The goal when testing for spoofing issues is to make something appear to the target application or end user as something else. As a result, spoofing can cause a decision made by the application or user to be based on incorrect information. Refer to Chapters 6 and 12.
Sample Test Cases | |
---|---|
Test Case | Description |
Check for features that trust a connection based on the domain from which the connection originates | Trust should not be elevated based on a domain name gained through a DNS reverse lookup (it can be spoofed). |
Hand-craft SMTP messages | To, From, Subject, headers, body, and so forth can all be spoofed. |
Modify HTTP Referer | Some features erroneously use this to ensure links originate from specific places. |
Modify MAC address | Some features mistakenly believe that MAC addresses are unique and cannot be spoofed. |
Spoofing IP address | Like the MAC address, a machine s IP can also be spoofed, which is commonly used in DDoS attacks. |
Some text CR/LF Text on new line | Use a carriage return and linefeed ( CR/LF ) to inject a new line, which can alter the dialog box layout. |
Some text TAB TAB TAB TAB More text | Use tab characters ( TAB ) to inject whitespace to cause the text to wrap to the next line in a dialog box. |
Some text More text | Use a lot of spaces to cause the text to wrap to a new line in a dialog box. |
Some text NULL Text is truncated | Use a NULL to truncate the line displayed. |
C: goodfile.txt TAB TAB TAB TAB .exe | Use tab characters in the filename to cause part of the filename to wrap out of the viewable text area. |
C: goodfile.txt .exe | Use spaces in the filename to cause part of the filename to wrap out of the viewable text area. |
http://www.goodsite.com@ www.badsite.com | Some applications allow the user name and password to be specified as part of the URL. Use the user name to attempt to spoof the name of the server. |
http://www.goodsite.com/good.txt%00bad.exe | Use an encoded null character ( 00) to truncate the name of a file. |
http://www.goodsite.com/good.txt%0D%0Abad.exe | Use an encoded CR/LF ( 0D 0A) to inject a new line. |