CIS411_1.3_Session Hijacking and Detect Intruders_Wes Givin.docx

This preview shows page 1 - 6 out of 8 pages.

ECPI University School of Technology: Department of Computer Information Science- Learning Activity Instructions Student Name Wes Givin Activity Type Session Hijacking and Detecting Intruders Instructions Perform the Guided Practice per the instructions in your course. As you complete each lab, insert a screenshot of your results. Include a screenshot of the results of each lab module you complete and label each clearly. SESSION HIJACKING SCREEN SHOT DETECTING INTRUDERS Lab Version: 12.13.2016
ECPI University School of Technology: Department of Computer Information Science- Learning Activity Instructions Lab Version: 12.13.2016
ECPI University School of Technology: Department of Computer Information Science- Learning Activity Instructions Lab Version: 12.13.2016
ECPI University School of Technology: Department of Computer Information Science- Learning Activity Instructions Summary: As a result of this lab, I have learned: Include a few paragraphs summarizing the key skills you have acquired during this guided practice. Session Hijacking Lab #1. The objective of this lab is to help students learn session hijacking and take over a user account. Intercept the Traffic between server and client OWASP Zed Attack Proxy (ZAP) is an integrated penetration testing tool for finding vulnerabilities in web applications. It offers automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. It is designed to be used by people with a wide range of security experience, and as such is ideal for developers and functional testers who are new to penetration testing. ZAP is an Intercepting Proxy. It allows you to see all of the requests you make to a web app and all of the responses you receive from it. Amongst other things, this allows you to see AJAX calls that may not otherwise be obvious. You can also set break points, which allow you to change the requests and responses on the fly. Lab Version: 12.13.2016
ECPI University School of Technology: Department of Computer Information Science- Learning Activity Instructions The OWASP ZAP main window appears; click on the “+” icon in the right pane, as shown in the screenshot to add the Break tab. The Break tab allows you to modify a response or request when it has been caught by the ZAP. It also allows you to modify some elements that you cannot modify through your browser; these include: The header Hidden fields Disabled fields Fields that use JavaScript to filter out illegal characters Once the Break tab is added in your OWASP ZAP window, configure the ZAP to work as a proxy.

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture