Becoming the Hacker by Adrian Pruteanu
Author:Adrian Pruteanu
Language: eng
Format: epub
Publisher: Packt Publishing
Since this is a custom TCP protocol, we have to intercept the traffic using Wireshark or tcpdump, as opposed to Burp or ZAP. With Wireshark running, we can capture and inspect the TCP stream of data of our interaction with the DeserLab server, as the following figure shows:
Figure 8.7: TCP stream of data
We can see the entire conversation in a hex dump format by analyzing the packet capture (pcap) generated by our packet sniffer. In the preceding figure, the data sent is the stream printed in light gray, while the darker parts represents the server response.
While the data may be a bit hard to read, each byte has a purpose. We can see the familiar ac ed header and the various inputs the client has sent, such as name and string. You'll also notice that the string value is a serialized HashRequest object. This is a Java class implemented by both the server and the client. Serialization is used to instantiate an object that will calculate the hash of a given input and store it in one of its properties. The packets we've just captured are the serialized representation of this object being transmitted from the client to the server and vice versa. The server-serialized object also contains an extra property: the generated hash.
When the server receives the client-generated serialized object, containing the inputted string to be hashed, it will deserialize the bytes coming in over the wire and attempt to cast them to the HashRequest class.
Since DeserLab is open-source, we can inspect the deserialization process on the server component by looking at its source code hosted on GitHub:
[...] oos = new ObjectOutputStream(clientSock.getOutputStream()); //Read a HashRequest object request = (HashRequest)ois.readObject(); //Generate a hash request.setHash(generateHash(request.getData())); oos.writeObject(request); [...]
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
| Blogging & Blogs | eBay |
| E-Commerce | Hacking |
| Online Searching | Podcasts & Webcasts |
| Search Engine Optimization | Social Media |
| Social Media for Business | Web Browsers |
| Web Marketing |
Sass and Compass in Action by Wynn Netherland Nathan Weizenbaum Chris Eppstein Brandon Mathis(7787)
Grails in Action by Glen Smith Peter Ledbrook(7703)
Secrets of the JavaScript Ninja by John Resig Bear Bibeault(6422)
Kotlin in Action by Dmitry Jemerov(5071)
WordPress Plugin Development Cookbook by Yannick Lefebvre(3830)
Mastering Azure Security by Mustafa Toroman and Tom Janetscheck(3337)
Learning React: Functional Web Development with React and Redux by Banks Alex & Porcello Eve(3089)
Mastering Bitcoin: Programming the Open Blockchain by Andreas M. Antonopoulos(2873)
The Art Of Deception by Kevin Mitnick(2611)
Drugs Unlimited by Mike Power(2473)
The Innovators: How a Group of Hackers, Geniuses, and Geeks Created the Digital Revolution by Walter Isaacson(2331)
Kali Linux - An Ethical Hacker's Cookbook: End-to-end penetration testing solutions by Sharma Himanshu(2316)
Writing for the Web: Creating Compelling Web Content Using Words, Pictures and Sound (Eva Spring's Library) by Lynda Felder(2264)
A Blueprint for Production-Ready Web Applications: Leverage industry best practices to create complete web apps with Python, TypeScript, and AWS by Dr. Philip Jones(2222)
SEO 2018: Learn search engine optimization with smart internet marketing strategies by Adam Clarke(2195)
JavaScript by Example by S Dani Akash(2138)
DarkMarket by Misha Glenny(2086)
Wireless Hacking 101 by Karina Astudillo(2079)
Full-Stack React Projects by Shama Hoque(1992)
