Unit 2
Unit 2
OUTLINE
2
WEB AUTHENTICATION MECHANISM
3
WEB AUTHENTICATION METHODS
5
HTTP BASIC AUTHENTICATION - FLOW
6
HTTP BASIC AUTHENTICATION - FLOW
7
SESSION-BASED AUTH
With session-based auth (or session cookie auth or cookie-based
auth), the user's state is stored on the server.
It does not require the user to provide a username or a password
with each request.
Instead, after logging in, the server validates the credentials. If valid,
it generates a session, stores it in a session store, and then sends
the session ID back to the browser.
The browser stores the session ID as a cookie, which gets sent
anytime a request is made to the server.
Session-based auth is stateful. Each time a client requests the
8
server, the server must locate the session in memory in order to tie
the session ID back to the associated user.
SESSION-BASED AUTH
9
TOKEN-BASED AUTHENTICATION
This method uses tokens to authenticate users instead of cookies. The
user authenticates using valid credentials and the server returns a
signed token. This token can be used for subsequent requests.
The most commonly used token is a JSON Web Token (JWT). A JWT
consists of three parts:
Header (includes the token type and the hashing algorithm used)
Payload (includes the claims, which are statements about the subject)
Signature (used to verify that the message wasn't changed along the way)
All three are base64 encoded and concatenated using a . and hashed.
Since they are encoded, anyone can decode and read the message. But
only authentic users can produce valid signed tokens. The token is 10
11
ONE TIME PASSWORDS
18
AUTHENTICATION BYPASS
20
AUTHENTICATION BYPASS
21
DIRECT PAGE REQUEST
24
SESSION ID PREDICTION
26
UNUSUAL TECHNIQUES
https://www.synack.com/blog/exploits-explained-5-unusual-authentication-bypass-techniqu
es/
27
BEEF FRAMEWORK
29