Contenu connexe
Similaire à 第0回ワススタ!! #wasbookを読もう (20)
第0回ワススタ!! #wasbookを読もう
- 1. 0 !!
#wasbook
WebApplicationSecurityStudy #wassta
- 2. Who are you ?
• @tnantoka
•
• bornneet.com
• JavaScript
• looseleaf
• jsany
- 5. • 1 Web
• 2
• 3 Web
HTTP
• 4 Web
• 5
• 6
• 7 Web
• 8 Web
• 9 Web
- 6. • 1 Web
• 2
• 3 Web
HTTP
• 4 Web
• 5
• 6
• 7 Web
• 8 Web
• 9 Web
- 22. VMware
• 30
• 4000
• http://www.act2.com/products/fusion3.html
- 31. HTTP Request
GET /index.html HTTP/1.1 rn
Host: www.bornneet.com rn
User-Agent: Mozilla/5.0 (Macintosh; ... Firefox/4.0 rn
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 rn
Accept-Language: ja,en-us;q=0.7,en;q=0.3 rn
Accept-Encoding: gzip, deflate rn
Accept-Charset: Shift_JIS,utf-8;q=0.7,*;q=0.7 rn
Keep-Alive: 115 rn
Connection: keep-alive rn
Cookie: ... rn
rn
- 32. HTTP Response
HTTP/1.1 200 OK rn
Date: Mon, 11 Apr 2011 14:03:03 GMT rn
Server: Apache rn
X-Powered-By: ModLayout/3.2.1 rn
Cache-Control: no-cache rn
Connection: close rn
Content-Type: text/html rn
Content-Encoding: gzip rn
Content-Length: 41 rn
rn
<html><body>Hello, wasbook!</body></html>
- 47. client server
HTTP Request
- 48. client server
HTTP Request
HTTP Response
- 52. Cookie
client @tnantoka
server
HTTP Request
SessionID
123abc
@tnantoka
- 53. Cookie
client @tnantoka
server
HTTP Request
SessionID
@tnantoka 123abc
HTTP Response @tnantoka
Set-Cookie: 123abc
- 55. client server
HTTP Request
Cookie: 123abc
- 56. client server
HTTP Request
Cookie: 123abc
SessionID
123abc...
@tnantoka!
- 57. client server
HTTP Request
Cookie: 123abc
SessionID
123abc...
@tnantoka @tnantoka!
HTTP Response
- 59. ID
• ! && ! && !
•
•
• Cookie
• Secure, HttpOnly...
•
- 68. Layer5
HTTP
/
HTTP
SSL
TCP
IP
- 88. Hash
equal?
Decrypt
CA
- 91. 2011/3
• CA
• mail.google.com, login.skype.com...
•
•