Web application offers an interface between user and web server to set off a web page that is brought forth by the waiter according to user request web Application Example Google YouTube Facebook Twitter.
How Web Application Works
The User sends his/her Request with the browser over the internet to web server and web server manage all user requests and forward to data server and database server respond back to the Web server after that the web server respond back to the user with his/her request the user can successfully interact with the entanglement page.
Web Communication Protocol
Protocol is the set of rules that handle the communication between client and server. A Number of protocols involved in web communication
|Protocols / Ports||
|TCP/80||HTTP-Hypertext Transfer Protocol use for communication with web browser via Firefox, Chrome IE and many more. For retrieve and view web page.|
|TCP, UDP/53||DNS – Domain Name System used for converting hostname in IP address when user type, browser address bar like google.com so DNS convert to this in the IP address|
|HTTPS/443||HTTPS-Hypertext Transfer Protocol Secure used for secure web browsing used by a web server to transfer encrypted web content|
|SSH/22||Secure shell protocol provided secure connection when the user login to remote connect|
|IMAP/143||Internet Access Protocol – used for Retrieving Email with outlook, and many more|
|FTP/21||File Transfer Protocol – used to Deliver files to over the internet|
Web Application Method
A method is a set of one more program statement. Which can be made out by the method name?
Get method you receive data back when the browser attempts to yoke up with web server when user type something in browser address bar or click any link to view another page that time browser use get method..
Post method used when you post some information on the server with browser as you have a Facebook account and you update your profile information after that you click on update button that time post method work at the pawl
Web Application Vulnerability
Vulnerability is weaknesses of any organization which allow to hacker reduce system information easily.
When Hacker tries to send untrusted data with some command and query that is an injection it can be anyone like SQL Injection, Blind Injection, and XPath Injection.
SQL injection is a malicious code by injecting SQL query into the web application, then hacker can easily Access the raw data. SQL injection can give an hacker access to a database and allow the hacker to remotely Access Victim system.
A hacker can Modified your Data Record, and easily can change your online price Details also hacker can spoof your Identity and also can make copy image of your whole data base
With this attack hacker can easily bypass Victim login credential, without input some valid info and easily gain access Victim administrative privilege. Later on that hacker can execute anything with your Database hacker can easily edit your database record and can be easily modified your financial record and craft secrets.
Vulnerability of Authentication bypass
The query will be split into two sections, Select*from admin login where admin id=‘admin’ and pass=‘‘or’2=‘2’; Here, the condition‘2’=‘2’will result positively and authentication will be bypassed! We can attempt to put the same‘or’0’=‘0 as the user name and password if required. It is to be inferred that we can replace 0 with 1, X.: ‘or ’X’=‘0‘or’X’=‘X As per the surveys, still more than 55% website vulnerable with this shot.
A Union based injection
When a user sends his/her request to the database and the database will respond proper information according to user asking, merely when the hacker tries to inject malicious information with actual information and then the hacker can easily access your database that is a union based injection and then let’s find out how it is possible with union injection.
Union operators - The union operators used to combine two or more select statements.
Today we want to combine lists of cricket players and Football Players so we have to use this select statement:
Select P_ Name from Cricket players union Select P_ Name form football Players
After performing this query we can produce results like this
We can use order by keyword for sorting records by the specified column.
Select*from cricket players order by P_ID 1, 3
The result should look like this
Hacker is also used order by keyword look like this mostly used to sort the result in descending order. Before hacking any website hacker try to live through the union injection on the victim site with some limited standard.
The first way hacker tries to find something on victim website with some basic tricks and after that hacker tries to force victim website to generating any error if web site throw any error for Hacker So hacker work more easy to hacking a website then it can be easily vulnerable with union injection if victim website vulnerable with union injection so the hacker can get website database name information and hacker can see also database version and can see also who is the default user of Database and how many tables in this database and how many columns with each particular table so union injection is very harm full vulnerability for a Web Application
When a hacker tries to hack any website and force to get errors like union injection, but the website does not have any error then that time hacker tries to inject Blind Injection on a website for Generating errors.
Vulnerability of Blind inaction
The Hacker tries to determine your database name with the help of blind injection after getting website database information hacker try to find current database version and then obtain a database table name with specified column with database users with a blind injection a malicious question
Time Based Blind injection
Hacker use time based blind injection when the site doesn’t answer with any malicious code not generated any error. And then the hacker tries to inject this injection. Just the time based injection respondent on the basis of time with valid vulnerable parameter.
Vulnerability of Time Based Blind injection
Time based blind injection hacker use Sleep () functions to hold database respond for some minutes. And that time database will do naught. And after that hackers use if () condition for executing and marching the mentioned condition after that hacker try to get database version and then seeks to get all table names and column name after that hacker retrieve database all data then boom
Boolean Based Blind SQL Injection
Boolean based blend is a technique wherein there is a lot of involvement of HTTP request and response reading character by character, comparison and detecting the right output Once a vulnerable parameter is base, replaces or appends syntactically valid SQL statements for which we can expect close to production. State, there is an original un-tampered request with a vulnerable parameter, it has certainly responded and on next stage there is a request-response from an injected statement, then we perform a comparison between these two responses.
Error Based Injection
When a user sends a request to the database and database response well, according to the question, but in error based injection hackers try to hack the database with some error, hacker injecting some queries with the actual query and can arrest the al database information with this.
Vulnerability of error based injection
Step-1 – hackers try to take in some vulnerability of victim site
Step– 2 – after finding some vulnerability, hackers attempt to pass malicious queries on the victim web site.
Step -3 – if malicious query throws some error then a hacker can hack easily with an error based injection
Step -4- then hackers tries to find all table names in victim database
Step-5 - then hackers selects one table form victim master database
Step 6 – and try to convert the table name to integer for some errors
Step 7 - and then the hacker try to find same column name
Step - 8 and then selects one column form victim master database
Step – 9 and after finding column and table name hacker easily grab data in the database with an error based injection.
XPath is an xml path language and providing a platform for linking to a database to recover information about xml file and XPath injection is technically like as a SQL injection used to hack XPath application when hackers try to injecting some malicious data into an application for finding xml file data with XPath injection to permit unauthorized access.
Vulnerability of XPath injection
Hackers try to hold this kind of user sensitive information with the help of injecting malicious query into the website then hacker can be hack the all xml databases.
Tool for SQL Injection
- Blind injection brute forcer
- SQL injection power injector
Xss is cross site scripting Vulnerability which enables to hacker injecting malicious script into the victim website mostly used for Banking and Financial website generally hacker tries to find a vulnerability on the search box and comment box and it can be also in the browser. This kind of attack is called a cross site scripting.
Vulnerability of Xss
The Hacker tries to take in some vulnerability with Xss malicious script, then hacker try to load malicious script in the lookup box and comment box and also in a browser
Type of Xss
- Store Xss
- DOM based Xss
- Reflected Xss
DOM based Xss
The Document object model is an html and xml programming interface and specify the web page object like header link and more. With the help of Dom based Xss hacker try to execute malicious script with Html and xml original script.
Hacker injects a malicious script into the origin of the website, after this each and every time victim tries to open the website then the malicious script also executes, and malicious script steal victim cookie information and transmits back to the hacker.
When a hacker sends a website link with some malicious script to the victim so when the victim click on that link so along with website data the malicious script also executes and give hackers to victim credential full access.
With Cross site request forgery hackers can utilize the site link for hijacking victim session when victim checks that link and then hacker easily hacked victim credential. This form of attack called CSRF.
Vulnerability of CSRF
A hacker sends a malicious code with the vulnerable victim website and then malicious code force victim browser according to hackers’ interest and victim browser store all user credentials each and every request.
Insecure Cryptography Storage
When a web application does not store sensitive information properly like card holder data medical record, financial record so hackers try to ignore this sort of information with insecure cryptography storage
Vulnerability of insecure cryptography storage
Hacker analyzes and breaks the algorithm’s security by finding security loopholes in the exercise of the algorithms. Everything is implemented fine, but key exchange or central memory is done in wrong manner which allow Hacker to find the access to key. Afterwards on the disclosure of key, it is not more than Easy work for the hacker to break the protection.
The Session is used to go through user authentication information on every visit but hacker can hijack user sessions and attempt to grab user authentication and perform some malicious activities, then hacker get easily full access to victim system and later on that hacker can steal user session ID and hacker also Brute force user session ID.
The User sends the connection Request to server and server forward user request to data server for creating a fresh session ID for the user and then the data server respond back to the user with session id and user use his/her session with server validate session id for posting and receiving successful session data.
Vulnerability of session hijacking
The Hacker tries to guess user session id for stealing user session information then hacker can hijack packets and try to analyze every packet via wire shark because wire shark record user network traffic after this hacker easily hijack user session credentials. And hacker kills the user session and hacker can sniff user network.
Network Level Session Hijacking
The network level hijacking hacker used to hijack transport and internet protocol for gathering user session information hacker implement every packet during the transmission between the client and the server in TCP and UDP Session.
It occurs when an hacker prepares a session ID and has a target user use the session ID in some way and the target user who is unaware of it logs into the website. If successful, the hacker could pretend to be the targeted user using his or her session ID, which has been set up by the attacker, and access the web site.
Stealing Session ID
Some web applications issue session ID, which is the information to identify the user, to manage sessions. If session ID is not created and managed properly, an hacker could steal the session ID of a legitimate user and gain unauthorized access to the services pretending to be the legitimate user. The attacking method exploiting this vulnerability in session management is addressed
Network Level session Hijacking Part
- TCP/IP Hijacking
- UDP Hijacking
- Packet Sniffing
- IP Spoofing
Application Level Session Hijacking
Application level hijacking hacker use to gathering information about the user Http session by obtaining the session id because hackers hijacked user Http session for gathering information about session id because session id is unique identifiers of the user http session
Role of Application Level Session Hijacking
- Session Sniffing
- The Session token hijacking
- Browser hijacks
Tools for session hijacking
- IP Watcher
- Burp suite
Web Application Forensics
Web forensics relates to cybercrime on the Internet. For identified some criminal activities like
Child pornography, hacking, and identity theft can be traced and the criminals can be
Punished if proper evidence is found against them Web forensic analysis brings out some
Details like when and in what sequence did somebody access a Web page.
Web Browser History Analyzing
Web history analysis is a Starting Point of a Web Application Forensic. For analyzing what Victim has been viewed on the World Wide Web through their internet web browsers? Evidence can be establish in the suspect’s browser history, including sites visited, searches conducted and web-based e-mail. In cases involving crimes predominately carried out using web browsers, such as child pornography, identity theft and credit-card fraud, web history analysis can play a vital role in convicting or exonerating a suspect.
Internet Explorer History Analyzing
Internet Explorer stores Download files from the internet in a cache each cached file is assigned an alphanumeric cache name. And internet explorer saves all cache details in Index.dat
What is Cache File?
When a user visit a website so browser needs to download all the files for displaying website content, but that time browser stores some data in the user’s computer then browser try to interact with this information and load cache faster.
What is Index.dat File?
Internet Explorer saves numerous files named “index.dat” within each User’s home directory along the data processor system. Each user will generate multiple Index.dat files that may be found in multiple directories and these file maps, websites visited to locally saved cache files in randomly named directories so that the next time the user visits the same web site, he will not have to download the same mesh and web pages all over once more.
The index.dat file store history information for the last date access. For viewing IE History content so you can open the browser and press Crtl+H then you can easily analyze history.
What is a browser cookie?
A cookie is a Text file containing data that the web server Send on a user’s System and it also store user session information whatever user done with his/her session that information saved into the user system. Cookies are also used for storing the session information that
Only lasts a session. Technically a session starts when a client accesses a particular domain
And ends when the Browser is closed
IE Cookies Analyzing
IE cookie has the information meant to be saved on the User’s System from the server, the domain name that is responsible for this cookie, and the relevant time/date stamps. The file will be created in the user’s IE Cookie directory, typically located in the The browser stores this information and extracts it out the next time you visit the site to gain the next trip more comfortable and more personalized.
Mozilla Firefox History Analyzing
At Mozilla store all download files in history.dat file stores much of its tracking information in files instead of reading. Individual folders are used to store user data, so it’s easy for the user to totally wipe out the folders without leaving any traces
Image 1– you can Press CTRL +H for finding Firefox History
Image show – how you can retrieve deleted cookie information with encase forensic tool
Khushal Kaushik is Director at LISIANTHUS TECH and cyber security specialist and ethical hacker, he has got a grade in computer science with 12 computer certification like MCP, MCTS, DIGITAL FORENSIC and many more he has been operating in The IT industry for the last 4 years and he possesses an experience in Cyber Security and cyber forensic was involved in a number of Project like web security vulnerability, Hospital management, insecure cryptography storage, web protection and many more.
Lisianthus Tech is lead by, group of experienced and hard working team. The Company ensures that work undertaken full- fills it requirement and guides the company at its best. At Lisianthus we ensure that your information is secure and sound. We go on a tab on day to day happening across the globe where every new day, a new bug is out in his hi-tech society. Lisianthus ensures that your world is safe and dependable. Lisianthus Tech believes the strategy for a solution must identify those existing national and regional initiatives, in order to act effectively with all relevant players and to identify priorities. Lisianthus Tech is uniquely positioned to offer a framework for international cooperation in cyber security. Its membership includes least developed countries, evolving and emerging economic systems, as well as developed nations. Lisianthus Tech is therefore an excellent forum for action and response to promote Cyber security and to tackle cybercrime.
Lisianthus a detailed work requires.......
Data Security, Network Security, wireless security, Web Application security, Mobile Device Security, Cyber Crime investigation, information security, Security Auditing, Penetration Testing, Guide to Secure Developing,
Lisianthus Tech Cyber Security Monitoring Service, powered by Lisianthus Tech Team identifies, classified and helps prioritize opportunities to improve the security of your control system. To find security weaknesses within Penetration testing, Lisianthus Tech Cyber Security Monitoring Service helps protect your control scheme by assuring it delivers multiple layers of protection