SlideShare uma empresa Scribd logo

Web identity part1

Transferir como PPTX, PDF
Islam Azeddine Mennouchi
Islam Azeddine Mennouchi
Tecnologia
1 de 48
Offensive & Defensive & Forensic Techniques for Determining Web User Identity Part 1 Mennouchi Islam Azeddine Based on Zak Zebrowski slide http://opensecuritytraining.info/ Azeddine.mennouchi@owasp,org 1
All materials is licensed under a Creative Commons “Share Alike” license. • http://creativecommons.org/licenses/by-sa/3.0/ 2
Welcome! 3
Let’s introduce one another… • I’m Islam • Free Sec, Consultant OWASP Algeria chapter leader • @AleiSec 4
Class Outline • • • • • • • • • Introduction Characteristics of connecting to the internet Internet Networking Background Offensive Ways to determine a web user identity Defensive ways to prevent determining a web user identity from the end user’s perspective Additional Tasks from those above Forensic Database Analysis Forensic Web Log Analysis Finish 5
Introduction • Why bother? – To determine who visits your website on the internet • Your bank wants to know if I’m in the US, or in the UK – To hide who you are on the internet. – To determine forensically who visited your website after some event happened. – Cool! I want to be an 31337 H4x0r • Not exactly. Everything in this presentation is old. New techniques evolve over time. 6
Ethics • Reminder: Use what you learn here for Good not Evil. • I am not a lawyer. • What you do is at your own risk. 7
Characteristics of Internet Connections • Questions to ask: – What devices connect to the internet? – When do you access the internet? – How are you connecting? • Why bother? – You can’t escape these characteristics, regardless of what you try to do… 8
What devices connect to the internet? • Almost easier to say what device doesn’t connect. • Here’s a list of things known to connect to the internet: – – – – – – – – – – – Computer Cell Phone SIP Phone (VOIP) Apple TV / Google TV Your thermostat (Multiple companies) Your alarm clock (Chumby) Your car (Chevy Volt) Your door lock (Schalage) Your picture frame Your camera (EYEFI sd card) Your watch ( pebble ; impulse ; etc) • && Each of these devices can be identified through various means – nmap –O –V 192.168.1.1 9
When do you connect? Source: google.com analytics (for my personals search history) && http://en.wikipedia.org/wiki/File:Timezones2010.png (licensed public domain). 10
How are you connecting? • • • • Dial Up Cellular Phone Device DSL / Cable FIOS • Other ways: – Satellite connections – Radio connections 11
Satellite Example • Designed for remote areas where other options not available – See http://www.wildbluesales.com/ as an example – As low as $39.95 / month ; 1mbs download ; other plans available • Valid as of 6/28/12 12
Radio Connections • Found in the US Virgin Islands / PR • Mountainous terrain; good weather (minus hurricanes); fixed coverage area; somewhat poor utility infrastructure. • http://www.ackley.vi/ – Photo source personal photos 13
Characteristics of Internet Connections Summary – What devices connect to the internet? • Almost anything, but they’re detectable – When do you access the internet? • Can generally detect what time zone you’re in. – How are you connecting? • Can be summarized if speed is detected. • Why bother? – You can’t escape these characteristics, regardless of what you try to do… 14
Basic Internet Technology Background • • • • What is an IP Address? How are IP Addresses Assigned? What is a NATed / Private IP Address? What is a Port? 15
What is an IP Address? • An IP Address is a unique identifier that allows you to connect to the internet. – Conceptually, it’s similar to your street address for your house 16
What is a NATed / Private IP Address? • There are a limited number of IP Addresses available. A ISP may assign you a particular IP Address, but not enough for all of your personal devices. “NATing” allows you to have many personal devices, while using only one public IP Address on the internet. – Conceptually, it’s similar to an apartment number in an apartment complex. • A private IP Address is simply a non-routable IP Address on the internet, which the home router gives to local machines, and via NAT routing connects to the internet. 17
How are IP Addresses Assigned? • IP Address ranges (a set of IP Addresses) are assigned to an ISP (Internet Service Provider) by a registrar. The specific registrar is dependent upon what domain you are purchasing for, though generally this is treated based upon the region in where you live. • A particular ISP can then assign you a particular IP Address for your router. – But the private IP Address space is only assigned by your router. 18
What is a port? • A port is simply a number, which allows two computer programs on different computers to communicate with one another. • Generally, certain services run on specific port numbers, however, a programmer can arbitrarily set what ports to connect to if there is a good reason too. – Port 22 for ssh traffic – Port 80 for http traffic 19
Questions? • You just survived the “boring” part. • 5 Minute Coffee / Bathroom break. • When we come back, we will start with offensive techniques to determine who a user is. 20
Identifying Techniques • These are server techniques to determine who you are. • IP Geolocation • What your browser expose when you browse to a web page. 21
IP Geolocation • IP Geolocation is the name for the technology to go from an IP Address to a physical location. Companies, and open source utilities, provide this IP Geolocation information in various formats to download off of the internet for use within your internal applications. Note: Sources generally provide other attributes as well as just ip location information, such as domain name, isp, org, or similar. This is a by-product of the analysis they perform. 22
IP Geolocation – what does that mean? • For a given IP Addresses, I can tell you approximately where they are located, without using a network connection. • Also, I can generally tell your internet provider – Verizon.com – Yourbuissness.com – Etc • I can use this to: – Send you targeted internet ads – Verify you have permission to view media content – Verify you are in a country the same as your credit card 23
How does one create an IP Geolocation database? Caveat: These only discuss how open source IP Geolocation techniques work, not commercial sources. • Ask the user  – Hostip.info • Host name: pool-70-108-49-201.res.east.verizon.net. IP address: 70.108.49.201 Location: UNITED STATES (change) • http://www.hostip.info (12/18/10, 1/7/12) 24
How does one create an IP Geolocation database (2)? • Query registries – Software77.net use the registry assignments provided by the registrars. However discrepancies creep in especially in cases of large multinational companies who have their base of operation on one country and satellite offices in other countries. Typically what happens is that a company based in say, the United States, also has a branch in Africa or Asia. • http://software77.net/faq.html (1/24/08) • http://software77.net/geo-ip/ 25
Open Sources • Maxmind – Country & City files (less accurate than paid version) – http://www.maxmind.com • Hostip.info – Community volunteers location, plus various automated features – http://hostip.info • Software77.net – Scrapes whois notifications of new domains – Provides a “birth date” for a domain. – http://software77.net/cgi-bin/ip-country/geo-ip.pl 26
Open Sources VS Commercial Sources • Open Source – Less data fields – Known algorithms – Unique attributes • Hostip.info is user contributed – could be interesting? • Software77.net has daily location updates. – Free • Convenient if you need to do this analysis infrequently • Commercial Data Sources – Claimed Higher accuracy – Dedicated staff – Costs Money 27
IP Geolocation Caveats • Can only get to the most visible IP Address. – No indication that a proxy is being used – (unless a well known proxy) • Time frame – Generally the data is delayed at least one month, plus time required to get the data into a usable format. – IP Addresses can be re-allocated from ISP to ISP in a short period of time. – Newly registered host names may not show up in a short amount of time – About 1-2% change per month (http://www.maxmind.com/app/faq) • Domain name resolution is limited – Multiple domain names can point to a single IP Address • “NATed” IP Addresses – Where a user at home uses a broadband modem to connect externally to the internet. Behind the modem there may be many machines, but there is only one IP Address facing the internet. – Alternatively, could be a rural ISP provider. 28
IPV6 • Starting to be integrated. – Currently “a small percentage” in any country hosts IPv6 servers. • http://www.ripe.net/ripe/meetings/ripe57/presentations/Colitti-Global_IPv6_statistics__Measuring_the_current_state_of_IPv6_for_ordinary_ users_.7gzD.pdf or http://preview.tinyurl.com/b36qzo • http://www.maxmind.com/app/ipv6 29
Example of information returned for my home connection in Constantine 30
Lab 1 – IP Geolocation • First browse to google.com, and search for “what is my ip address” – Record the IP Address. – Do the same thing with a different device (cell phone) • Next, browse to – http://hostip.info – Enter the IP Address and press go. 31
What your browser exposes • • • • • By Default By HTTP Cookies By Scripting By External Connections Follow along and go to the various websites… 32
By Default • Your IP Address / host name – REMOTE_ADDR : 70.108.107.180 – REMOTE_HOST : pool-70-108-107-180.res.east.verizon.net • User Agent (what web browser you use) – HTTP_USER_AGENT : Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6 (.NET CLR 3.5.30729) • Note language is exposed. • Cookies (if set) – – HTTP_COOKIE : __utma=145017023.1934880434.1277898848.1278891119.1278893601.5; __utmz=145017023.1277898848.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd This was set via a google analytics script I run to see who visits my main zak.freeshell.org page. • http://zak.freeshell.org/env.pl 33
By HTTP Cookies • Cookies were originally designed so that you could have a “stateful” web session for shopping. • A server sets a key value pair when returning a webpage or image. You send that key value pair with every request to that domain, until it expires. • Cookies only return information to the domain that you are visiting – Note, though, if you embed an image from a different server, that server can set a separate cookie. This is called a third party cookie. 34
By Scripting • How to tell what company you’re from • How to tell if you’ve visited other sites (HREF color JavaScript tester) • JavaScript Location API (Where you are) • “Click Heat” – where you’ve clicked • Ever Cookie.js – Have I seen you before? 35
How to tell what company you’re from • Via http://panopticlick.eff.org/ (with many other attributes you can get from scripting)  Flash code identifies system installed fonts  Do you have a “company “ font? See if you can find it! 36
What you’ve visited before script • Found in the wild. • Used to work. – Last year Firefox / other browsers have been patched against this type of exploit. • Uses JavaScript to look at <A HREF=“”> html to see what the color of the link is , to see if it’s been visited before • Example: Visited | Not Visited • See http://www.techdirt.com/articles/20101130/21535012065 /how-youporn-tries-to-hide-that-its-spying-your-browsinghistory.shtml or http://preview.tinyurl.com/3yqbptk 37
JavaScript Location API • New as of 10 Febuary 2010 • http://dev.w3.org/geo/api/spec-source.html • Will it work? It’s still a bit of a new feature, so it should on most browsers. – See http://html5demos.com/ for html5 integration and http://html5demos.com/geo for a geo location example. • Often uses Wi-Fi to detect location (unless a mobile device and it uses GPS) 38
Sample Location Code <HTML><BODY> <SCRIPT TYPE="text/JavaScript"> function showMap(position) { alert("Lat:" + position.coords.latitude + "," + "Long:" + position.coords. longitude); } // One-shot position request. if (navigator.geolocation){ navigator.geolocation.getCurrentPosition(showMap); } else { alert('No geolocation available. '); } </script> </BODY></HTML> 39
Notes on Location • Browser to OS for location information – Insert magic here in the OS level. • Location returned isWGS84 standard. • Can be off by a large distance 40
“ClickHeat” • http://www.labsmedia.com/clickheat/index.ht ml • Tracks where users click on your website via simple JavaScript. 41
“ClickHeat” Demo slide 42
Evercookie.js • Uses HTML 5 features ; flash ; JavaScript; and many other techniques to create an “evercookie” that can’t be revoked*. • See http://samy.pl/evercookie/ • *Easily anyways. – http://arstechnica.com/security/news/2010/10/itis-possible-to-kill-the-evercookie.ars – http://preview.tinyurl.com/29ka7ba 43
By External Connections • Browsers allow for multiple types of connections – For example: http ; ftp ; Microsoft shares ; etc. • By including a href link to a different type of connection, you may be bypassing proxy settings and thus exposing additional information about yourself. – Possibly your username / domain – Your real IP Address (because it’s not proxied.) • You can unknowingly request a different protocol by visiting a web page. • See http://www.defcon.org/images/defcon-17/dc-17presentations/defcon-17-gregory_fleischerattacking_tor.pdf or http://preview.tinyurl.com/brcg6ca 44
External Example – what you see 45
This is common! • This type of identification is profitable! – Multiple companies are interested in “fingerprinting” PC’s so they have a permanent record of your machine’s web accesses. – http://online.wsj.com/article/SB10001424052748 704679204575646704100959546.html or http://preview.tinyurl.com/32c9frf 46
See also • http://waxy.org/2011/11/google_analytics/ – Google Analytics A Potential Threat to Anonymous Bloggers • https://github.com/michaelhans/derezzedlight – Takes panopclick attributes via JavaScript, converts it to a browser key, and turns it into a logon mechanism for a website. 47
Questions? • Let’s have a break Next Time, we start with ways of preventing these mechanisms from working… 48

Recomendados

Zombie DNS
Zombie DNSZombie DNS
Zombie DNSAPNIC
 
Routing Security in 2017 – We can do better!
Routing Security in 2017 – We can do better!Routing Security in 2017 – We can do better!
Routing Security in 2017 – We can do better!APNIC
 
Route Origin Validation With Routinator - A MANRS Approach for Operators
Route Origin Validation With Routinator - A MANRS Approach for OperatorsRoute Origin Validation With Routinator - A MANRS Approach for Operators
Route Origin Validation With Routinator - A MANRS Approach for OperatorsBangladesh Network Operators Group
 
Transforming Expectations for Treat-Intelligence Sharing
Transforming Expectations for Treat-Intelligence SharingTransforming Expectations for Treat-Intelligence Sharing
Transforming Expectations for Treat-Intelligence SharingEMC
 
Insaat kursu-arnavutkoy
Insaat kursu-arnavutkoyInsaat kursu-arnavutkoy
Insaat kursu-arnavutkoysersld54
 
The wister family collection
The wister family collectionThe wister family collection
The wister family collectionseraphinlibrarian
 
Power point
Power pointPower point
Power pointSarawut Messi Single
 
Fri obama stimulus
Fri obama stimulusFri obama stimulus
Fri obama stimulusTravis Klein
 

Recomendados

Zombie DNS
Zombie DNSZombie DNS
Zombie DNSAPNIC
 
Routing Security in 2017 – We can do better!
Routing Security in 2017 – We can do better!Routing Security in 2017 – We can do better!
Routing Security in 2017 – We can do better!APNIC
 
Route Origin Validation With Routinator - A MANRS Approach for Operators
Route Origin Validation With Routinator - A MANRS Approach for OperatorsRoute Origin Validation With Routinator - A MANRS Approach for Operators
Route Origin Validation With Routinator - A MANRS Approach for OperatorsBangladesh Network Operators Group
 
Transforming Expectations for Treat-Intelligence Sharing
Transforming Expectations for Treat-Intelligence SharingTransforming Expectations for Treat-Intelligence Sharing
Transforming Expectations for Treat-Intelligence SharingEMC
 
Insaat kursu-arnavutkoy
Insaat kursu-arnavutkoyInsaat kursu-arnavutkoy
Insaat kursu-arnavutkoysersld54
 
The wister family collection
The wister family collectionThe wister family collection
The wister family collectionseraphinlibrarian
 
Power point
Power pointPower point
Power pointSarawut Messi Single
 
Fri obama stimulus
Fri obama stimulusFri obama stimulus
Fri obama stimulusTravis Klein
 
Money supply inflation
Money supply inflationMoney supply inflation
Money supply inflationTravis Klein
 
Monopsony graphs
Monopsony graphsMonopsony graphs
Monopsony graphsTravis Klein
 
โรคอ้วน!!
โรคอ้วน!!โรคอ้วน!!
โรคอ้วน!!sumethinee
 
Reasoning with rules - Application to N3/EYE and Stardog
Reasoning with rules - Application to N3/EYE and StardogReasoning with rules - Application to N3/EYE and Stardog
Reasoning with rules - Application to N3/EYE and StardogAna Roxin
 
教案分享 選出一樣的動物Ppt
教案分享 選出一樣的動物Ppt教案分享 選出一樣的動物Ppt
教案分享 選出一樣的動物Ppt浩哲 武
 
Fotonovel·la tutorial adrià, roger i gerard
Fotonovel·la tutorial adrià, roger i gerardFotonovel·la tutorial adrià, roger i gerard
Fotonovel·la tutorial adrià, roger i gerardmgonellgomez
 
Nco and exchange rates
Nco and exchange ratesNco and exchange rates
Nco and exchange ratesTravis Klein
 
Mon decartes knowledge
Mon decartes knowledgeMon decartes knowledge
Mon decartes knowledgeTravis Klein
 
201607アドミュージアム「世界を幸せにする広告」企画イベント「スタートアップ for Good」
201607アドミュージアム「世界を幸せにする広告」企画イベント「スタートアップ for Good」201607アドミュージアム「世界を幸せにする広告」企画イベント「スタートアップ for Good」
201607アドミュージアム「世界を幸せにする広告」企画イベント「スタートアップ for Good」Maco Yoshioka
 
Albert einstein
Albert einsteinAlbert einstein
Albert einstein6thclassClareCastle
 
Slideshare
Slideshare Slideshare
Slideshareludmilaartish
 
Analyst : Enterprise Strategy Group: Addressing NAS Backup and Recovery Chall...
Analyst : Enterprise Strategy Group: Addressing NAS Backup and Recovery Chall...Analyst : Enterprise Strategy Group: Addressing NAS Backup and Recovery Chall...
Analyst : Enterprise Strategy Group: Addressing NAS Backup and Recovery Chall...EMC
 
Introduction to the EMC XtremIO All-Flash Array
Introduction to the EMC XtremIO All-Flash ArrayIntroduction to the EMC XtremIO All-Flash Array
Introduction to the EMC XtremIO All-Flash ArrayEMC
 
Tms ppt
Tms pptTms ppt
Tms pptLalita Pandey
 
Tracing An IP Address or Domain Name by Raghu Khimani
Tracing An IP Address or Domain Name by Raghu KhimaniTracing An IP Address or Domain Name by Raghu Khimani
Tracing An IP Address or Domain Name by Raghu KhimaniDr Raghu Khimani
 
Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22SensePost
 
Web Fendamentals
Web FendamentalsWeb Fendamentals
Web FendamentalsHiren Mistry
 
Basic Foundation For Cybersecurity
Basic Foundation For CybersecurityBasic Foundation For Cybersecurity
Basic Foundation For CybersecurityMohammed Adam
 
Bcc comp4 ppt2
Bcc comp4 ppt2Bcc comp4 ppt2
Bcc comp4 ppt2ifrieshe
 
Computer Network Part 1
Computer Network Part 1Computer Network Part 1
Computer Network Part 1Jayaseelan Vejayon
 
Dist sniffing & scanning project
Dist sniffing & scanning projectDist sniffing & scanning project
Dist sniffing & scanning projectRishu Seth
 
Taking the Fear out of WAF
Taking the Fear out of WAFTaking the Fear out of WAF
Taking the Fear out of WAFBrian A. McHenry
 

Mais conteúdo relacionado

Destaque

Money supply inflation
Money supply inflationMoney supply inflation
Money supply inflationTravis Klein
 
โรคอ้วน!!
โรคอ้วน!!โรคอ้วน!!
โรคอ้วน!!sumethinee
 
Reasoning with rules - Application to N3/EYE and Stardog
Reasoning with rules - Application to N3/EYE and StardogReasoning with rules - Application to N3/EYE and Stardog
Reasoning with rules - Application to N3/EYE and StardogAna Roxin
 
教案分享 選出一樣的動物Ppt
教案分享 選出一樣的動物Ppt教案分享 選出一樣的動物Ppt
教案分享 選出一樣的動物Ppt浩哲 武
 
Fotonovel·la tutorial adrià, roger i gerard
Fotonovel·la tutorial adrià, roger i gerardFotonovel·la tutorial adrià, roger i gerard
Fotonovel·la tutorial adrià, roger i gerardmgonellgomez
 
Nco and exchange rates
Nco and exchange ratesNco and exchange rates
Nco and exchange ratesTravis Klein
 
Mon decartes knowledge
Mon decartes knowledgeMon decartes knowledge
Mon decartes knowledgeTravis Klein
 
201607アドミュージアム「世界を幸せにする広告」企画イベント「スタートアップ for Good」
201607アドミュージアム「世界を幸せにする広告」企画イベント「スタートアップ for Good」201607アドミュージアム「世界を幸せにする広告」企画イベント「スタートアップ for Good」
201607アドミュージアム「世界を幸せにする広告」企画イベント「スタートアップ for Good」Maco Yoshioka
 
Analyst : Enterprise Strategy Group: Addressing NAS Backup and Recovery Chall...
Analyst : Enterprise Strategy Group: Addressing NAS Backup and Recovery Chall...Analyst : Enterprise Strategy Group: Addressing NAS Backup and Recovery Chall...
Analyst : Enterprise Strategy Group: Addressing NAS Backup and Recovery Chall...EMC
 
Introduction to the EMC XtremIO All-Flash Array
Introduction to the EMC XtremIO All-Flash ArrayIntroduction to the EMC XtremIO All-Flash Array
Introduction to the EMC XtremIO All-Flash ArrayEMC
 

Destaque (14)

Money supply inflation
Money supply inflationMoney supply inflation
Money supply inflation
 
Monopsony graphs
Monopsony graphsMonopsony graphs
Monopsony graphs
 
โรคอ้วน!!
โรคอ้วน!!โรคอ้วน!!
โรคอ้วน!!
 
Reasoning with rules - Application to N3/EYE and Stardog
Reasoning with rules - Application to N3/EYE and StardogReasoning with rules - Application to N3/EYE and Stardog
Reasoning with rules - Application to N3/EYE and Stardog
 
教案分享 選出一樣的動物Ppt
教案分享 選出一樣的動物Ppt教案分享 選出一樣的動物Ppt
教案分享 選出一樣的動物Ppt
 
Fotonovel·la tutorial adrià, roger i gerard
Fotonovel·la tutorial adrià, roger i gerardFotonovel·la tutorial adrià, roger i gerard
Fotonovel·la tutorial adrià, roger i gerard
 
Nco and exchange rates
Nco and exchange ratesNco and exchange rates
Nco and exchange rates
 
Mon decartes knowledge
Mon decartes knowledgeMon decartes knowledge
Mon decartes knowledge
 
201607アドミュージアム「世界を幸せにする広告」企画イベント「スタートアップ for Good」
201607アドミュージアム「世界を幸せにする広告」企画イベント「スタートアップ for Good」201607アドミュージアム「世界を幸せにする広告」企画イベント「スタートアップ for Good」
201607アドミュージアム「世界を幸せにする広告」企画イベント「スタートアップ for Good」
 
Albert einstein
Albert einsteinAlbert einstein
Albert einstein
 
Slideshare
Slideshare Slideshare
Slideshare
 
Analyst : Enterprise Strategy Group: Addressing NAS Backup and Recovery Chall...
Analyst : Enterprise Strategy Group: Addressing NAS Backup and Recovery Chall...Analyst : Enterprise Strategy Group: Addressing NAS Backup and Recovery Chall...
Analyst : Enterprise Strategy Group: Addressing NAS Backup and Recovery Chall...
 
Introduction to the EMC XtremIO All-Flash Array
Introduction to the EMC XtremIO All-Flash ArrayIntroduction to the EMC XtremIO All-Flash Array
Introduction to the EMC XtremIO All-Flash Array
 
Tms ppt
Tms pptTms ppt
Tms ppt
 

Semelhante a Web identity part1

Tracing An IP Address or Domain Name by Raghu Khimani
Tracing An IP Address or Domain Name by Raghu KhimaniTracing An IP Address or Domain Name by Raghu Khimani
Tracing An IP Address or Domain Name by Raghu KhimaniDr Raghu Khimani
 
Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22SensePost
 
Basic Foundation For Cybersecurity
Basic Foundation For CybersecurityBasic Foundation For Cybersecurity
Basic Foundation For CybersecurityMohammed Adam
 
Bcc comp4 ppt2
Bcc comp4 ppt2Bcc comp4 ppt2
Bcc comp4 ppt2ifrieshe
 
Dist sniffing & scanning project
Dist sniffing & scanning projectDist sniffing & scanning project
Dist sniffing & scanning projectRishu Seth
 
Taking the Fear out of WAF
Taking the Fear out of WAFTaking the Fear out of WAF
Taking the Fear out of WAFBrian A. McHenry
 
Honeypots and Security
Honeypots and SecurityHoneypots and Security
Honeypots and SecurityAPNIC
 
Lesson 01 - Network Assessment
Lesson 01 - Network AssessmentLesson 01 - Network Assessment
Lesson 01 - Network AssessmentAngel G Diaz
 
Internet &web technology
Internet &web technology Internet &web technology
Internet &web technologySharmila Devi
 
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesPractical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesSam Bowne
 
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionHeartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionCASCouncil
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveIKT-Norge
 
Network Troubleshooting.pptx
Network Troubleshooting.pptxNetwork Troubleshooting.pptx
Network Troubleshooting.pptxMohamedSafeer14
 
Network - Lecture B
Network - Lecture BNetwork - Lecture B
Network - Lecture BCMDLearning
 
What is Nginx and Why You Should to Use it with Wordpress Hosting
What is Nginx and Why You Should to Use it with Wordpress HostingWhat is Nginx and Why You Should to Use it with Wordpress Hosting
What is Nginx and Why You Should to Use it with Wordpress HostingWPSFO Meetup Group
 

Semelhante a Web identity part1 (20)

Tracing An IP Address or Domain Name by Raghu Khimani
Tracing An IP Address or Domain Name by Raghu KhimaniTracing An IP Address or Domain Name by Raghu Khimani
Tracing An IP Address or Domain Name by Raghu Khimani
 
Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22
 
Web Fendamentals
Web FendamentalsWeb Fendamentals
Web Fendamentals
 
Basic Foundation For Cybersecurity
Basic Foundation For CybersecurityBasic Foundation For Cybersecurity
Basic Foundation For Cybersecurity
 
Bcc comp4 ppt2
Bcc comp4 ppt2Bcc comp4 ppt2
Bcc comp4 ppt2
 
Computer Network Part 1
Computer Network Part 1Computer Network Part 1
Computer Network Part 1
 
Dist sniffing & scanning project
Dist sniffing & scanning projectDist sniffing & scanning project
Dist sniffing & scanning project
 
Taking the Fear out of WAF
Taking the Fear out of WAFTaking the Fear out of WAF
Taking the Fear out of WAF
 
Honeypots and Security
Honeypots and SecurityHoneypots and Security
Honeypots and Security
 
Lesson 01 - Network Assessment
Lesson 01 - Network AssessmentLesson 01 - Network Assessment
Lesson 01 - Network Assessment
 
Internet &web technology
Internet &web technology Internet &web technology
Internet &web technology
 
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesPractical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
 
Gateway
GatewayGateway
Gateway
 
Lect_2.pptx
Lect_2.pptxLect_2.pptx
Lect_2.pptx
 
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionHeartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspective
 
Network Troubleshooting.pptx
Network Troubleshooting.pptxNetwork Troubleshooting.pptx
Network Troubleshooting.pptx
 
Network - Lecture B
Network - Lecture BNetwork - Lecture B
Network - Lecture B
 
Forefront UAG
Forefront UAGForefront UAG
Forefront UAG
 
What is Nginx and Why You Should to Use it with Wordpress Hosting
What is Nginx and Why You Should to Use it with Wordpress HostingWhat is Nginx and Why You Should to Use it with Wordpress Hosting
What is Nginx and Why You Should to Use it with Wordpress Hosting
 

Último

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 

Último (20)

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 

Web identity part1

  • 1. Offensive & Defensive & Forensic Techniques for Determining Web User Identity Part 1 Mennouchi Islam Azeddine Based on Zak Zebrowski slide http://opensecuritytraining.info/ Azeddine.mennouchi@owasp,org 1
  • 2. All materials is licensed under a Creative Commons “Share Alike” license. • http://creativecommons.org/licenses/by-sa/3.0/ 2
  • 4. Let’s introduce one another… • I’m Islam • Free Sec, Consultant OWASP Algeria chapter leader • @AleiSec 4
  • 5. Class Outline • • • • • • • • • Introduction Characteristics of connecting to the internet Internet Networking Background Offensive Ways to determine a web user identity Defensive ways to prevent determining a web user identity from the end user’s perspective Additional Tasks from those above Forensic Database Analysis Forensic Web Log Analysis Finish 5
  • 6. Introduction • Why bother? – To determine who visits your website on the internet • Your bank wants to know if I’m in the US, or in the UK – To hide who you are on the internet. – To determine forensically who visited your website after some event happened. – Cool! I want to be an 31337 H4x0r • Not exactly. Everything in this presentation is old. New techniques evolve over time. 6
  • 7. Ethics • Reminder: Use what you learn here for Good not Evil. • I am not a lawyer. • What you do is at your own risk. 7
  • 8. Characteristics of Internet Connections • Questions to ask: – What devices connect to the internet? – When do you access the internet? – How are you connecting? • Why bother? – You can’t escape these characteristics, regardless of what you try to do… 8
  • 9. What devices connect to the internet? • Almost easier to say what device doesn’t connect. • Here’s a list of things known to connect to the internet: – – – – – – – – – – – Computer Cell Phone SIP Phone (VOIP) Apple TV / Google TV Your thermostat (Multiple companies) Your alarm clock (Chumby) Your car (Chevy Volt) Your door lock (Schalage) Your picture frame Your camera (EYEFI sd card) Your watch ( pebble ; impulse ; etc) • && Each of these devices can be identified through various means – nmap –O –V 192.168.1.1 9
  • 10. When do you connect? Source: google.com analytics (for my personals search history) && http://en.wikipedia.org/wiki/File:Timezones2010.png (licensed public domain). 10
  • 11. How are you connecting? • • • • Dial Up Cellular Phone Device DSL / Cable FIOS • Other ways: – Satellite connections – Radio connections 11
  • 12. Satellite Example • Designed for remote areas where other options not available – See http://www.wildbluesales.com/ as an example – As low as $39.95 / month ; 1mbs download ; other plans available • Valid as of 6/28/12 12
  • 13. Radio Connections • Found in the US Virgin Islands / PR • Mountainous terrain; good weather (minus hurricanes); fixed coverage area; somewhat poor utility infrastructure. • http://www.ackley.vi/ – Photo source personal photos 13
  • 14. Characteristics of Internet Connections Summary – What devices connect to the internet? • Almost anything, but they’re detectable – When do you access the internet? • Can generally detect what time zone you’re in. – How are you connecting? • Can be summarized if speed is detected. • Why bother? – You can’t escape these characteristics, regardless of what you try to do… 14
  • 15. Basic Internet Technology Background • • • • What is an IP Address? How are IP Addresses Assigned? What is a NATed / Private IP Address? What is a Port? 15
  • 16. What is an IP Address? • An IP Address is a unique identifier that allows you to connect to the internet. – Conceptually, it’s similar to your street address for your house 16
  • 17. What is a NATed / Private IP Address? • There are a limited number of IP Addresses available. A ISP may assign you a particular IP Address, but not enough for all of your personal devices. “NATing” allows you to have many personal devices, while using only one public IP Address on the internet. – Conceptually, it’s similar to an apartment number in an apartment complex. • A private IP Address is simply a non-routable IP Address on the internet, which the home router gives to local machines, and via NAT routing connects to the internet. 17
  • 18. How are IP Addresses Assigned? • IP Address ranges (a set of IP Addresses) are assigned to an ISP (Internet Service Provider) by a registrar. The specific registrar is dependent upon what domain you are purchasing for, though generally this is treated based upon the region in where you live. • A particular ISP can then assign you a particular IP Address for your router. – But the private IP Address space is only assigned by your router. 18
  • 19. What is a port? • A port is simply a number, which allows two computer programs on different computers to communicate with one another. • Generally, certain services run on specific port numbers, however, a programmer can arbitrarily set what ports to connect to if there is a good reason too. – Port 22 for ssh traffic – Port 80 for http traffic 19
  • 20. Questions? • You just survived the “boring” part. • 5 Minute Coffee / Bathroom break. • When we come back, we will start with offensive techniques to determine who a user is. 20
  • 21. Identifying Techniques • These are server techniques to determine who you are. • IP Geolocation • What your browser expose when you browse to a web page. 21
  • 22. IP Geolocation • IP Geolocation is the name for the technology to go from an IP Address to a physical location. Companies, and open source utilities, provide this IP Geolocation information in various formats to download off of the internet for use within your internal applications. Note: Sources generally provide other attributes as well as just ip location information, such as domain name, isp, org, or similar. This is a by-product of the analysis they perform. 22
  • 23. IP Geolocation – what does that mean? • For a given IP Addresses, I can tell you approximately where they are located, without using a network connection. • Also, I can generally tell your internet provider – Verizon.com – Yourbuissness.com – Etc • I can use this to: – Send you targeted internet ads – Verify you have permission to view media content – Verify you are in a country the same as your credit card 23
  • 24. How does one create an IP Geolocation database? Caveat: These only discuss how open source IP Geolocation techniques work, not commercial sources. • Ask the user  – Hostip.info • Host name: pool-70-108-49-201.res.east.verizon.net. IP address: 70.108.49.201 Location: UNITED STATES (change) • http://www.hostip.info (12/18/10, 1/7/12) 24
  • 25. How does one create an IP Geolocation database (2)? • Query registries – Software77.net use the registry assignments provided by the registrars. However discrepancies creep in especially in cases of large multinational companies who have their base of operation on one country and satellite offices in other countries. Typically what happens is that a company based in say, the United States, also has a branch in Africa or Asia. • http://software77.net/faq.html (1/24/08) • http://software77.net/geo-ip/ 25
  • 26. Open Sources • Maxmind – Country & City files (less accurate than paid version) – http://www.maxmind.com • Hostip.info – Community volunteers location, plus various automated features – http://hostip.info • Software77.net – Scrapes whois notifications of new domains – Provides a “birth date” for a domain. – http://software77.net/cgi-bin/ip-country/geo-ip.pl 26
  • 27. Open Sources VS Commercial Sources • Open Source – Less data fields – Known algorithms – Unique attributes • Hostip.info is user contributed – could be interesting? • Software77.net has daily location updates. – Free • Convenient if you need to do this analysis infrequently • Commercial Data Sources – Claimed Higher accuracy – Dedicated staff – Costs Money 27
  • 28. IP Geolocation Caveats • Can only get to the most visible IP Address. – No indication that a proxy is being used – (unless a well known proxy) • Time frame – Generally the data is delayed at least one month, plus time required to get the data into a usable format. – IP Addresses can be re-allocated from ISP to ISP in a short period of time. – Newly registered host names may not show up in a short amount of time – About 1-2% change per month (http://www.maxmind.com/app/faq) • Domain name resolution is limited – Multiple domain names can point to a single IP Address • “NATed” IP Addresses – Where a user at home uses a broadband modem to connect externally to the internet. Behind the modem there may be many machines, but there is only one IP Address facing the internet. – Alternatively, could be a rural ISP provider. 28
  • 29. IPV6 • Starting to be integrated. – Currently “a small percentage” in any country hosts IPv6 servers. • http://www.ripe.net/ripe/meetings/ripe57/presentations/Colitti-Global_IPv6_statistics__Measuring_the_current_state_of_IPv6_for_ordinary_ users_.7gzD.pdf or http://preview.tinyurl.com/b36qzo • http://www.maxmind.com/app/ipv6 29
  • 30. Example of information returned for my home connection in Constantine 30
  • 31. Lab 1 – IP Geolocation • First browse to google.com, and search for “what is my ip address” – Record the IP Address. – Do the same thing with a different device (cell phone) • Next, browse to – http://hostip.info – Enter the IP Address and press go. 31
  • 32. What your browser exposes • • • • • By Default By HTTP Cookies By Scripting By External Connections Follow along and go to the various websites… 32
  • 33. By Default • Your IP Address / host name – REMOTE_ADDR : 70.108.107.180 – REMOTE_HOST : pool-70-108-107-180.res.east.verizon.net • User Agent (what web browser you use) – HTTP_USER_AGENT : Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6 (.NET CLR 3.5.30729) • Note language is exposed. • Cookies (if set) – – HTTP_COOKIE : __utma=145017023.1934880434.1277898848.1278891119.1278893601.5; __utmz=145017023.1277898848.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd This was set via a google analytics script I run to see who visits my main zak.freeshell.org page. • http://zak.freeshell.org/env.pl 33
  • 34. By HTTP Cookies • Cookies were originally designed so that you could have a “stateful” web session for shopping. • A server sets a key value pair when returning a webpage or image. You send that key value pair with every request to that domain, until it expires. • Cookies only return information to the domain that you are visiting – Note, though, if you embed an image from a different server, that server can set a separate cookie. This is called a third party cookie. 34
  • 35. By Scripting • How to tell what company you’re from • How to tell if you’ve visited other sites (HREF color JavaScript tester) • JavaScript Location API (Where you are) • “Click Heat” – where you’ve clicked • Ever Cookie.js – Have I seen you before? 35
  • 36. How to tell what company you’re from • Via http://panopticlick.eff.org/ (with many other attributes you can get from scripting)  Flash code identifies system installed fonts  Do you have a “company “ font? See if you can find it! 36
  • 37. What you’ve visited before script • Found in the wild. • Used to work. – Last year Firefox / other browsers have been patched against this type of exploit. • Uses JavaScript to look at <A HREF=“”> html to see what the color of the link is , to see if it’s been visited before • Example: Visited | Not Visited • See http://www.techdirt.com/articles/20101130/21535012065 /how-youporn-tries-to-hide-that-its-spying-your-browsinghistory.shtml or http://preview.tinyurl.com/3yqbptk 37
  • 38. JavaScript Location API • New as of 10 Febuary 2010 • http://dev.w3.org/geo/api/spec-source.html • Will it work? It’s still a bit of a new feature, so it should on most browsers. – See http://html5demos.com/ for html5 integration and http://html5demos.com/geo for a geo location example. • Often uses Wi-Fi to detect location (unless a mobile device and it uses GPS) 38
  • 39. Sample Location Code <HTML><BODY> <SCRIPT TYPE="text/JavaScript"> function showMap(position) { alert("Lat:" + position.coords.latitude + "," + "Long:" + position.coords. longitude); } // One-shot position request. if (navigator.geolocation){ navigator.geolocation.getCurrentPosition(showMap); } else { alert('No geolocation available. '); } </script> </BODY></HTML> 39
  • 40. Notes on Location • Browser to OS for location information – Insert magic here in the OS level. • Location returned isWGS84 standard. • Can be off by a large distance 40
  • 41. “ClickHeat” • http://www.labsmedia.com/clickheat/index.ht ml • Tracks where users click on your website via simple JavaScript. 41
  • 43. Evercookie.js • Uses HTML 5 features ; flash ; JavaScript; and many other techniques to create an “evercookie” that can’t be revoked*. • See http://samy.pl/evercookie/ • *Easily anyways. – http://arstechnica.com/security/news/2010/10/itis-possible-to-kill-the-evercookie.ars – http://preview.tinyurl.com/29ka7ba 43
  • 44. By External Connections • Browsers allow for multiple types of connections – For example: http ; ftp ; Microsoft shares ; etc. • By including a href link to a different type of connection, you may be bypassing proxy settings and thus exposing additional information about yourself. – Possibly your username / domain – Your real IP Address (because it’s not proxied.) • You can unknowingly request a different protocol by visiting a web page. • See http://www.defcon.org/images/defcon-17/dc-17presentations/defcon-17-gregory_fleischerattacking_tor.pdf or http://preview.tinyurl.com/brcg6ca 44
  • 45. External Example – what you see 45
  • 46. This is common! • This type of identification is profitable! – Multiple companies are interested in “fingerprinting” PC’s so they have a permanent record of your machine’s web accesses. – http://online.wsj.com/article/SB10001424052748 704679204575646704100959546.html or http://preview.tinyurl.com/32c9frf 46
  • 47. See also • http://waxy.org/2011/11/google_analytics/ – Google Analytics A Potential Threat to Anonymous Bloggers • https://github.com/michaelhans/derezzedlight – Takes panopclick attributes via JavaScript, converts it to a browser key, and turns it into a logon mechanism for a website. 47
  • 48. Questions? • Let’s have a break Next Time, we start with ways of preventing these mechanisms from working… 48

Notas do Editor

  1. Source: http://www.directv.com/DTVAPP/content/directv/internet
  2. Source Ackley communications website &amp;&amp; personal photos.
  3. http://en.wikipedia.org/wiki/Panopticon - Panopticon from wikipeida: The Panopticon is a type of prison building designed by English philosopher and social theorist Jeremy Bentham in 1785. The concept of the design is to allow an observer to observe (-opticon) all (pan-) prisoners without the incarcerated being able to tell whether they are being watched, thereby conveying what one architect has called the &quot;sentiment of an invisible omniscience.&quot;