Government Cybersecurity Standards: Building a Secure Digital Landscape
jadavvineet73
159 views
22 slides
Jul 02, 2024
Slide 1 of 22
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
About This Presentation
Explore the comprehensive landscape of government-established cybersecurity standards designed to protect digital environments globally. This presentation delves into key international and national frameworks, sector-specific regulations, and best practices for compliance. Ideal for cybersecurity pr...
Slide Content
Host Header Injection using burp suite
Agenda Abstract Research Code/Tools Impact Analysis Step-by-Step Procedure Recommendation Proof of Concept (PoC) Reference
Abstract This project aims to demonstrate the impact of Host Header Injection on a website's security. Using Burp Suite to capture packets and manipulate headers, the focus is on executing a Host Header Injection attack. The goal is to assess the vulnerability and potential exploitation of PortSwigger's "Password reset poisoning via middleware" lab.
Research Site Details Name: PortSwigger's Web Security Academy Lab URL: PortSwigger Category/Type: Educational/Training Usage/Popularity: Widely recognized and used in the cybersecurity community for training Data Collection Web Server: Apache Backend Framework: Python (Django) Database: SQLite Frontend Technologies: HTML, CSS, JavaScript
Tool: Burp Suite Burp Suite, developed by PortSwigger, is a comprehensive tool used by security professionals and ethical hackers for web application security testing. It includes various features such as: Proxy: Captures and modifies HTTP requests and responses. Scanner: Automates vulnerability detection. Repeater: Allows for manipulation and resending of individual requests. Burp Suite's extensibility through plugins and its powerful suite of both manual and automated testing tools make it an essential resource for identifying and addressing security weaknesses in web applications.
In the context of Host Header Injection, the Impact analysis typically covers several key aspects: Unauthorized Access: Attackers can manipulate the Host header to access unauthorized resources or functionality on the server. For example, they might access administrative panels or sensitive information intended for other users. Data Leakage: Host Header Injection can lead to information disclosure, where attackers can view responses that contain sensitive data or configuration details due to improper handling of the Host header. Authentication Bypass: By manipulating the Host header, attackers may trick the server into recognizing them as legitimate users or bypassing authentication controls, gaining unauthorized access to user accounts or services..
Session Hijacking: Exploiting Host Header Injection could potentially allow attackers to hijack user sessions by manipulating session tokens or cookies, leading to account takeover or unauthorized actions on behalf of the user. Impact on Availability: In some cases, improper handling of the Host header can lead to denial-of-service (DoS) conditions or server misconfigurations, impacting the availability of the application or server. Regulatory and Compliance Issues: Organizations may face compliance violations or legal repercussions if Host Header Injection results in unauthorized data access or breaches affecting user privacy and security. Reputational Damage: Successful exploitation of Host Header Injection can damage an organization's reputation, eroding trust among users and stakeholders due to perceived or actual security lapses
Host Header Injection Overview A Host header injection attack takes advantage of a flaw in how some websites handle a specific part of an HTTP request called the "Host header." This header tells the server which website you want to visit. If a website blindly trusts this header without checking it, attackers can trick the website into doing harmful things. Here's how: Host Header Injection: Attackers send a fake Host header to the server to make it behave differently. Web Cache Poisoning: Attackers change the content stored in the web cache, so users get harmful or fake content. Business Logic Flaws: Attackers bypass important security rules, like those controlling who can access certain parts of the site. Server-Side Request Forgery (SSRF): Attackers make the server send requests to places it shouldn't, potentially leaking sensitive information. Classic Server-Side Vulnerabilities: Attackers use the Host header to inject dangerous code, like SQL commands or shell commands, into the server.
Password reset poisoning Password reset poisoning is when an attacker tricks a website into sending a password reset link to their own website instead of the correct one. When users click the reset link, they are directed to the attacker's site, allowing the attacker to steal the secret codes needed to reset passwords and take over accounts.
To perform a Host Header Injection attack on the password reset functionality, follow these steps with Burp Suite: Step 1: Investigate the Password Reset Functionality Initiate the Password Reset Process: Go to the website and initiate the password reset process for the user you know. Enter the username or email address to receive a password reset link. Observe that a link containing a unique reset token is sent via email.
Step 2 Click on Exploit Server: Navigate to the exploit server provided by PortSwigger and click on it. After clicking on the exploit server, scroll down to find important options on the page, including: View Exploit, Access Log and Email Client Click on Email Client: Click on the "Email Client" option to proceed with the next steps of the lab. This process will help you set up and use the exploit server for capturing the password reset token.
To continue with the password reset poisoning process, follow these additional steps: Open the Email Client: -After clicking on the "Email Client" option in the exploit server, you will see emails sent by the website. Copy the Reset Link: Find the email containing the password reset link. Copy the part of the link that includes the token, but do not copy the entire link. Copy only up to and including the = sign (e.g., reset? Token=).
Log Out and Initiate Password Reset: Log out of your current session on the target website. Click on the "Forgot Password" option again. Enter the username or email ID of the target account that you want to reset using the exploit. Prepare Burp Suite: Before submitting the password reset request, open Burp Suite. Ensure that the proxy is switched on to intercept the request.
Switch on Burp Proxy and Submit Request: With the Burp Suite proxy enabled, submit the password reset request on the target website. Intercept and Modify the Request: Burp Suite will intercept the request. In the intercepted request, find the Host header.
Modify the Host Header: Go to your exploit server page and copy your server URL (e.g., YOUR-EXPLOIT-SERVER-ID.exploit-server.net).In Burp Suite, add the X-Forwarded-Host header with your exploit server URL. Forward the modified request in Burp Suite. By following these steps, you'll be able to direct the reset link to your exploit server, allowing you to capture the password reset token.
Get the Valid Password Reset Link: Go to your email client and copy the valid password reset link sent to you (not the one pointing to the exploit server). Modify the Link: Paste the valid password reset link into your browser's address bar. Change the value of the temp-forgot-password-token parameter to the token you stole from the victim (Carlos).
Copy a valid password reset link from your account, replace your token with Carlos's token, and submit the modified URL. This action directs you to Carlos's password reset page, where you can initiate and set a new password as needed. This exploit leverages Host Header HTML Injection to manipulate authentication tokens in URLs, potentially granting unauthorized access. Mitigate such vulnerabilities by validating and sanitizing all input data, implementing secure token handling practices, and maintaining robust application security measures.
After changing the password, try logging into it carlos account.
R ecommendations for Mitigating Host Header Injection Attacks Validate and Sanitize User Input: Ensure all user-supplied data, including Host headers, undergo thorough validation and sanitization to remove or neutralize malicious characters or payloads. Use a Whitelist Approach: Define a whitelist of acceptable hostnames. Compare incoming Host headers against this whitelist and reject any requests with Host headers that do not match the predefined list. Configure Server Settings: Implement strict server configurations to enforce proper handling of Host headers. Configure servers to use explicit hostnames rather than relying on implicit or wildcard configurations. Employ Security Mechanisms: Utilize security features such as web application firewalls (WAFs) or intrusion detection/prevention systems (IDS/IPS) to detect and block suspicious Host header manipulation attempts.
R eference https://portswigger.net/web-security/host-header What is HHI (Host Header Injection) & How to Simply Test the Vulnerability | by Aks | MII Cyber Security Consulting Services | Medium Overview of Host Header Injection | Practical in BurpSuite | Host Header | Penetration Testing (youtube.com) https://infosecwriteups.com/http-host-header-attacks-55ca4b7786c
Questions ?
Thank You!
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 159
- Slides 22
- Age 518 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
46 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
46 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
34 views
21
Know for Certain
DaveSinNM
21 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
26 views