Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-23 21:24:06 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/network-services-pentesting/pentesting-web/nodejs-express.md
Translator workflow a21a0e7217 Translated to Chinese
2023-08-03 19:12:22 +00:00

5.9 KiB
Raw Blame History

NodeJS Express

Cookie Signature

The tool https://github.com/DigitalInterruption/cookie-monster 是一个用于自动化测试和重新签名 Express.js cookie secrets 的实用工具。

使用特定名称的单个 cookie

$ cookie-monster -c eyJmb28iOiJiYXIifQ== -s LVMVxSNPdU_G8S3mkjlShUD78s4 -n session

自定义字典

To perform a more targeted and effective password attack, you can create a custom wordlist tailored to the specific target. A custom wordlist consists of a collection of words, phrases, and patterns that are likely to be used as passwords by the target users.

为了进行更有针对性和有效的密码攻击,您可以创建一个特定目标的自定义字典。自定义字典由一系列单词、短语和模式组成,这些单词、短语和模式很可能是目标用户使用的密码。

Creating a custom wordlist involves gathering information about the target, such as their interests, hobbies, favorite sports teams, names of family members, significant dates, and any other personal information that could be used as a password. This information can be obtained through social engineering techniques, OSINT (Open Source Intelligence) gathering, or by analyzing the target's online presence.

创建自定义字典涉及收集有关目标的信息例如他们的兴趣、爱好、喜欢的运动队、家庭成员的姓名、重要日期以及其他可能用作密码的个人信息。可以通过社会工程技术、OSINT开放源情报收集或分析目标的在线存在来获取这些信息。

Once you have gathered the relevant information, you can compile it into a wordlist using tools like Crunch, Cewl, or custom scripts. It is important to organize the wordlist in a way that maximizes the chances of success. This can include variations of words, common substitutions (e.g., replacing 'o' with '0' or 's' with '$'), and appending/prepending numbers or special characters.

收集到相关信息后可以使用Crunch、Cewl或自定义脚本等工具将其编译成字典。重要的是以最大化成功机会的方式组织字典。这可以包括单词的变体、常见的替换例如用'0'替换'o'或用'$'替换's')以及添加/前置数字或特殊字符。

Remember to always use custom wordlists responsibly and within the boundaries of legal and ethical hacking.

$ cookie-monster -c eyJmb28iOiJiYXIifQ== -s LVMVxSNPdU_G8S3mkjlShUD78s4 -w custom.lst

使用批处理模式测试多个Cookie

In some cases, a web application may use multiple cookies to store session information or other data. To efficiently test the security of such applications, you can use the batch mode feature in tools like Burp Suite or OWASP ZAP.

在某些情况下Web应用程序可能使用多个Cookie来存储会话信息或其他数据。为了高效地测试这类应用程序的安全性您可以使用Burp Suite或OWASP ZAP等工具中的批处理模式功能。

Batch mode allows you to define a list of cookies and their corresponding values, which can then be automatically injected into each request made by the tool. This way, you can quickly test the application's behavior with different cookie combinations.

批处理模式允许您定义一组Cookie及其相应的值然后自动将其注入到工具发送的每个请求中。这样您可以快速测试应用程序在不同Cookie组合下的行为。

To use batch mode, follow these steps:

要使用批处理模式,请按照以下步骤操作:

  1. Identify the cookies used by the application and their possible values.

  2. Create a text file with the list of cookies and their values in the following format:

    cookie1=value1
cookie2=value2
...

  3. Save the file with a .txt extension.

  4. Open your chosen tool (e.g., Burp Suite or OWASP ZAP) and configure it to use the batch mode feature.

  5. Specify the path to the text file containing the cookie values.

  6. Start the scanning or testing process.

  7. 首先确定应用程序使用的Cookie及其可能的值。

  8. 创建一个文本文件按以下格式列出Cookie及其值

    cookie1=value1
cookie2=value2
...

  9. 将文件保存为.txt扩展名。

  10. 打开您选择的工具例如Burp Suite或OWASP ZAP并配置它以使用批处理模式功能。

  11. 指定包含Cookie值的文本文件的路径。

  12. 启动扫描或测试过程。

By testing multiple cookies in batch mode, you can efficiently identify any vulnerabilities or misconfigurations related to cookie handling in the web application.

通过在批处理模式下测试多个Cookie您可以高效地识别与Web应用程序中的Cookie处理相关的任何漏洞或配置错误。

$ cookie-monster -b -f cookies.json

使用自定义字典批量测试多个Cookie

To test multiple cookies using batch mode with a custom wordlist, you can follow these steps:

  1. Create a text file containing the cookies you want to test. Each cookie should be on a separate line.

  2. Create a custom wordlist file containing the values you want to test for each cookie. Each value should be on a separate line.

  3. Use a tool like curl or wget to send HTTP requests to the target web application, including the cookies from the file created in step 1.

  4. Use a loop or a script to iterate through each cookie and each value in the custom wordlist file. For each combination, send an HTTP request with the corresponding cookie value.

  5. Analyze the responses received from the web application to identify any potential vulnerabilities or misconfigurations.

By testing multiple cookies with a custom wordlist, you can efficiently check for any security issues related to cookie handling in the target web application.

$ cookie-monster -b -f cookies.json -w custom.lst

编码和签名一个新的cookie

如果你知道密钥你可以对cookie进行签名。

$ cookie-monster -e -f new_cookie.json -k secret