Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,599 --> 00:00:07,839 hello again disclosure of credentials 2 00:00:05,200 --> 00:00:10,080 this is what i'm going to discuss right 3 00:00:07,839 --> 00:00:13,440 now this is the bug number three 4 00:00:10,080 --> 00:00:15,919 on our list so i'm gonna focus on 5 00:00:13,439 --> 00:00:17,198 login functionality because obviously 6 00:00:15,919 --> 00:00:19,920 when i talk about 7 00:00:17,199 --> 00:00:20,800 disclosure of credentials then login 8 00:00:19,920 --> 00:00:23,519 functionality 9 00:00:20,800 --> 00:00:25,039 is a natural place to start looking 10 00:00:23,518 --> 00:00:28,239 around right 11 00:00:25,039 --> 00:00:31,599 so let's assume that we're gonna log in 12 00:00:28,239 --> 00:00:32,759 and this is the url related to our login 13 00:00:31,599 --> 00:00:36,679 functionality 14 00:00:32,759 --> 00:00:39,679 https column example.com 15 00:00:36,679 --> 00:00:41,679 login.php so when you go to this url you 16 00:00:39,679 --> 00:00:44,799 are asked to provide your 17 00:00:41,679 --> 00:00:48,640 email and password this url 18 00:00:44,799 --> 00:00:51,519 looks good because we've got https at 19 00:00:48,640 --> 00:00:52,558 the very beginning and https is a secure 20 00:00:51,520 --> 00:00:55,120 protocol 21 00:00:52,558 --> 00:00:56,000 that guarantees confidentiality 22 00:00:55,119 --> 00:01:00,238 integrity 23 00:00:56,000 --> 00:01:03,679 and authentication so we definitely 24 00:01:00,238 --> 00:01:04,878 need to have https that protects the 25 00:01:03,679 --> 00:01:07,840 communication channel 26 00:01:04,879 --> 00:01:10,000 because we don't want our credentials to 27 00:01:07,840 --> 00:01:10,400 be disclosed to the men in the middle 28 00:01:10,000 --> 00:01:12,239 right 29 00:01:10,400 --> 00:01:13,439 that's why we have to make sure that 30 00:01:12,239 --> 00:01:16,640 https 31 00:01:13,438 --> 00:01:17,199 is used here but now the question is 32 00:01:16,640 --> 00:01:19,560 like this 33 00:01:17,200 --> 00:01:20,960 what's going to happen when we change 34 00:01:19,560 --> 00:01:24,719 https 35 00:01:20,959 --> 00:01:27,759 to http right so let's do it 36 00:01:24,719 --> 00:01:30,560 let's change https to http 37 00:01:27,759 --> 00:01:33,118 and see what's gonna happen and there 38 00:01:30,560 --> 00:01:36,478 are basically two scenarios 39 00:01:33,118 --> 00:01:37,118 the one scenario is like this you're 40 00:01:36,478 --> 00:01:39,959 gonna 41 00:01:37,118 --> 00:01:41,759 start with http example.com 42 00:01:39,959 --> 00:01:46,319 example.comlogin.php 43 00:01:41,759 --> 00:01:50,079 and you will be redirected to https 44 00:01:46,319 --> 00:01:53,519 colon example.com login.php 45 00:01:50,078 --> 00:01:57,039 this is really good because it shows 46 00:01:53,519 --> 00:01:59,840 that there is https enforcement 47 00:01:57,040 --> 00:02:01,680 implemented in the web application right 48 00:01:59,840 --> 00:02:04,960 so in other words the web application 49 00:02:01,680 --> 00:02:07,439 does not allow you to go over 50 00:02:04,959 --> 00:02:09,359 http to login functionality it would be 51 00:02:07,438 --> 00:02:11,598 very risky because it would 52 00:02:09,360 --> 00:02:12,560 well it would end up with disclosure of 53 00:02:11,598 --> 00:02:14,878 credentials right 54 00:02:12,560 --> 00:02:16,159 so the web application has to enforce 55 00:02:14,878 --> 00:02:19,039 https 56 00:02:16,159 --> 00:02:22,400 and this is very nice you try with http 57 00:02:19,039 --> 00:02:26,479 and you are redirected to https 58 00:02:22,400 --> 00:02:29,360 but when you try with http and you are 59 00:02:26,479 --> 00:02:31,759 redirected to the same resource so you 60 00:02:29,360 --> 00:02:33,680 start with http and you are redirected 61 00:02:31,759 --> 00:02:35,518 to http 62 00:02:33,680 --> 00:02:37,920 then it basically means that you are 63 00:02:35,519 --> 00:02:40,959 still in the very same place 64 00:02:37,919 --> 00:02:44,639 and obviously https 65 00:02:40,959 --> 00:02:48,239 is not enforced and this is very wrong 66 00:02:44,639 --> 00:02:50,799 because well when https is not enforced 67 00:02:48,239 --> 00:02:51,920 then it actually means that your 68 00:02:50,800 --> 00:02:55,280 credentials 69 00:02:51,919 --> 00:02:57,679 will be disclosed over insecure 70 00:02:55,280 --> 00:02:59,280 http which is just plain text when you 71 00:02:57,680 --> 00:03:02,159 provide them and when you click 72 00:02:59,280 --> 00:03:04,640 login right so this is definitely wrong 73 00:03:02,158 --> 00:03:07,359 and you don't want it to happen 74 00:03:04,639 --> 00:03:07,839 so you have to check whether this kind 75 00:03:07,360 --> 00:03:10,560 of 76 00:03:07,840 --> 00:03:11,519 problem happens in your web application 77 00:03:10,560 --> 00:03:14,959 or not 78 00:03:11,519 --> 00:03:17,039 but even if you see that 79 00:03:14,959 --> 00:03:18,959 this kind of problem does not happen in 80 00:03:17,039 --> 00:03:22,639 login functionality 81 00:03:18,959 --> 00:03:23,039 don't give up and remember that hackers 82 00:03:22,639 --> 00:03:26,639 are 83 00:03:23,039 --> 00:03:28,239 smart they will also check if disclosure 84 00:03:26,639 --> 00:03:32,079 of credentials via 85 00:03:28,239 --> 00:03:33,680 sign up functionality is possible yes 86 00:03:32,080 --> 00:03:36,239 when we talk about disclosure of 87 00:03:33,680 --> 00:03:39,439 credentials well you naturally 88 00:03:36,239 --> 00:03:43,039 think about login but test 89 00:03:39,439 --> 00:03:45,519 login and after that test sign up 90 00:03:43,039 --> 00:03:47,759 there are very similar in both you are 91 00:03:45,519 --> 00:03:49,920 providing email and password 92 00:03:47,759 --> 00:03:50,959 and it may happen i have seen it quite 93 00:03:49,919 --> 00:03:54,079 many times 94 00:03:50,959 --> 00:03:57,920 that everything works very good 95 00:03:54,080 --> 00:04:00,959 for login but in case of signup 96 00:03:57,919 --> 00:04:02,798 well it just works differently and in 97 00:04:00,959 --> 00:04:03,920 sign up you've got the disclosure of 98 00:04:02,799 --> 00:04:07,040 credentials 99 00:04:03,919 --> 00:04:09,518 and in a login you don't have it 100 00:04:07,039 --> 00:04:10,639 so and this is what you have to also 101 00:04:09,519 --> 00:04:13,120 keep in mind 102 00:04:10,639 --> 00:04:14,719 that you shouldn't limit your testing to 103 00:04:13,120 --> 00:04:18,560 login functionality 104 00:04:14,719 --> 00:04:21,199 only you should also check sign up 105 00:04:18,560 --> 00:04:21,839 okay now i believe that this is clear 106 00:04:21,199 --> 00:04:24,319 and 107 00:04:21,839 --> 00:04:25,198 what i want to do is well i want to jump 108 00:04:24,319 --> 00:04:27,918 to 109 00:04:25,199 --> 00:04:30,000 the demo and i want to show you how you 110 00:04:27,918 --> 00:04:33,120 can do this kind of checking 111 00:04:30,000 --> 00:04:36,079 of https enforcement in your 112 00:04:33,120 --> 00:04:40,000 own web application so yeah let's jump 113 00:04:36,079 --> 00:04:40,000 to the demo 7591