Worksheet 10: Web and Browser | Computer Security (Fall 2024)

Worksheet 10: Web and Browser

Worksheets are self-guided activities that reinforce lectures. They are not graded for accuracy, only for completion. Worksheets are due by the start of the next lecture via Blackboard link as a single PDF document. Be sure to properly label each question.

  1. For the following URL, explain each part

    https://cs.engineering.gwu.edu/adam-aviv

  2. Modify the above URL such that you make a HTTP (not HTTPS) request on port 8888 with the query parameters foo=bar and baz=10

  3. There is no way we can do a whole course on Javascript within the confines of this class, but fortunately, Javascript (JS) is relatively easy to learn and use. To make sure you have some background, go through the W3 school tutorial on JS through JS Strings. There are lots of examples and built in places you can test your code.

    To show you understand a little bit of javascript, add some code to the sample html page below that switches the text back and from “RED” to “BLUE” every time the button is pressed and changes the color:

    <span id="color" style="color:red">RED</span>
<button id="mybutton">Click Me</button>

    Like below.

    RED

  4. What is the purpose of the Host: header in an HTTP request and why is it needed?

  5. The DOM (or document object model) is how a website represents a webpage and what you reference using the object variable document in JS. If you wanted to change/redirect the current page using javascript, what property of the DOM would you change?

  6. What are cookies (not the kind you eat) and what purpose do they serve?

  7. Read this article on third-party cookies on Wikipedia. In your own words, explain how third-party cookies can be used for tracking.

  8. What is cookie theft, how could it occur, and how can it be used to perform unauthorized access?

  9. When you complete a web form, that content is POST‘ed to a URL, such as performing a bank transaction. Suppose that a victim is already logged into a banking website and has an authentication cookie in their browser, if the attacker were to somehow (say through social engineering) get the victim to click on a link that issued a POST to the bank, the victim’s cookie would authenticate that request despite the fact that the victim didn’t directly authorize the request.

    What is the name of this attack? And what mechanism could be used to mitigate it?

  10. In this, final, worksheet activity for the year, you will be attacking a website provided by OWASP. OWASP (Open Worldwide Application Security Project) as an organization aims to promote knowledge about web vulnerabilities and mitigation’s. This website, the Juice Shop, is a teaching tool for gaining hands-on experience with a wide range of web vulnerabilities. In this project, you will only be completing a small fraction of the challenges available for this website, and after this class this will remain an excellent source to sharpen your web hacking skills.

    To start, visit the Juice Shop information website. You should read the preface and skim over Section 1. You will need to follow the instructions in Part 1: Running OWASP Juice Shop to get this setup and running. Personally, I recommend that you run Juice Shop using docker. This can be done with a single command.

    docker run --rm -p 3000:3000 -e NODE_ENV=unsafe bkimminich/juice-shop

    After you have downloaded these files, you are ready to start the project. Your
    first task will be to find the scoreboard – see Part 2 of the website,
    Finding the Scoreboard.

    There are many, many challenges, but try to focus on the following:

    1. DOM XSS
    2. Reflected XSS
    3. Forged Review
    4. Login Admin
    5. Admin Section
    6. Admin Registration
    7. API-Only XSS

    In your worksheet writeup, describe how many you did, and why your attack on each worked and how you might patch the code.