diff --git a/Documentation/hack/README.md b/Documentation/hack/README.md index ddf9db6..725798c 100644 --- a/Documentation/hack/README.md +++ b/Documentation/hack/README.md @@ -4,6 +4,8 @@ All the vulnerabilities listed below are essential to know when it comes to web security. These vulnerabilities are the most common and are the most likely to be exploited. It is important to know how to prevent these vulnerabilities from being exploited and how to fix them if they are exploited. +⚠️ **Warning:** The exploration and handling of web vulnerabilities must comply with legal and ethical standards. Always ensure you have the necessary permissions and understand the implications of probing and testing vulnerabilities in any system or network. Unauthorized testing or exploitation of vulnerabilities can lead to legal consequences and ethical breaches. ⚠️ + - [XSS (Cross-Site Scripting)](xss.md) *Injecting malicious scripts into web pages viewed by other users.* - [RAFI (Remote File Inclusion)](rafi.md) @@ -28,4 +30,4 @@ All the vulnerabilities listed below are essential to know when it comes to web - [Execution of Malicious Files](execution-of-malicious-files.md) *Running harmful files, potentially affecting the system or network.* - [Metadata Not Removed](metadata-not-removed.md) - *For example, not removing geolocation data from profile pictures.* + *For example, not removing geolocation data from profile pictures.* \ No newline at end of file diff --git a/Documentation/hack/http.md b/Documentation/hack/http.md index 3d90c96..950705c 100644 --- a/Documentation/hack/http.md +++ b/Documentation/hack/http.md @@ -21,9 +21,9 @@ When a site doesn't have HTTPS, browsers typically show a warning with a crossed The most effective method to address HTTP security issues is to use HTTPS (HTTP Secure), which encrypts the data in transit between client and server. Implementing security measures like SSL/TLS ensures that intercepted traffic is not easily readable. -Services like Let's Encrypt provide free SSL/TLS certificates, facilitating a more secure web. Using tools such as Certbot can automate certificate issuance and installation, removing much of the complexity involved in manually setting up HTTPS. +Services like [Let's Encrypt](https://letsencrypt.org/getting-started/) provide free SSL/TLS certificates, facilitating a more secure web. Using tools such as [Certbot](https://certbot.eff.org/) can automate certificate issuance and installation, removing much of the complexity involved in manually setting up HTTPS. -While self-signed certificates can also encrypt data, they do not provide verification of the server's identity and can lead to trust issues with clients. For internal testing or private networks, a self-signed certificate can be sufficient, but for public websites, a Certificate Authority (CA)-issued certificate is recommended. If using a self-signed certificate, the corresponding CA must be installed on the client's device to avoid security warnings. +While self-signed certificates can also encrypt data, they do not provide verification of the server's identity and can lead to trust issues with clients. For internal testing or private networks, a self-signed certificate can be sufficient, but for public websites, a Certificate Authority (CA)-issued certificate is recommended. If using a self-signed certificate, the corresponding CA must be installed on the client's device to avoid security warnings. for this use [openssl](https://www.openssl.org/) to generate a self-signed certificate. ## Example Scenarios @@ -36,11 +36,9 @@ A common HTTP risk scenario is when a user logs into a site without HTTPS. If th - [Let's Encrypt](https://letsencrypt.org/) - [Certbot](https://certbot.eff.org/) -## How to Use Wireshark for Network Monitoring +## How to do it ? 1. **Install Wireshark**: Obtain the application from the official [Wireshark website](https://www.wireshark.org/). 2. **Capture Traffic**: Launch Wireshark, select your network interface, and begin capturing packets. 3. **Filter for HTTP Traffic**: Apply the filter `http` to isolate HTTP packets. 4. **Analyze the Packets**: Inspect the details within each packet to view the unencrypted information being sent and received. - -Remember, network traffic analysis, particularly involving sensitive data, must comply with legal and ethical standards. Always ensure you have the necessary permissions to capture and review network traffic. diff --git a/Documentation/hack/session-hijacking.md b/Documentation/hack/session-hijacking.md index 280f07b..c9807af 100644 --- a/Documentation/hack/session-hijacking.md +++ b/Documentation/hack/session-hijacking.md @@ -2,24 +2,39 @@ ## Definition -Session Hijacking involves illegally gaining access to another user's web session. +Session Hijacking is a cyber attack where an attacker takes over a user's session to gain unauthorized access to information or services on a computer system. This type of attack exploits the session control mechanism that is commonly used in web applications. ## How It Works -... +An attacker hijacks a valid session ID and uses it to impersonate the legitimate user. This can be done by: +- Predicting or obtaining the session token through various methods (like sniffing network traffic). +- Exploiting weaknesses in the session management system of the application. ## Detection -... +Detecting session hijacking involves monitoring for unusual activities such as: +- Unexpected changes in session patterns (like locations or IP addresses). +- Multiple concurrent sessions from different locations using the same credentials. +- Anomalous spikes in user activity. ## Prevention -... +To prevent session hijacking: +- Implement HTTPS to encrypt data in transit. +- Use secure, randomly generated session tokens. +- Implement session timeouts and re-authentication for sensitive operations. +- Regularly renew session tokens and ensure they are securely stored. +- Employ IP address binding to sessions when feasible. ## Example Scenarios -... +A common example is when an attacker intercepts a user's session cookie through an unsecured Wi-Fi network and then uses it to access the user's account on a web application. ## References -... +- [OWASP Session Hijacking Attack](https://owasp.org/www-community/attacks/Session_hijacking_attack) +- [Mitigating Session Hijacking](https://www.sans.org/white-papers/1565/) + +## How to do it ? + +DO ... \ No newline at end of file