By setting the capture filter on the sniffer of your choice to just the traffic going to the server you can reduce the capture file considerably. You may have to gather some rather large files to catch one of the attempts. Using an open source tool such as Wireshark to capture traffic going to the server and then searching for either all requests going to the input page or field names on the page may give you a good accounting of the malicious traffic and the IP address of the source. If there are no logs of incorrect attempts to fill out a form or other inputs, you may have to resort to network traffic sniffer logs. If the Web designer writes failed input information to a log file, you will probably see the various attempts to get the attack right. In The Official CHFI Study Guide (Exam 312-49), 2007 Investigating Code Injection AttacksĮvidence of a code injection attack is rarely found in the Web server logs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |