Manipulating Server Responses

The same techniques that are used to send malicious requests to a server can also be used to send malicious responses to a client, except for only a few differences. Instead of creating a custom client, a custom server can be made. Instead of hooking requests to the server, hooking responses to the client can be performed. Programs such as Netcat can be used to listen on an arbitrary port to send custom responses. Proxying responses instead of requests is done in the same manner.

Common Vulnerabilities Found When Sending Malicious Responses

Just as sending unexpected malicious requests is an entry point for server applications, sending unexpected malicious responses provides a great opportunity for client attacks. Following are some of the common types of bugs found when sending malicious responses (the chapter in which more information can be found about these attacks is shown in parentheses):

  • Spoofing (Chapter 6)

  • Information disclosure (Chapter 7)

  • Buffer overflows (Chapter 8)

  • Format strings (Chapter 9)

  • Domain/zone elevation (Chapter 10)

Important  

Malicious response is an area ripe for finding bugs. Many developers don t anticipate this when they write client applications. For example, while we were writing the Web Proxy Editor that is included on this book s companion Web site, we wanted to make sure the tool worked well for manipulating server responses. The goal was more to make sure Web Proxy Editor worked properly than it was to find vulnerabilities in the application we were using through the proxy. Yet, within 30 minutes, we were able to find a way to run arbitrary code on the client machine by sending a malicious response.



Hunting Security Bugs
Hunting Security Bugs
ISBN: 073562187X
EAN: 2147483647
Year: 2004
Pages: 156

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net