dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
WebGoat/main/project/WebContent/lesson_solutions/InsecureLogin.html
wirth.marcel d7b43ba72c InsecureLogin solution edited 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@334 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-04-14 08:33:30 +00:00

61 lines
2.5 KiB
HTML
Raw Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insecure Login</title>
<link rel="stylesheet" type="text/css" href="/WebGoat/lesson_solutions/formate.css">
</head>
<body>
<p><b>Lesson Plan Title:</b>Insecure Login</p>
<p><b>Concept / Topic To Teach:</b><br/>
Sensitive data should never sent in plaintext!
Often applications switch to a secure connection after the authorization.
An attacker could just sniff the login and use the gathered information
to break into an account. A good webapplication always takes care of
encrypting sensitive data.
</p>
<p><b>General Goal(s):</b><br/>
See how easy it is to sniff a password in plaintext. <br>
Understand the advantages of encrypting the login data!
</p>
<b>Solution:</b><br/>
<p>This lesson has two stages. In the first stage you try to sniff a password
which is sent in plaintext. In the second stage you try the same
but on a secure connection.</p>
<p>You need a client server setup for this lesson. Please refer
to the Tomcat Setup in the Introduction section.</p>
<b>Stage 1</b>
<p>Start a sniffer. If you do not have one we recommend wireshark, which
is free: <a href="http://www.wireshark.org/"> Wireshark</a>. Make sure
you are capturing on the right interface. Click on
the submit button ans stop the capturing. Now analyze the captured data.</p>
<div align="center">
<img src="lesson_solutions/InsecureLogin_files/wireshark1.png"><br>
<font size="2"> <b>Figure 1: Sniffed Traffic</b></font>
</div>
<p>As you can see we are interested in the HTTP Post request as
the password is transmitted there. The field for the password has
the name clear_pass and has as value sniffy. Of course
this is also the correct answer and you are done with stage 1.</p>
<b>Stage 2</b>
<p>
Now you have to switch to a secure connection. You archive this
by changing the URL from http://... to https://... Sniff again the traffic
as you have done in stage 1. As you will see there is not sent the password
in plaintext. The server communicates with the application over a secure layer
the so called Transport Layer Security (TLS) also called Secure Socket Layer (SSL).
TLS is a hybrid encrypting protocol. A master secret is built to communicate.
This master secret is built by using SHA-1 and MD5. All traffic between
the Server and the Cleint is encrypted.</p>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink