From the course: Ethical Hacking: Session Hijacking
Unlock the full course today
Join today to access over 22,400 courses taught by industry experts or purchase this course individually.
Banking on Zero - Linux Tutorial
From the course: Ethical Hacking: Session Hijacking
Banking on Zero
- [Instructor] When learning how to do web testing, it's useful to have a target website to use. While Metasploitable does provide a website, this doesn't always have the functionality required. A better solution to use for more real world testing is the HP450 online banking web server. We can see the main screen with the login button at the top right. ZeroBank has a number of deliberate security flaws, and we'll use this further in the web testing course. However for this course, we're just interested in using a standard website. To get in, we just use the username username, and the password password. Now we're in, we can see we have an account available, and we can check activity, transfer funds, pay bills, look at our money map, and get statements, okay? I'll log out now, and we'll come back to this site as we start testing.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
Understanding web sessions4m 8s
-
Understanding WebSockets2m 41s
-
Banking on Zero1m 10s
-
Hijacking sessions using man-in-the-browser4m 32s
-
Intercepting sessions through man-in-the-middle4m 17s
-
Stripping SSL to downgrade the session1m 54s
-
Hijacking an HTTP session through cookies3m 20s
-
Using Subterfuge to hijack sessions through ARP poisoning7m 8s
-
Using Webscarab-NG as a web proxy3m 14s
-
Defeating the Hijack3m 6s
-
-
-
-
-