Recipe 7-4: Detecting a High Rate of Authentication Attempts
This recipe shows you how to identify when a client attempts multiple authentications in a short period of time.
Ingredients
- OWASP ModSecurity Core Rule Set (CRS)
- modsecurity_crs_10_config.conf
- modsecurity_crs_11_brute_force.conf
Vertical Brute-Force Authentication Attacks
If a client submits incorrect credentials to successfully authenticate to the web application, it is a good idea to track this occurrence to ensure that it doesn’t happen repeatedly. If it does, odds are that an attacker is conducting a brute-force scanning session to try to enumerate valid credentials for user accounts. Automation is the key for attackers to try to guess valid credentials. Numerous public and commercial tools can be used to conduct these automated authentication scans. One such tool is Burp Suite1 from PortSwigger. Burp Suite is a full-featured web application penetration testing toolset that comes with many useful modules. The Intruder module allows the user to specify which parts of a request to manipulate, as well as send various data payloads. Figure 7-2 shows the main Intruder interface that is prepopulated with the login request data for WordPress.
Figure 7-2 shows that we have targeted the password parameter field (pwd) as our position of attack. After ...
Get Web Application Defender's Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.