Time
2 hours 19 minutes
Difficulty
Beginner
CEU/CPE
3

Video Transcription

00:00
pillar. Welcome back to the course. You did fire me, but like through logs Amigo Vieira And in the last video we talked about cross eyed, screeching attacks
00:10
in this, really, we discuss about gross ID requests, forgery.
00:15
Let's start with the learning objectives.
00:18
The lone objectives are
00:20
review cross eyed request forgery and identify the attack with the log. Analysis
00:28
The girl's side Request forgery. Exploit the trust between the Web sever and easy browsers
00:35
supposed that relaxes your Internet bank website.
00:39
Everything goes okay, you do or wherever you need to do. And after you access a malicious website,
00:47
this malicious website, you try to send a malicious comments to your Web browser. Your browser. You execute the Commons.
00:56
The malicious common could be a money transfer to the Attackers account
01:02
they use. It will not see the request, and this could happen because the bank website trusts they use a browser.
01:10
Maybe you're thinking cross ice cubes for you is the same score side script,
01:15
Even if the name a similar, the attacker is different in the cross. I skipped forgery.
01:22
This is off. The attack did not connect directly to the Web server.
01:26
That's why the name is forgery
01:29
in our leg. We have a vulnerable Web application, and in this case they will never building allows to change the user password. First, let's see the logs off a normal request.
01:42
The deficit lines are dead. Logan in the access to the vulnerable Web page.
01:46
The next line is the user changing the best words.
01:49
We can see the clients I p address
01:53
they requested file with the pass or change and they refer.
02:00
Also, take a look on the time the next log. It is malicious request. You can see the same I P address and another requires to change. The password
02:10
can identify another difference between the two logs.
02:15
One of the differences is the password.
02:19
Another difference
02:21
is the refer
02:23
here. We do not have the refer,
02:25
and this new password change requests
02:29
happened sometime before the first request.
02:31
In summary house identify cross that request forgery.
02:37
He fairer is the best way to identify.
02:40
If you notice on the Spectra refer,
02:44
it is a good indication that something is wrong.
02:47
Another thing is difference. Behavior from the user,
02:53
like changing, are trying to change the password.
02:57
Many times in my small period of time,
03:00
I'll save me actions, and that is my period of time.
03:04
Pushups. That's my question
03:07
cross I requested for the attack only happens if they use the browsers is compromised.
03:13
Is this information through a force
03:16
this offer missions force.
03:20
Most of the time, the attacker will happen because a user connected with a malicious websites
03:27
for the next question and that is the way blocked below and identify the possible attack type.
03:34
Here you have suppose methods
03:37
both the change of location webpage
03:39
and with Martin one minutes off difference between the two requests also notice that the refer changes
03:46
so this could be a cross side. Your question for the attack. Using the Post requests
03:53
the source off attack is they were page lyrical dogs that gone sis is opposed. Request. We cannot see the user of the password
04:03
sent by the malicious Web server that hosts little Good Dogs. Website. Very summery in There's Really which Coast
04:13
gross I'd requested for the attack.
04:15
And despite the attack on allies in the Web, several logs
04:19
for the next video. We won allies, other source off logs
04:24
like i PS logs

Up Next

Identifying Web Attacks Through Logs

This course will review web application infrastructure, web servers, and the logs associated with them. We will also simulate 10 attack scenarios and identify the attack through logs that are generated by the web server.

Instructed By

Instructor Profile Image
Igor Vieira
Information Security Analyst
Instructor