Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:01,679 --> 00:00:05,359
welcome back guys
2
00:00:03,279 --> 00:00:07,759
let me now play with the disclosure of
3
00:00:05,359 --> 00:00:10,480
credentials and let me show you how to
4
00:00:07,759 --> 00:00:10,880
do a kind of testing here so what you
5
00:00:10,480 --> 00:00:14,920
can
6
00:00:10,880 --> 00:00:19,000
see in the url bar is
7
00:00:14,919 --> 00:00:22,480
https colon slash example.com
8
00:00:19,000 --> 00:00:24,320
login.php so i'm going to provide my
9
00:00:22,480 --> 00:00:26,880
email and password as you can see on the
10
00:00:24,320 --> 00:00:27,960
screen and you see that this page is
11
00:00:26,879 --> 00:00:31,198
protected by
12
00:00:27,960 --> 00:00:33,840
https which is secure protocol
13
00:00:31,199 --> 00:00:35,359
so far so good so what i'm gonna do in
14
00:00:33,840 --> 00:00:38,640
terms of https
15
00:00:35,359 --> 00:00:42,719
enforcement testing is i'm going to
16
00:00:38,640 --> 00:00:46,480
change https to http
17
00:00:42,719 --> 00:00:49,600
in the url bar so i will delete the s
18
00:00:46,479 --> 00:00:52,398
right now i've got http colon slash
19
00:00:49,600 --> 00:00:54,640
example.com login.php and i will hit
20
00:00:52,399 --> 00:00:57,759
enter
21
00:00:54,640 --> 00:01:02,399
okay what can i see right now
22
00:00:57,759 --> 00:01:06,239
i still see https colon slash slash
23
00:01:02,399 --> 00:01:07,680
because there is https enforcement in
24
00:01:06,239 --> 00:01:10,640
the web application
25
00:01:07,680 --> 00:01:12,560
and this is very good so that well even
26
00:01:10,640 --> 00:01:13,680
if the attacker is gonna send you a link
27
00:01:12,560 --> 00:01:16,799
over http
28
00:01:13,680 --> 00:01:18,640
you will be redirected to https before
29
00:01:16,799 --> 00:01:19,280
providing the credentials which is
30
00:01:18,640 --> 00:01:23,118
really cool
31
00:01:19,280 --> 00:01:26,159
right okay but as i told you don't give
32
00:01:23,118 --> 00:01:28,640
up too early hackers are smart and when
33
00:01:26,159 --> 00:01:30,640
we talk about disclosure of credentials
34
00:01:28,640 --> 00:01:32,159
also look around at other
35
00:01:30,640 --> 00:01:35,840
functionalities like sign
36
00:01:32,159 --> 00:01:38,640
up so let me right now go to sign up
37
00:01:35,840 --> 00:01:40,560
what you can see the sign up is also
38
00:01:38,640 --> 00:01:44,079
protected by https
39
00:01:40,560 --> 00:01:48,799
you can see in the url bar https
40
00:01:44,078 --> 00:01:51,039
colon example.com signup.php
41
00:01:48,799 --> 00:01:52,320
the question is whether https
42
00:01:51,040 --> 00:01:55,118
enforcement
43
00:01:52,319 --> 00:01:55,679
also happens in sign up so what i'm
44
00:01:55,118 --> 00:01:58,478
gonna
45
00:01:55,680 --> 00:01:59,200
do right now is i'm gonna repeat the
46
00:01:58,478 --> 00:02:02,718
same uh
47
00:01:59,200 --> 00:02:05,359
simple step i'm gonna delete the s here
48
00:02:02,718 --> 00:02:06,478
and see how the web application is gonna
49
00:02:05,359 --> 00:02:10,360
respond right
50
00:02:06,478 --> 00:02:14,400
so i've got http colon example.com
51
00:02:10,360 --> 00:02:14,400
signup.php and i will hit enter
52
00:02:14,959 --> 00:02:19,360
now well now i've got something
53
00:02:17,840 --> 00:02:23,000
surprising
54
00:02:19,360 --> 00:02:27,440
i see just example.com
55
00:02:23,000 --> 00:02:30,959
signup.php i don't see https
56
00:02:27,439 --> 00:02:34,318
when you don't see https then it means
57
00:02:30,959 --> 00:02:37,360
that http is used here
58
00:02:34,318 --> 00:02:40,560
so now what has happened i provided
59
00:02:37,360 --> 00:02:44,879
http in the protocol part and
60
00:02:40,560 --> 00:02:48,159
i have been redirected to http
61
00:02:44,878 --> 00:02:51,598
so nothing has changed i haven't
62
00:02:48,159 --> 00:02:55,280
been redirected to secure https
63
00:02:51,598 --> 00:02:58,000
in other words https is not enforced
64
00:02:55,280 --> 00:02:59,360
in signup functionality and now you can
65
00:02:58,000 --> 00:03:02,318
clearly see it
66
00:02:59,360 --> 00:03:03,680
right now what i'm gonna do just to
67
00:03:02,318 --> 00:03:06,318
convince you even more
68
00:03:03,680 --> 00:03:07,680
i'm gonna i'm gonna sign up and i'll put
69
00:03:06,318 --> 00:03:10,079
here some name
70
00:03:07,680 --> 00:03:11,959
like adam for example in the email like
71
00:03:10,080 --> 00:03:14,879
for example adam
72
00:03:11,959 --> 00:03:17,199
example.com and some password right
73
00:03:14,878 --> 00:03:18,079
i don't know one two three four five six
74
00:03:17,199 --> 00:03:20,719
seven eight
75
00:03:18,080 --> 00:03:22,800
nine zero whatever and i'm gonna
76
00:03:20,719 --> 00:03:24,639
intercept the traffic
77
00:03:22,800 --> 00:03:26,640
going out from my browser and i will
78
00:03:24,639 --> 00:03:27,199
show you that indeed the traffic goes
79
00:03:26,639 --> 00:03:30,318
out
80
00:03:27,199 --> 00:03:31,598
over insecure http so i've what i've got
81
00:03:30,318 --> 00:03:35,119
here is a
82
00:03:31,598 --> 00:03:37,679
is a proxy i'm using burp suite
83
00:03:35,120 --> 00:03:38,959
actually here well burp suite is an
84
00:03:37,680 --> 00:03:41,200
integrated tool for
85
00:03:38,959 --> 00:03:43,120
a web application security testing and
86
00:03:41,199 --> 00:03:45,919
one part of burp suite
87
00:03:43,120 --> 00:03:46,560
is a proxy functionality traffic from my
88
00:03:45,919 --> 00:03:49,119
browser
89
00:03:46,560 --> 00:03:50,158
is sent through this proxy so i can
90
00:03:49,120 --> 00:03:52,878
actually see
91
00:03:50,158 --> 00:03:53,919
the requests that are sent out by my
92
00:03:52,878 --> 00:03:57,438
browser right
93
00:03:53,919 --> 00:03:58,559
right now i turned on the interceptor
94
00:03:57,438 --> 00:04:00,799
because i just wanna
95
00:03:58,560 --> 00:04:02,318
intercept the request going out from my
96
00:04:00,799 --> 00:04:04,560
browser okay
97
00:04:02,318 --> 00:04:05,598
um i hope it is clear so now i'm gonna
98
00:04:04,560 --> 00:04:08,158
go
99
00:04:05,598 --> 00:04:08,959
back to my web application i'm gonna
100
00:04:08,158 --> 00:04:12,639
click sign
101
00:04:08,959 --> 00:04:16,238
up the traffic is sent through the
102
00:04:12,639 --> 00:04:18,959
proxy in my testing environment
103
00:04:16,238 --> 00:04:20,798
the interceptor has been turned on and
104
00:04:18,959 --> 00:04:23,360
here you see the request
105
00:04:20,798 --> 00:04:23,918
that has been sent out by my browser
106
00:04:23,360 --> 00:04:25,919
right
107
00:04:23,918 --> 00:04:27,279
it has been intercepted because i turned
108
00:04:25,918 --> 00:04:29,758
on the interceptor
109
00:04:27,279 --> 00:04:30,879
and now what you can see uh what you can
110
00:04:29,759 --> 00:04:34,319
see here
111
00:04:30,879 --> 00:04:35,918
is well the name adam email is adam at
112
00:04:34,319 --> 00:04:38,240
example.com password
113
00:04:35,918 --> 00:04:39,839
one two three and so on so forth but the
114
00:04:38,240 --> 00:04:44,280
most interesting part
115
00:04:39,839 --> 00:04:47,279
in the context of this case is here
116
00:04:44,279 --> 00:04:50,879
http colon slash
117
00:04:47,279 --> 00:04:53,918
example.com colon80
118
00:04:50,879 --> 00:04:57,120
it clearly shows that the traffic goes
119
00:04:53,918 --> 00:04:59,758
out over insecure http and
120
00:04:57,120 --> 00:05:02,720
http is just plain text so the
121
00:04:59,759 --> 00:05:05,360
credentials at the time of signing up
122
00:05:02,720 --> 00:05:07,199
are disclosed of our insecure channel
123
00:05:05,360 --> 00:05:10,400
and the men in the middle can now
124
00:05:07,199 --> 00:05:12,720
grab them and voila right the the
125
00:05:10,399 --> 00:05:15,758
end of the game because the man in the
126
00:05:12,720 --> 00:05:18,720
middle has the credentials
127
00:05:15,759 --> 00:05:19,439
okay i believe that this is clear for
128
00:05:18,720 --> 00:05:22,479
you
129
00:05:19,439 --> 00:05:25,839
and now you see how powerful
130
00:05:22,478 --> 00:05:28,319
attacks can happen when https
131
00:05:25,839 --> 00:05:29,839
is not enforced in the web application
132
00:05:28,319 --> 00:05:32,079
and remember
133
00:05:29,839 --> 00:05:33,038
focus not only on login functionality
134
00:05:32,079 --> 00:05:35,279
but also on
135
00:05:33,038 --> 00:05:37,279
signup functionality because it may
136
00:05:35,279 --> 00:05:41,119
happen that the opportunity for you
137
00:05:37,279 --> 00:05:47,599
is out there okay i believe that this is
138
00:05:41,120 --> 00:05:47,600
clear so we can jump to the next subject
9272
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.
Afrikaans
Akan
Albanian
Amharic
Arabic
Armenian
Azerbaijani
Basque
Belarusian
Bemba
Bengali
Bihari
Bosnian
Breton
Cambodian
Catalan
Cebuano
Cherokee
Chichewa
Chinese (Simplified)
Chinese (Traditional)
Corsican
Croatian
Czech
Danish
Dutch
English
Esperanto
Estonian
Faroese
Finnish
Galician
Georgian
German
Greek
Guarani
Haitian Creole
Hausa
Hawaiian
Hebrew
Hmong
Hungarian
Icelandic
Indonesian
Irish
Italian
Japanese
Kazakh
Kinyarwanda
Kirundi
Kongo
Korean
Krio (Sierra Leone)
Kurdish
Kyrgyz
Laothian
Latin
Latvian
Lithuanian
Luganda
Luo
Luxembourgish
Macedonian
Malagasy
Malay
Maltese
Maori
Mauritian Creole
Moldavian
Mongolian
Myanmar (Burmese)
Montenegrin
Nepali
Norwegian
Pashto
Persian
Polish
Portuguese (Brazil)
Portuguese (Portugal)
Quechua
Romanian
Romansh
Russian
Samoan
Scots Gaelic
Serbian
Sesotho
Setswana
Seychellois Creole
Shona
Sindhi
Sinhalese
Slovak
Slovenian
Somali
Spanish
Swedish
Tajik
Thai
Tigrinya
Tonga
Turkish
Turkmen
Ukrainian
Uzbek
Vietnamese
Welsh
Wolof