P. 1
Pen Testing the Web with Firefox

Pen Testing the Web with Firefox

5.0

|Views: 2,684|Likes:
Published by Michael Schearer
"Pen Testing the Web with Firefox" as delivered by Michael Schearer at Booz Allen on Thursday, June 18, 2009.
"Pen Testing the Web with Firefox" as delivered by Michael Schearer at Booz Allen on Thursday, June 18, 2009.

More info:

Published by: Michael Schearer on Jun 19, 2009
Copyright:Attribution Share Alike

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PPT, PDF or read online from Scribd
See more
See less

08/18/2012

pdf

original

Pen Testing the Web With Firefox

Michael Schearer

1

Who am I? What’s this really all about?

2

Who am I?
 Senior Consultant for Booz Allen Hamilton in 

 

central Maryland Recently separated from 8+ years of active duty in the U.S. Navy as an EA-6B Electronic Countermeasures Officer Spent 9 months in the ground in Iraq as a counter-IED specialist Contributor to several Syngress books, including Penetration Tester’s Open Source Toolkit (Volume 2), Netcat Power Tools, and Kismet Hacking Amateur radio operator and active member of the NetStumbler, DEFCON, and Remote Exploit forums, a football coach, and father of three (soon to be four!)

3

What’s this all about?
Then
 Google for information

Now
 Specialized websites for

gathering
 Individual programs for

detailed research
 Firefox as a platform to

separate tasks
 Different interfaces for

launch separate attacks
 The browser interface to

different programs
 OS specific tools

point, click and pwn!
 (Mostly) OS transparent

4

Agenda
 Penetration Testing Methodologies  Pen Testing the Web with Firefox
 Stand-Alone  Website-based tools  Other Firefox plugins/extension  Firefox as a Front end  Recommended Setup

 Places/things to hack safely

5

Penetration Testing Methodologies
 Focus is on freely available methodologies  Open Source Security Testing Methodology

Manual (OSSTMM) http://www.isecom.org/osstmm/  Open Web Application Security Project (OWASP) http://www.owsap.org/index.php/Main_Page  NIST Special Publication 800-42 and NIST Special and Publication 800-115 (draft) http://csrc.nist.gov/publications/PubsSPs.html  Penetration Testing Framework http://www.vulnerabilityassessment.co.uk/Penetration

6

Penetration Testing Methodologies (cont’d)
 Most Penetration Testing Engagements follow a

standard process:
 Planning and Reconnaissance  Scanning and Enumeration  Gaining Access or Penetration  Maintaining Access and Exploitation  Covering Your Tracks

7

Pen Testing the Web with Firefox
 Stand-Alone  Website-based tools  Google Hacks  Firefox plug-ins/extension  Firefox as a Front end  Recommended Setup

8

Using Firefox Stand-Alone
 Out of the box

 Primarily passive reconnaissance  Whois – http://whois.net,

http://www.samspade.org  DNSStuff – http://www.dnsstuff .com
 NetCraft (toolbar or browser-based)  EDGAR filings  Google
 Names, locations, email addresses, etc.  Mailing lists, newsgroups

9

Using Firefox: Website-Based Tools
 Website-based tools  Online Nmap scans  Leak checkers  Hosted hash crackers

10

11

No, that’s not my IP…

Tor ;-)
12

13

On-line Hash Crackers
 http://gdataonline.com/seekhash.php  http://www.passcracking.com  http://hash.insidepro.com/  http://www.md5this.com/  http://gdataonline.com  http://us.md5.crysm.net  http://md5.rednoize.com  http://www.milw0rm.com/md5  http://shm.hard-core.pl/md5

14

15

16

Using Firefox –Plugins and Extensions
 FireCat
 60+ extensions and growing  Strengths  Weaknesses

 A few examples
 Exploit-Me  Tamper Data  Passive Recon

17

Proxying / Web Utilities

FireCat 1.4
Security Auditing

Information Gathering

Editors

Network Utilities

18

Exploit-Me
 Suite of lightweight security testing tools  Introduced at SecTor ’07 by Nishchal Bhalla and    

Rohit Sethi of Security Compass XSS-Me to test for Cross-Site Scripting vulnerabilities (www.xssed.com) SQL Inject-Me to test for SQL injection vulnerabilities Access-Me tests access vulnerabilities Future: Web Service-Me, Overflow-Me, Enumerate-Me, BruteForce-Me
19

Tamper Data
 Acts like a proxy server  Allows you to view and modify HTTP/HTTPS

headers and post parameters  Trace and time http response/requests  Popular for hacking e-commerce sites that don’t do server-side validation (i.e., of price)  Changing high scores on flash-based games

22

Passive Recon
 Tool for executing 20+ pre-configured searches  DNS records, Whois, MX records, Netcraft

reports
 What’s That Site Running?  Uptime reports  Google

23

Passive Recon - Menu

24

Passive Recon – DNS Info

25

Passive Recon – Domain Tools

26

Passive Recon – MX Records

27

Passive Recon – What’s This Site Running

28

Passive Recon – Link:

29

Other noteworthy add-ons
 Add N Edit Cookies  Self explanatory!  Firebug
 Edit, debug, and monitor CSS, HTML, and

JavaScript live in any web page
 HackBar  Myriad of security/auditing/pen testing features  Obfuscate SQL injection attacks  Web Developer
 What doesn’t it do? ;-)

Using Firefox – As a Front End
 Proxies
 Tor  Paros Proxy  SPIKE Proxy  Burp Proxy/Suite

 Web Frontends
 Metasploit  Fast-Track  Inprotect (web interface for Nessus and Nmap)  BASE (Snort)

 Others?

31

32

Recommended Setup
 Profiles  Concerns:  Too many extensions!  Duplicate tasks  Memory use/time to load  Fixes:  Profile Manager Mode  “everyday”  “pen testing”  Install/load only those you use regularly

34

Recommended Setup
 Add-ons  Concerns:  Add-on portability  Installing multiple add-ons manually  Fixes:  FEBE (Firefox Environment Backup Extension)  CLEO (Compact Library Extension Organizer)  OPIE (Ordered Preference Import/Export)

35

Recommended Setup

 Incompatible Add-ons  Concerns:  Loss of functionality  Slow update to FF3 compatibility  Fixes:  Different add-on, same functionality  Manually edit add-on:  Sign in  Ignore version check  Download .XPI  Edit “maxVersion” in install.rdf  Update archive and install
36

Incompatible Add-ons

Places/Things to hack “safely”
 OWASP’s WebGoat
http://www.owasp.org/index.php/OWASP_WebGoat_Project

 Foundstone “Hacme” series
http://www.foundstone.com/us/resources-free-tools.asp

 De-Ice pen-testing live CDs
http://de-ice.net/index.php

 PwnOS (VMWare image)  Your own VMWare lab  “Safe” hacking websites

38

Conclusion
 Penetration Methodologies  Using Firefox  Stand-alone  Website-based tools  Google Hacks  Firefox plugins/extension  Firefox as a Front end  Recommended Setup  Places/things to hack safely  The Future

39

Questions ?

40

Credits
 John Fulmer  Church of WiFi  Thomas Wilhelm “Grendel”  Laurent Chouraki, Benjamin Picuira and Nabil

Ouchn (Security-database.com)
 Nishchal Bhalla and Rohit Sethi (Security

Compass)
 Chuck Baker  Justin Morehouse
41

Pen Testing the Web With Firefox
Michael Schearer

42

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->