foreword
This experiment is done by reading a book, which is the book of Teacher Li Huafeng - "Metasploit Web Penetration Testing Practice". I wrote a blog about Slowloris DoS attack before, and I also read this book. In general, there are usefulness. This blog is actually just a very simple replay attack.
Require
Use replay attack tools to construct data packets for replay attacks, check and analyze tool conditions
key step
1. I directly use the kali virtual machine for a simple implementation of the replay attack. Because the BurpSuite tool is directly available in the kali virtual machine, there is no need to go to the trouble of downloading the configuration.
Before using BurpSuite, we need to set the proxy of the browser so that the tool can capture web links.
As the browser here, I directly use the browser Firefox that comes with the kali virtual machine.
After entering the browser, select Settings. Scroll down and tap Settings again here.
Then choose to manually set the proxy, and then, enter 127.0.0.1 for the proxy ip address, and set the port number to 8080. This is the default ip and port number used by the BurpSuite tool in the kali virtual machine, and it can also be set after opening the tool, as shown in the figure below.
After setting it up, you can start testing.
As shown in the figure above, set the confirmation interception function to confirm that the interception function is "Interception is on". In this way , when using the Firefox browser to log in to the webpage, the data traffic will pass through Burp Proxy and pause until you click Forward, and the transmission will continue; if At this time, if you click Drop, the data passed this time will be lost and will not continue to be processed.
Next, we visit Baidu's official website for testing.
As shown in the figure, we cannot directly enter the webpage at this time. After operating as shown in the figure, we find that we have been unable to enter the webpage. At the same time, the BurpSuite interface pops up, indicating that the link has been successfully blocked.
In the figure above, we can see the raw request format displayed on the web, including the request address, http protocol version, host header, browser information, Accept acceptable content type, character set, encoding method, cookie, etc. You can manually modify these information to conduct a penetration test on the server side ( modify in the toolbar on the right or directly in place ) .
2. Next, I will conduct a simple password blasting, but I cannot attack other websites indiscriminately. So you need to find a target machine. Here I found a target machine Metasploitable2, and after downloading it on the Internet, use VMware to open it directly.
After opening, the interface looks like this:
Then we enter the account number and password to log in. The account password is msfadmin by default. After logging in, enter the ifconfig command, and then we can see the ip address of the target machine.
As shown below:
Then we open the Firefox browser in Kali to access this ip:
OK, success! It means that the target machine has been fixed.
3. Next, I will use BurpSuite to conduct a password blasting attack (a type of replay attack) on the DVWA in the target machine.
As shown in the figure below, suppose I don't know the password now, but I know the account number.
Let's first turn on the confirmation interception:
Then log in again, and the packet information is intercepted:
Click Action to send the packet to Intruder:
Then go to the Intruder interface:
It is found that the data packet has been sent here, because we only don’t know the password, so use the button on the right to mark only the password, and then go to Payloads to set parameters:
We add the password to be blasted by ourselves, click Load.. to load the password dictionary in the virtual machine, if not, you can use crunch (the tool that comes with kali) to automatically generate the password dictionary.
After setting the parameters, you can click "Start attack" to start the attack.
After waiting for a while, find a password with a length different from other passwords. This password is the real password: passsword. As shown below:
Analysis of the role of replay attack in information security detection
Replay Attacks (Replay Attacks) are also known as replay attacks and replay attacks. Generally, after the attacker intercepts the data packet, the data cannot be decrypted.
However, the relationship between data packets and services can be guessed, and the same data packets can be resent to achieve the purpose of deceiving the system, which is mainly used in the identity authentication process and destroys the correctness of authentication.
Common types of replay attacks include: SMS bombing, brute force cracking, and replay payment.
Replay attacks can be used with penetration testing to check the security of a website. At the same time, more methods to prevent replay attacks can be researched, such as adding timestamps, adding serial numbers, and adding random numbers.