December 2012
Intermediate to advanced
552 pages
13h 16m
English
Content preview from Web Application Defender's Cookbook
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Recipe 7-4: Detecting a High Rate of Authentication Attempts
This recipe shows you how to identify when a client attempts multiple authentications in a short period of time.
Ingredients
- OWASP ModSecurity Core Rule Set (CRS)
- modsecurity_crs_10_config.conf
- modsecurity_crs_11_brute_force.conf
Vertical Brute-Force Authentication Attacks
If a client submits incorrect credentials to successfully authenticate to the web application, it is a good idea to track this occurrence to ensure that it doesn’t happen repeatedly. If it does, odds are that an attacker is conducting a brute-force scanning session to try to enumerate valid credentials for user accounts. Automation is the key for attackers to try to guess valid credentials. Numerous public and commercial tools can be used to conduct these automated authentication scans. One such tool is Burp Suite1 from PortSwigger. Burp Suite is a full-featured web application penetration testing toolset that comes with many useful modules. The Intruder module allows the user to specify which parts of a request to manipulate, as well as send various data payloads. Figure 7-2 shows the main Intruder interface that is prepopulated with the login request data for WordPress.
Figure 7-2: Burp Suite’s Intruder screen with WordPress login data
Figure 7-2 shows that we have targeted the password parameter field (pwd) as our position of attack. After ...