Please write a report on both model 6 and 8 labs that discuss each labs objective and expected outcomes
Introduction
In this activity, you will learn to manipulate the session between the user and the browser.
Instructions
Follow the steps given in the following document:
Burpsuite and DVWA Lab [PDF, 1.2 MB]
After you complete the lab, you will submit a short paper of 2 to 3 pages in a word document listing the following:
List of authentication cookies identified in the lab and include a screenshot of the cookie.
List any security loopholes in the identified authentication cookie as per the security guidelines discussed in the module.
Explain how the items listed in 1 and 2 be used to secure sessions.
In this activity, you will learn to manipulate the session between the user and the browser.
You will use the following tools:
Damn Vulnerable Web App (DVWA) Damn Vulnerable Web App (DVWA) is a
PHP/MySQL web application that is vulnerable. Its main goals are to be an aid for
security professionals to test their skills and tools in a legal environment, help web
developers better understand the processes of securing web applications, and aid
teachers/students to teach/learn web application security in a class room environment.
Burp Suite Burp Suite is a Java application that can be used to secure or crack web
applications. The suite consists of different tools, like a proxy server, a web spider, an
intruder, and a so-called repeater, with which requests can be automated. You will use
this to capture cookies and username and passwords in session happening between the
user and the server.
After you complete the lab, you will:
List authentication cookies identified in the steps.
List any security loop holes in the identified authentication cookie as per the security
guidelines discussed in the module.
Explain how the authentication cookies found in the lab can be used for a Man-in-the-
Middle attack.
Introductory Video
1. Watch the video, Session Hijacking (https://youtu.be/uAHkCRbjPLY)
2. The vulnerable website in this video is the WebGoat site; for your hands-lab, you will
use a similar vulnerable website named DVWA as noted above.
3. Pay particular attention to the way Burp Suite is used for the various session hijacking
activities to give you context as to how hackers can use the tool.