Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
75 views7 pages

Lab Assignment Module 5 Lab 1

This lab assignment involved using OWASP ZAP to exploit a session hijacking vulnerability. The researcher replaced the content of the innocuous site "darkcodes.icu" with the legitimate site "www.goodshopping.com", tricking the user's browser. This underscores the importance of strong session management and security. The lab also explored using an HTTP filter to scrutinize host headers and flag suspicious requests from unexpected destinations, potentially indicating unauthorized access attempts or data transmission. The researcher gained insight into spoofing connections and MITM attacks from this tool, which was new to their previous experience.

Uploaded by

Jonathan Pena
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
75 views7 pages

Lab Assignment Module 5 Lab 1

This lab assignment involved using OWASP ZAP to exploit a session hijacking vulnerability. The researcher replaced the content of the innocuous site "darkcodes.icu" with the legitimate site "www.goodshopping.com", tricking the user's browser. This underscores the importance of strong session management and security. The lab also explored using an HTTP filter to scrutinize host headers and flag suspicious requests from unexpected destinations, potentially indicating unauthorized access attempts or data transmission. The researcher gained insight into spoofing connections and MITM attacks from this tool, which was new to their previous experience.

Uploaded by

Jonathan Pena
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 7

Lab Assignment Number Module 5 Lab Assignment 1

Lab Assignment Name Module 5 Lab Assignment 1


Screenshots (Paste at least 5 screenshots here):
Lab Observations/Information Gathered.

1. In this particular situation, we harnessed the capabilities of OWASP ZAP to exploit a vulnerability
known as session hijacking. This involved a clever maneuver where we replaced the content of a
seemingly innocuous and empty site, "darkcodes.icu," with the legitimate and trusted
"www.goodshopping.com." The end result was a bit of a digital sleight of hand, tricking the user's
web browser into thinking it was interacting with "darkcodes.icu," when in reality, all the behind-the-
scenes action was unfolding on the "www.goodshopping.com" domain. This incident underscores the
critical importance of having strong session management practices and robust security measures in
place within web applications. These defenses are essential to thwart attempts like session hijacking
and other cyber threats that exploit vulnerabilities.
Let’s talk about that filter we used: http.host != http.host:www.goodshopping.com. Think of it as a
vigilant gatekeeper that stands guard over incoming HTTP requests. Its job is to scrutinize the "host
header," which essentially points to the destination web server. Whenever this filter spots a host
header that does not match our expected "www.goodshopping.com," it raises a metaphorical flag,
indicating the possibility of something suspicious is going on like someone trying to communicate
with an unauthorized or unexpected destination. Now, imagine this scenario: you spot a full URI
request that does not fit within the filter's parameters. It is like finding a mysterious message that
somehow slipped through the gatekeeper's watchful eye. This could be a hint that there is more
happening behind the scenes, perhaps data being transmitted away without permission or
unauthorized access attempts. I had no experience with this tool in my previous jobs so this was a
good insight into spoofing a connection and a MITM attack.

Lab Assignment Submission Template


References:

EC-Council (2020). Certified Ethical Hacker (CEH) Version 11 w/ iLabs (Volumes 1 through 4).
International Council of E-Commerce Consultants (EC
Council). https://bookshelf.vitalsource.com/books/9781635675160

You might also like