Lab Overview
从这个实验开始,我们开始写点开发类的代码了,gdb进程级别的调试也不再需要.身份验证是网络安全领域一个很让人头疼的问题,怎么解决这个问题呢.添加cookie?存在数据窃听.数据加密?加密的破解... 这个循环似乎不会结束.
Part A: Identity Forgery
Exercise 1. There are many bugs and vulnerabilities in the current utility for
transferring money. Find as many bugs as you can. For now, just focus on bugs
that an adversary can trigger by giving unanticipated values to the transfer
page. Think carefully about what kinds of inputs an attacker might provide,
and try them out by entering them on the transfer page. Please write down detail
descriptions of your observation in bugs.txt. (You should find at 6 different bugs.)
找出一些现有逻辑中的bug, 主要把精力集中放在transfer的业务逻辑中,比如是否可以传一个负责?收款人可以是自己吗?转的金额超过自己的余额会出现怎样的情况?是否可以向一个不存在的用户转账? etc.
Exercise 2. Fix as many bugs as you can, from those you found above. Just keep your
code as clean as possible. Also don't forget to test your implementation after you
fix the bugs.
针对上面找到的bug进行修复.
Identify Forgery
Exercise 3. Read the source code of the login web page (in your browser), and the
server's source code. Make sure that you make it clear that how the server identify
who is transferring.
在转账页面,鼠标右击查看源代码.可以看出谁在转账(一个html的影藏标签).
Exercise 4. Try to construct a POST request about the money transferring, which steal
money from some account if you know the victim's account (it's often the case). You
can use browser.c or some tools, such as firebug to construct the request. Your request
may look like this:
POST / HTTP/1.1
from=Alice&to=Bob&money=100
使用firebug查看每次请求发送数据的数据格式,根据查看的结果构造http请求就可以达到不登陆,就可以转账的功能.