Session Hijack Assignment #4 Solution

Description

• Please finish the lab according to the attached file , then submit the report of lab 4 based on the lab report template.

 

 

• Please submit your source code in zip file. (4.3.zip)

 

Assignment 4.1 Session Hijack

 

 

• Try to capture session cookie of pms.sustc.edu.cn (yours or your classmates’)

 

• Manipulate your cookie of pms.sustc.edu.cn to hijack this session. (Chrome Extension: edit this cookie)

 

• Or you can replay the HTTP request using curl. (https://github.com/jullrich/pcap2curl)

 

• Write your report:

 

– How did you capture the cookie? What’s the content of the cookie?

 

– How did you set your cookie into target values? Show the edit page

 

–  Did you success hijack the session? Describe how did you do it

 

Assignment 4.2    DNS Inspection

 

• Capture DNS query sent from your computer

 

–  Using capture filter udp port 53

 

–  Using display filter (any domain filter is ok)

 

◦ Write your report:

 

–  How did you trigger the DNS query ?

 

–  Where did the query send? (IP)

 

–  What did the query said?

 

–  Does the server support recursive query?

 

–  What did the response said?

 

Assignment 4.3

 

Enhanced File Browser (Class A Only)

 

• Based on Assignment 3.3, implement following features:

 

–  Range Header support

 

▪ With this feature implemented, user can pause and resume download file from the server.

 

–  Session Cookie support:

 

▪ Remember last folder user visited, response with 302 Found if user access root directory.

 

Example:

 

Request: GET http://localhost:8080

 

Response: 302 Found, Location: http://localhost:8080/lastdir

 

Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Location