post request (marked blue) as
the password is transmitted there. The field for the password has
the name clear_pass and has as value sniffy. Of course
this is also the correct answer and you are done with stage 1.</p>
<b>Stage 2</b>
<p>
Now you have to switch to a secure connection. You archive this
by changing the URL from http://... to https://... Sniff again the traffic
as you have done in stage 1. As you will see there is not sent the password
in plaintext. The server communicates with the application over a secure layer
the so called Transport Layer Security (TLS) also called Secure Socket Layer (SSL).
TLS is a hybrid encrypting protocol. A master secret is built to communicate.
This master secret is built by using SHA-1 and MD5. All traffic between
the Server and the Cleint is encrypted.</p>
</body>
</html>