A project to display how a website can be attacked through session mismanagement on php. There are 2 website samples here- website 1(DO) and website 2(Blank_Page).
Start at Do_161493.html and progress through the website by clicking on register.
Then go to Cricket tournament, after filling the login page and filling the details.
If you copy paste the url you will be able to recreate the session again, which is a type of broken authentication, due to lack of session management.
The solution to this is by using Session variables and creating a logout function.
All of these are implemented in the Solution part.
Note:Install Xampp or Apache or something similar to make the php files work!
Tasks assigned/ Objectives given:
To understand Broken Authentication attack on websites. To understand Session Management.of websites. To implement an attack To show a solution of the attack.
There can be many types of weaknesses in a website that allow an attacker to either capture or bypass the authentication methods that are used by a web application or a website.
User authentication credentials: When the user authentication credentials are not protected when stored by the website, this type of attack is very possible.
Predictable login credentials: The user should be suggested to give more complex login credentials , so that they may not be attacked easily.
Session IDs are exposed in the URL This occurs when the GET method is used by the website , to connect the details from the sign in page to the next page.
Session IDs are vulnerable to session fixation attacks. The session id can be utilized to identify the session variables and expose the details of the user. It is essential to hide these id details from the user.
Session value does not timeout or does not get invalidated after logout. There needs to be a system to end all session variables when the user has logged out, so that they may not be available to any other user logging in.
Session IDs are not rotated after successful login. It is essential to regenerate a new session id so that the current id would not be recreated.
Misconceptions: Generally, it is assumed that the attacker would be able to assume any session id by themselves and access any session at will. Actually, session Ids are generated by the web application and are unique for any authenticated user. These IDs are very difficult to duplicate through brute force method. They are generated after considering the user login details as well.
Details of Website used: 5 pages: 1)Do_1614093.html 2)signin_do.php 3)Wilkommen_2.php 4)Event_do.php 5)Logouter.php 6)byebye.php
Each webpage consists of a fixed footer which displays the ongoing session id. This allows us to understand if the session has been recreated or not.
Below are the details of a website that has been created, in a manner to exhibit broken authentication and improper session management.
In order to show the possibility of website being attacked by this method, we have exposed some vulnerabilities in the website.
1)The website does not have a properly functioning logout method.
2)The website utilizes GET method to carry user information from the sign_in page
3)Passwords of all kinds were allowed.
1)Using POST method
2)Requesting user to provide better passwords
3)Creating a full fledged logout system:
4)Ensuring only partial sharing of webpage URL:
5)Ensuring the page cannot be retieved by going back or forward on the website
6)Logout checker