dexter@aeron7.com

User-Agent Spoofing & Cookie Injection

There are a lot of things going on with this mission and if you have been following my other tutorials you should be all set understanding how to accomplish this mission.

It seems Zach is having an issue with his grades at school and has asked us to help him change them.

The very first thing we do (and I have been saying this since basic 1) is explore each page and view the source of each page.When I did this I notice that the home page had a blank image link to a page called staff.php

<a href=”staff.php”><img src=”nothing.gif” width=150 height=20 border=0></a>

This page brings us to a login page. Now I spent some time trying to find a hole and was unsuccessful. I talked to a friend of mine and he said he guessed the username and password.

username: smiller
password: smiller

It is just so called famous brute-force method. Most common weak admin/password list:

admin:admin

admin:password

username:password

username:terminal

admin:sitename

username:sitename

admin:email

username:email

Now that we are able to login you notice the following:

Welcome, Mrs. Samantha Miller! Please remember that access to the staff administration area is restricted to the district-supplied ‘holy_teacher’ web browser.

It appears that the page is checking the User-Agent. A user agent is the client application used with a particular network protocol; the phrase is most commonly used in reference to those which access the World Wide Web, but other systems such as SIP use the term user agent to refer to the user’s phone. Web user agents range from web browsers and e-mail clients to search engine crawlers (“spiders”), as well as mobile phones, screen readers and braille browsers used by people with disabilities. When Internet users visit a web site, a text string is generally sent to identify the user agent to the server. This forms part of the HTTP request, prefixed with User-Agent: (case does not matter) and typically includes information such as the application name, version, host operating system, and language. Bots, such as web crawlers, often also include a URL and/or e-mail address so that the webmaster can contact the operator of the bot.
You can use any add-on to change the user-agent. Here the usage of “Tamper Data” and “User Agent Switcher” is shown

====Tamper Data====

To get around this we can use FireFox and an add-on called TamperData. If you have been following along my other examples you should already have this software installed. Open Tamper Data :

1

And Click start Tamper. Now enter in the username and password. you should get the following dialog box:

You want to click on the Tamper button and you should get the following screen:
You will notice a User-Agent field. You will have to change this field to : “holy_teacher”

Keep in mind every time you send a request you will have to change the User-Agent.

Keep in mind every time you send a request you will have to change the User-Agent.

Now you are able to log in…Great!

2

====USER AGENT SWITCHER====

To be able to connect, we have to modify the user-agent of our

browser. We can achieve this by using “User Agent Switcher” for Firefox.

3

Create a new profile and fill in all fields as follows:

Change your user-agent by loading your new profile and refresh page. You are now able to access the administration module:

4

========

About the Author

Aloha, I'm Amit Ghosh, a web entrepreneur and avid blogger. Bitten by entrepreneurial bug, I got kicked out from college and ended up being millionaire and running a digital media company named Aeron7 headquartered at Lithuania.

Related Posts

Basic Mission 1   I can call you a pretty dumb as per you are now viewing the walkthrough for...

Basic Mission 2   I can again call you a pretty dumb as per you are now again viewing the walk...

Basic Mission 3   Have a look at the source code of that page and have you noticed the form section?...

2 Comments
 
  1. amish April 8, 2017 at 10:30 am Reply

    smiller as login
    smiller as password
    no longer works
    smiller is still number ! id though ~~ what method would you employ to brute the password

    • Amit Ghosh April 9, 2017 at 11:42 am Reply

      It was a long time ago. I forgot what the problem was. So no clue on the solution either.

Leave a Reply