Resources

Wir bauen echte Partnerschaften mit unseren Kunden auf

• Whitepaper
  • Crouching Tiger, Hidden Dragon, Stolen Data
  • Web Application Vulnerability Statistics 2010-2011
  • Assessing Cloud Node Security
  • Smartphones in the Enterprise
  • Clickjacking
• Tools
  • Canape
    • Download
    • Sample Projects
  • Clickjacking tool
  • CAT
    • Warum CAT?
    • Features
    • Download
    • Bedienungsanleitung
      • Installation
      • Menu
      • Options
      • Log view
      • Repeater panel
      • Proxy panel
      • Fuzzer panel
      • Log panel
      • Auth checker panel
      • SSL phecker panel
      • Notepad
      • Integrated web browser panel
      • Additional Information
  • Mbean Trojan
  • IIS7 Header Block
• Blog
  • Cloud - Dirty Disks Raise New Questions About Cloud Security
  • App - Framesniffing against SharePoint and LinkedIn
  • Malware 2 - From Infection to Persistence
  • Server Technologies - HTTPS BEAST Attack
  • Malware - Dark Comet RAT
  • Server Technologies - Reverse Proxy Bypass
  • SAP Exploitation – Part 2
  • SAP Exploitation – Part 1
  • WebGL - More WebGL Security Flaws
  • WebGL - A New Dimension for Browser Exploitation
    • FAQ
  • Server Technologies - SSL2: Should it keep you awake at night?
  • SmartPhones - Can you Trust your USB Charger?
  • Malware 1 - From Exploit to Infection
  • Server Technologies - JBoss RMI Twiddling

The auth checker panel is used in determining the authorisation of particular requests as different users. The auth checker has two proxies running on different port numbers. To use the tool two separate browsers (e.g. Firefox and IE) are configured to proxy through each port. The ‘low user’ then logs into the application with a low level of privileges than the ‘high user’, and the high user logs in with a high level of access. When both browsers are correctly configured and authenticated the ‘copy’ tick box is selected from either the main panel or the ‘minibar’ window. From this point the proxies are synchronised so that any action that the high user performs will be performed by the low user but with the low user’s cookie. For example if an admin user clicks on ‘manage users’ the high user will pause and wait for the low user (the lights will change to green when a user is paused and waiting for the other). Then a low user would click on any link within the application. This will result in the low user’s link replaced with the high users ‘mange user’ link and the low user would attempt to force browse to this area. This can be used with POST as well as GET requests to ensure that the ACLs are correctly implemented.

© Copyright 2012 Context Information Security.

Main Navigation

• Home /
• Über uns /
• Herausforderungen /
• Unsere Dienstleistungen /
• Research /
• Kontakt