-5-

Phases of Hacking ( 3 )
CCSIT – King Faisal University
Dr. Ahmed Alyahya
Textbook
Phases of Hacking
 HTTP ( HyperText Transfer Protocol )

Hypertext Transfer Protocol (HTTP) is a method for encoding and transporting information between a
client (such as a web browser) and a web server. HTTP is the primary protocol for transmission of
information across the Internet.
How Works ?
 Request Line Method (GET, POST) , Path to the page (index.html) , Http version (http/1.1)

http request
General Headers Date and Time of http request

www.google.com IP ?
Request Headers http request
Host (www.google.com) , Browser (Chrome 112.0.5615.49)

Message Body Page content

(<html>
<head></head>
<body>)
443

80
Web Server
http response

Status Line
Information
General Headers
http Success
Response Headers  name
response
and version that house the Redirection
domain ( e.g., Apache/2.4.57)
Client Error
Message Body
Server Error
HTTP vs HTTPS
DNS
DNS (Domain Name System) is the system that translates an Internet or Host name (that is
easier for people to remember) to an IP address.

DNS request (IP address for www.google.com)

DNS response (IP 172.217.12.142)

DNS Spoofing / Poisoning
- You send a request to the server asking for the IP of Google.com. A hacker who perhaps has
eavesdropped on your communication and he knows that you are expecting a translation for
Google.com.

- The hacker sends a message masquerading as a DNS server.

DNS request (IP address for www.google.com)

DNS response (IP 111.111.111.111)

DNS Reflection attack

- Send a flood of DNS requests using spoofed IP address.

- The server responds by sending a flood of replies to the victim.

Prevention : If you receive a flood of DNS reply messages from a particular server, you can add
rules to your firewall (Blocking).
Man in the Middle (MITM) attack

In a MiTM attack, the attacker fools you or your computer into connecting to their computer.
They make you or your computer believe that they are the server. Then, they connect to the
server pretending to be you and relay all the information both ways.
Man in the Middle (MITM) attack

IP spoofing
- Masquerading as a someone else using their IP address.

DNS spoofing
- Trick users into visiting malicious websites thinking they are legitimate.

Preventing (MITM) attack

- Strong Encryption on Wireless Access Point.

- Use VPNs for remote access for secure encrypted communication

DOS (Denial of Service)

Any attack which causes service to be slow or unavailable to legitimate users.

Example :
- Overloading web or database servers through bogus requests.
DOS and DDOS

- DoS : Send a flood of packet.

- Easy to detect and block the single IP address.

- Distributed DoS : Multiple IPs, difficult to block.

Bots and Botnet

- Malware is installed on targets systems.

- These systems become “Bots”, network of Bots  “Botnet”.

Threats posed by Bots / Botnets

- Loss of services to legitimate clients.

- Financial loss.

- Reputational damage.
Protection against DDoS attacks.

- Increase the number of servers.

- Observe abnormal behaviour using techniques (e.g., Machine Learning).
First define what is normal behaviour.

- IP Blacklisting : Check the suspicious IPs and add them to your firewall rules in order to

block them.
Questions