攻撃と防御で実践するプロダクトセキュリティ演習

Transcript

1. ߈ܸͱ๷ޚͰ࣮ફ͢ΔϓϩμΫτηΩϡϦςΟԋश
   ʙ
   ಋೖύʔτ
   ʙ ஥੢
   ๎໵ Ճ౻
   ࠤ೭ี

2. ߨࢣͷ঺հ

3. ߨࢣͷ঺հ  ஥੢ ๎໵ / Tomoya Nakanishi 2022೥౓ೖࣾ 2೥໨ झຯɿ

   ࠷ۙ΍ͬͨ͜ͱɾ΍Γ͍ͨ͜ͱɿ өըؑ৆ɺ ͨ·ʹཱྀߦɺͨ·ʹCTF ɾSECCON 2022ຊબग़৔ ɾΫϥ΢υܥͷηΩϡϦςΟษڧ ɾηΩϡϦςΟܥͷࢿ֨औಘʢOSCPऔಘࡁɺ࣍͸OSEPʣ

4. ߨࢣͷ঺հ  Ճ౻ ࠤ೭ี /Sanosuke Kato 2021೥౓ೖࣾ 3೥໨ झຯɿ ࠷ۙ΍ͬͨ͜ͱɾ΍Γ͍ͨ͜ͱɿ

   ήʔϜʢRocket Leagueʣɺͨ·ʹυϥΠϒɺԻָؑ৆ɺF1؍ઓ ɾCAPTCHAύζϧͷ༗ޮੑݕূ ɾLinuxͷ࣮ߦόΠφϦʹର͢Δ߈ܸख๏ͷΩϟονΞοϓ

5. ϓϩμΫτηΩϡϦςΟʹ͍ͭͯ

6.  ϓϩμΫτͱηΩϡϦςΟ ϓϩμΫτར༻Λ௨༷ͯ͡ʑͳ৘ใࢿ࢈͕ू·Δ ۚ༥ࢿ࢈ ΫϥΠΞϯτͷ৘ใ ΧελϚʔͷ৘ใ

7.  ϓϩμΫτར༻Λ௨༷ͯ͡ʑͳ৘ใࢿ࢈͕ू·Δ ۚ༥ࢿ࢈ ΧελϚʔͷ৘ใ ΫϥΠΞϯτͷ৘ใ ੬ऑੑ ੬ऑੑ ηΩϡϦςΟΛߟྀ͠ͳ͍࣮૷͸ ੬ऑੑΛੜΈग़͢ݪҼʹ ϓϩμΫτͱηΩϡϦςΟ

8.  ϓϩμΫτར༻Λ௨༷ͯ͡ʑͳ৘ใࢿ࢈͕ू·Δ ۚ༥ࢿ࢈ ΧελϚʔͷ৘ใ ΫϥΠΞϯτͷ৘ใ ੬ऑੑΛѱ༻͞ΕΔͱɺ ͜ΕΒΛૂΘΕΔϦεΫ ੬ऑੑ ੬ऑੑ ϓϩμΫτͱηΩϡϦςΟ

9. ϓϩμΫτͷηΩϡϦςΟΛͲ͏֬อ͢Δʁ 

10.  ઈରʹ߈ܸ͞Εͳ͍࠷ڧͷํ๏

11. ϓϩμΫτΛఏڙ͠ͳ͕Βɺ ηΩϡϦςΟͷ໰୊ʹରॲ͠ͳ͚Ε͹ͳΒͳ͍  ઈରʹ߈ܸ͞Εͳ͍࠷ڧͷํ๏

12. զʑͷۀ຿  ཁ݅ఆٛ΍ઃܭࢿྉʹର͠ɺ ηΩϡϦςΟ؍఺ͰͷϦεΫ ΛϨϏϡʔɺૣظʹରࡦͰ͖ ΔΑ͏ʹ͢Δ ։ൃࡁΈͷϓϩμΫτͷ੬ऑੑ Λൃݟͯ͠ɺमਖ਼ͷͨΊͷࢧԉ Λ͢Δ αʔυύʔςΟ੡඼ͷ੬ऑੑΛ

    ϞχλϦϯάͯ͠ɺࣾ಺΁ͷӨ ڹௐࠪͱରԠґཔΛ͢Δ ੬ऑੑݕࠪ ্ྲྀ޻ఔࢧԉ ૣظܯռ ϓϩμΫτͷηΩϡϦςΟΛʮ͔֬ͳ΋ͷʹ͢Δʯ͜ͱΛ໨తʹɺ
    ༷ʑͳ޻ఔͰ։ൃऀΛࢧԉ͢Δۀ຿

13.  ࠓճͷߨٛ
    ߈ܸ
    ͱ
    ๷ޚͰ࣮ફ͢ΔϓϩμΫτηΩϡϦςΟԋशͰ͸ɺ ߈ܸऀ͕ͲͷΑ͏ʹ੬ऑੑΛѱ༻͢Δͷ͔Λ஌Δ͜ͱͰɺ ਖ਼͘͠੬ऑੑΛमਖ਼͢ΔͨΊͷ஌ࣝͱํ๏ Λ਎ʹ͚ͭ·͢

14. ࠓճͷߨٛ಺༰

15.  ࠓճ͸ʮCTFʯͱݺ͹ΕΔܗࣜͰνʔϜ͝ͱͷԋश CTFͱ͸ʁ Capture The Flag νʔϜ͝ͱʹ֫ಘͨ͠ϙΠϯτΛڝ͏ ઐ໳஌ࣝ΍ٕज़Λۦ࢖ͯ͠Ӆ͞Ε͍ͯΔFlagʢ౴͑ʣΛݟ͚ͭग़͠ɺ ࣌ؒ಺ʹ֫ಘͨ͠߹ܭ఺਺Λڝ͏ϋοΩϯάίϯςετ

16.  WebΞϓϦέʔγϣϯͷ࣮૷Ͱ ҰൠతʹΑ͘ݟΒΕΔ੬ऑੑΛ୊ࡐʹग़୊ ໰୊ʹ͍ͭͯ ‣ ΞΫηε੍ޚෆඋ ‣ ೝূೝՄػೳͷෆඋ ‣ ೚ҙϑΝΠϧΞοϓϩʔυ

    ‣ SQLΠϯδΣΫγϣϯ ‣ OSίϚϯυΠϯδΣΫγϣϯ ‣ σΟϨΫτϦτϥόʔαϧ ‣ XSS ‣ CSRF ‣ ΦʔϓϯϦμΠϨΫτ ੬ऑੑ ࣮૷

17.  ໰୊ʹ͍ͭͯ ໰୊͸ओʹ3छྨ ੬ऑੑΛѱ༻ͯ͠ൿີͷFlagΛऔಘ͠ ͯɺૹ৴͢Δ͜ͱͰϙΠϯτΛ֫ಘͰ ͖Δ໰୊ ߈ܸʢattackʣ ѱ༻Մೳͳ੬ऑੑΛཁ݅ʹԊͬͯमਖ਼ ͯ͠ϦϙδτϦʹίϛοτޙɺߨࢣʹ ֬ೝͯ͠΋Β͏͜ͱͰϙΠϯτΛ֫ಘ

    Ͱ͖Δ໰୊ ๷ޚʢdefenseʣ ੬ऑੑʹؔ͢Δ࣭໰ʹର͢Δਖ਼͍͠ ౴͑Λૹ৴͢Δ͜ͱͰϙΠϯτΛ֫ಘ Ͱ͖Δ໰୊ ࣭໰ʢquestionʣ

18.  νʔϜ෼͚ ඇެ։

19.  ߨٛͷεέδϡʔϧ ඇެ։

20.  ஫ҙࣄ߲ ‣ଞͷडߨੜ΍ߨٛͷਐߦΛ๦͛ΔߦҝΛ͠ͳ͍͜ͱ - ߨٛͷ౎߹্ɺҙਤ͠ͳ͍ܗͰ͜ͷΑ͏ͳߦҝʹͳΔ৔߹΋͋ΔͷͰɺͦͷࡍ͸ߨࢣͷࢦࣔʹ ै͍ͬͯͩ͘͞ ‣ීஈͷύεϫʔυ΍ϝʔϧΞυϨεΛ࢖༻͠ͳ͍͜ͱ - ࣗ਎ͷ࣮ࡍͷύεϫʔυͳͲ͕࿙Ӯ͢ΔՄೳੑ͕͋Γ·͢ -

    ࣮ࡍͷ΋ͷΛར༻͠ͳͯ͘΋ղ͚Δ໰୊ʹͳ͍ͬͯ·͢ ‣ߨٛͷղ౴͸ެ։͠ͳ͍͜ͱ - νʔϜ಺Ͱͷ৘ใڞ༗͸ɺSlackͷϓϥΠϕʔτνϟϯωϧ΍GHEͷPrivateϦϙδτϦΛར༻ ͍ͯͩ͘͠͞ - ໰୊Λདྷ೥ͷݚमʹ΋࢖͏Մೳੑ͕͋ΔͷͰɺΠϯλʔωοτ্ʹެ։͠ͳ͍Ͱ͍ͩ͘͞

21.  ‣ڐՄ͞ΕͨWebαΠτҎ֎ͷ੬ऑੑΛ߈ܸ͠ͳ͍͜ͱ ʢෆਖ਼ΞΫηεېࢭ๏ʣ ‣ਖ਼౰ͳཧ༝ͳ͘Ϛϧ΢ΣΞΛऔಘɾอ༗͠ͳ͍͜ͱ ʢෆਖ਼ࢦྩి࣓తه࿥ʹؔ͢Δࡑʣ ‣Πϯλʔωοτ্Ͱ഑෍͞ΕΔιϑτ΢ΣΞͷར༻࣌ʹ͸ɺ ͦΕΒͷ৴པੑΛࣄલʹ֬ೝ͢Δ͜ͱʢ৘ใηΩϡϦςΟରࡦج४ʣ - Ұ෦ͷ໰୊ͰΠϯλʔωοτ্Ͱݕࡧͨ͠߈ܸίʔυΛ୳͢΋ͷ͕͋Γ·͕͢ɺߨࢣͷ֬ೝ ͕औΕΔ·Ͱɺखݩʹμ΢ϯϩʔυ͢Δ͜ͱ͕ແ͍Α͏ʹ஫ҙ͍ͯͩ͘͠͞

    - ѱੑͷ߈ܸπʔϧͷར༻͕ݕ஌͞Εͨ৔߹ɺPCͷॳظԽΛ͓ئ͍͢Δ͜ͱ͕͋Γ·͢ ஫ҙࣄ߲ʢຊߨٛதʹݶΒͣؾΛ͚ͭΔ͜ͱʣ

22. ԋशͷਐΊํ

23.  ԋशͷਐΊํ ‣͔͜͜Β͸νʔϜ͝ͱʹ෼͔Ε࣮ͯࡍʹखΛಈ͔͠ͳ͕ΒਐΊ͍͖ͯ·͢ ‣νʔϜ಺ͰΘ͔Βͳ͍ਓ͕͍Ε͹ڭ͑߹͏ͳͲɺޓ͍ʹॿ͚߹͍ͳ͕Β ਐΊ͍ͯͩ͘͞ ‣ ΦϯϥΠϯͷਓ͕͍Δ৔߹ʹ͸ɺߨࢣ΋ࢀՃͰ͖ΔΑ͏ɺߨࢣ͕ೖ͍ͬͯΔSlack νϟϯωϧͷϋυϧΛ׆༻͍ͯͩ͘͠͞ ‣αʔόʔʹ઀ଓͰ͖ͳ͍ͳͲͷτϥϒϧ࣌͸SlackͰϝϯγϣϯ ʢ@pdo-fye0324bc-product-security-tutors

    ʣΛ෇͚ͯߨࢣʹ஌Β͍ͤͯͩ͘͞ɺ αʔόʔϦηοτͳͲͷରԠΛߦ͍·͢ ‣ձࣾͷϧʔϧ΍๏཯Λक্ͬͨͰ͋Ε͹ɺར༻͢Δπʔϧ΍αΠτʹ੍ݶ͸͋Γ· ͤΜ

24.  ࣄલ४උ ‣Burp Suite Community Edition: https://portswigger.net/burp/communitydownload ‣Docker Desktop: https://www.docker.com/products/docker-desktop/

    ‣࠷৽൛ͷChrome ࣗ୐͔ΒࢀՃ͍ͯ͠Δํ͸ɺΤχίω/Πϯίωʹ઀ଓͯ͠ ԋश؀ڥʹΞΫηε͍ͯͩ͘͠͞

25.  είΞαʔόʔʹ͍ͭͯ ࠓճͷԋशͰඞཁͳ࣍ͷ͜ͱ͕Ͱ͖ΔαʔόʔͰ͢ ໰୊ͷճ౴ఏग़ ֫ಘͨ͠
    ϙΠϯτͷ֬ೝ ॱҐͷ֬ೝ

26.  Check 1: είΞαʔόʔ΁ͷΞΫηεͱϩάΠϯ ӈ্ͷ-PHJOΛΫϦοΫ ഑෍͞ΕͨείΞαʔόʔͷ63-Λ։͘ʢ͜ͷαʔόʔ͸߈ܸର৅Ͱ͸ͳ͍͜ͱʹ஫ҙʂʂʣ

27.  Check 1: είΞαʔόʔ΁ͷΞΫηεͱϩάΠϯ νʔϜ͝ͱʹ഑෍͞Ε͍ͯΔϩάΠϯ৘ใͰϩάΠϯ

28.  Check 1: ໰୊Ұཡϖʔδͷ֬ೝ ˞௨ৗͷ$5'Ͱ͸͜͜ʹ໰୊จ͕هࡌ͞Ε͍ͯ·͕͢ɺࠓճ͸νʔϜ͝ͱʹ༻ҙ͞ΕͨυΩϡϝϯτΛࢀর͍ͯͩ͘͠͞

29.  ໰୊ʹ͍ͭͯ ‣෇༩ϙΠϯτ͸ɺattack͕100ɺdefense͸ɺ׬ᘳͳ৔߹͸100ɺෆ׬ શͳ৔߹ʹ͸50͕جຊͰ͢ ‣Challenge͝ͱʹ൪߸͕ৼΒΕ͍ͯ·͕͢ɺղ͘΂͖ॱ൪΍೉қ౓ʹ ؔ܎͸ແ͍ͷͰɺͲͷॱ൪Ͱղ͍ͯ΋Βͬͯ΋ߏ͍·ͤΜ ‣ͦΕͧΕͷChallenge΋ղ͘ॱ൪ʹࢦఆ͸͋Γ·ͤΜ͕ɺ question→attack→defenseͷॱʹղ͘͜ͱΛ૝ఆ͍ͯ͠·͢ ‣֤໰୊Ͱͦͷ໰୊͕ղ͚ͨνʔϜ਺Λ֬ೝͰ͖ΔͷͰɺଟ͘ͷνʔϜ ͕ղ͚ͨ໰୊͔Βղ͘ͱɺ೉қ౓͕௿͍͔΋͠Ε·ͤΜ

30. νϡʔτϦΞϧ໰୊

31. ໰୊ͷ֬ೝ 

32.  Check 2: νϡʔτϦΞϧ໰୊ʢ߈ܸฤʣɿ໰୊֬ೝ ֤νʔϜʹ഑෍͞ΕͨυΩϡϝϯτ͔Β໰୊จ͕֬ೝͰ͖·͢

33.  Check 3: νϡʔτϦΞϧ໰୊ʢ߈ܸฤʣɿ໰୊֬ೝ ໰୊จதͷϦϯΫΛΫϦοΫͯ͠ɺ߈ܸର৅ͷΞϓϦέʔγϣϯʹΞΫηε ϢʔβʔΛొ࿥ͯ͠ϩάΠϯ͢ΔͱɺϓϩϑΟʔϧ͕දࣔ͞ΕΔγϯϓϧͳ8FCαΠτ

34.  Check 4: νϡʔτϦΞϧ໰୊ʢ߈ܸฤʣɿιʔείʔυͷऔಘ $ git clone https:!" /bootcamp-2023- teamx.git

    $ cd bootcamp-2023-teamx/ $ ls … fortune … ֤νʔϜʹ഑෍͞ΕͨϦϙδτϦΛΫϩʔϯͯ͠ɺιʔείʔυΛ֬ೝ ࠓճͷ໰୊͸ʮGPSUVOFʯͱ͍͏໊લͳͷͰɺಉ໊͡લͷʮGPSUVOFʯͱ͍͏
    σΟϨΫτϦͷதʹΞϓϦέʔγϣϯͷίʔυ͕֨ೲ͞Ε͍ͯΔ

35. ΞϓϦέʔγϣϯͱιʔείʔυ͔Β ੬ऑੑΛ୳ͯ͠FlagΛ֫ಘ͠Α͏ʢ߈ܸฤʣ 

36.  νϡʔτϦΞϧ໰୊ʢ߈ܸฤʣɿFlagͷ৔ॴ 'MBH͸࠷ॳʹొ࿥͞ΕΔ؅ཧऀϢʔβʔͷ
    lGMBHzΧϥϜʹ֨ೲ͞Ε͍ͯΔ lGMBHzΧϥϜͷ஋͸ɺ
    Ϣʔβʔ໊͕zBENJOzͷͱ͖ʹදࣔ fortune/src/database/seeders/UserSeeder.php fortune/src/resources/views/user.blade.php ·ͣ͸ɺͦΕͧΕͷΞϓϦέʔγϣϯʹ͓͚Δɺ
    ຊདྷΞΫηεͰ͖ͳ͍৘ใΛ໛ͨ͠z'MBHz͕Ͳ͜ʹ֨ೲ͞Ε͍ͯΔ͔Λ୳͢

37.  Flagʹ͍ͭͯ ‣Flagͷܗࣜ͸໰୊͝ͱʹࢦఆ͕ͳ͍ݶΓɺ ctfRED{[\x20-\x7E]+} ʢ{} ಺͸දࣔՄೳͳ1จࣈҎ্ͷASCIIจࣈʣͰ͢ ‣dummy{…} ͱ͍ͬͨμϛʔͷFlag͕දࣔ͞ΕΔ͜ͱ͕͋Γ·͕͢ɺ ຊ෺Ͱ͸ͳ͍͜ͱʹ஫ҙ͍ͯͩ͘͠͞ ‣഑෍͞ΕͨιʔείʔυதͰ͸ɺຊ෺ͷFlag͕ϚεΫ͞Ε͍ͯ·͢

    ‣Flag͸ૹ৴ϑΥʔϜ͔ΒԿճૹ৴ͯ͠΋ϙΠϯτ͕ݮΔ͜ͱ͸͋Γ· ͤΜ͕ɺਪଌ͕ࠔ೉ͳจࣈྻʹͳ͍ͬͯ·͢

38.  ੬ऑੑʹ͍ͭͯ ‣࣍ͷ੬ऑੑ͸ࠓճͷ߈ܸର৅Ͱ͸͋Γ·ͤΜ • HTTPΛར༻ͯ͠௨৴͍ͯ͠Δ • CookieʹSecureଐੑ͕෇༩͞Ε͍ͯͳ͍ • DoS߈ܸ͕Մೳ •

    ϩάΠϯࢼߦճ਺ʹ੍ݶ͕ͳ͍

39. %PDLFS
    $PNQPTF  ߈ܸର৅ΞϓϦͷߏ੒ʢࢀߟʣ ഑෍͞Ε͍ͯΔιʔείʔυͷ%PDLFS
    $PNQPTFΛىಈͨ͠αʔόʔΛ༻ҙ
    ֤ϙʔτѼͷ&-#͕༻ҙ͞Ε͍ͯΔߏ੒ BQQ DSBXMFS NZTRM OHJOY QIQ

       %PDLFS
    $PNQPTF IUUQMCIPHFBQQDBG
    FMCBQOPSUIFBTUBNB[POBXTDPN IUUQMCIPHFDSBXMFSEBDBFFFCG
    FMCBQOPSUIFBTUBNB[POBXTDPN IUUQMCGVHBFCCC
    FMCBQOPSUIFBTUBNB[POBXTDPN

40. ͜ͷ͋ͱʹ౴͕͑͋ΔͷͰݟΔࡍ͸஫ҙ 

41.  νϡʔτϦΞϧ໰୊ʢ߈ܸฤʣɿ੬ऑੑ ϩάΠϯ͍ͯ͠ΔϢʔβʔͷࣝผΛ͢ΔϩδοΫΛݟͯΈΔͱɺ
    VTFS@JEͱ͍͏$PPLJF͔Β*%Λऔಘͯ͠Ϣʔβʔͷ৘ใΛऔಘ͍ͯ͠Δ͜ͱ͕Θ͔Δ

42.  νϡʔτϦΞϧ໰୊ʢ߈ܸฤʣɿ੬ऑੑ ؅ཧऀϢʔβʔ͸ΞϓϦέʔγϣϯͷσϓϩΠ࣌ʹ࠷ॳʹొ࿥͞Ε͍ͯΔͷͰɺ
    ؅ཧऀϢʔβʔͷVTFS@JE͸Ͱ͋Δ͜ͱ͕༧૝Ͱ͖Δ (PPHMF
    $ISPNF
    %FWFMPQFS
    5PPMT
    Λར༻ͯ͠ɺ$PPLJFΛฤू
    VTFS@JEΛʹมߋ

43.  νϡʔτϦΞϧ໰୊ʢ߈ܸฤʣɿ੬ऑੑ ΋͏Ұ౓ϦΫΤετΛૹ৴͢Δͱɾɾɾ 'MBH͕දࣔ͞Εͨ

44.  Check 5: νϡʔτϦΞϧ໰୊ʢ߈ܸฤʣͷϑϥάఏग़ ֫ಘͨ͠'MBHΛ
    ໰୊͝ͱͷϑΥʔϜ͔Βૹ৴ ໰୊͕྘৭ʹมԽͯ͠
    ϙΠϯτ֫ಘ ˞օ͞Μͷਐḿ۩߹Λ֬ೝ͍ͨ͠ͷͰɺ
    ϑϥά͸ͳΔ΂͘ཷΊࠐ·ͣʹఏग़Λ͓ئ͍͠·͢

45. ߈ܸʹར༻Ͱ͖ͨ੬ऑੑΛमਖ਼ͯ͠ΈΑ͏ʢ๷ޚฤʣ 

46.  मਖ਼ʹ͍ͭͯ ‣੬ऑੑҎ֎ͷ෦෼ͷಈ࡞͸Ͱ͖Δ͚ͩอͬͨ··Ͱमਖ਼Λߦͬͯͩ͘ ͍͞ ‣Ұؾʹଟ͘ͷఏग़͕͋Δͱ֬ೝ͕େมʹͳΔͷͰɺमਖ਼͸ਵ࣌ఏग़͠ ͯ΋Β͑Δͱॿ͔Γ·͢ αϒϚϦϯઓ๏

47.  Check 6: νϡʔτϦΞϧ໰୊ʢ๷ޚฤʣɿमਖ਼ͷಈ࡞֬ೝ $ cd bootcamp-2023-teamx/fortune $ ls docker

    docker!entrypoint.sh src docker!compose.yml resources # dockerίϯςφͷىಈͱಉ࣌ʹιʔείʔυΛؚΊͨϏϧυΛ͢Δ # αʔό͕ىಈͯ͠ɺhttp:"#localhost:8000/ ͔ΒΞΫηεͰ͖Δ $ docker compose up "$build ഑෍͞ΕͨϦϙδτϦͷίʔυΛमਖ਼ɺEPDLFS
    DPNQPTFͰαʔόΛىಈͯ͠ಈ࡞֬ೝ

48.  Docker Composeͷجຊૢ࡞ # phpαʔϏεͷίϯςφͰγΣϧΛىಈ $ docker compose exec php

    /bin/bash # ίϯςφΛ࡟আ $ docker compose down

49.  Check 7: νϡʔτϦΞϧ໰୊ʢ๷ޚฤʣɿίʔυͷमਖ਼ ϑϨʔϜϫʔΫʹ༻ҙ͞Εͨηογϣϯؔ࿈ͷ"1*Λར༻ͯ͠ɺ
    VTFS@JEͷอ؅΍ࢀর͢Δͱ҆શʹमਖ਼Ͱ͖Δ fortune/src/app/Http/Controllers/UserController.php ϩάΠϯ࣌ͷϢʔβʔ৘ใऔಘ͸ɺηογϣϯ$PPLJFΛར༻͢Δͷ͕Ұൠత

50.  Check 8: νϡʔτϦΞϧ໰୊ʢ๷ޚฤʣɿमਖ਼ͷఏग़ NBTUFSϒϥϯνʹमਖ਼ίϛοτΛؚΊͨޙɺ4MBDLͷ֤νʔϜͷνϟϯωϧʹͯɺ
    ԼهͷΑ͏ͳϝοηʔδͰߨࢣʹ௨஌͍ͯͩ͘͠͞ ߨࢣ͕֬ೝޙɺείΞαʔόʔ্ͰϙΠϯτΛ෇༩ͯ͠ɺ݁ՌΛฦ৴͠·͢
    ʢNBTUFSϒϥϯνͷΈ͕࠾఺ର৅Ͱ͋Δ͜ͱʹ஫ҙʣ

51.  Check 9: είΞαʔόʔ্Ͱͷ֫ಘϙΠϯτͷ֬ೝ 4DPSFCPBSEλϒ͔Βɺ֤νʔϜ͕֫ಘͨ͠఺਺Λ֬ೝͰ͖Δ

52. ໰୊Λղ͘ࡍʹ༗༻ͳπʔϧͷجຊతͳ࢖͍ํ

53.  Chrome Developer Tools 0QUJPO $PNNBOEʴ*Ͱىಈ ʮιʔεʯλϒ ݱࡏͷϖʔδͷදࣔʹඞཁͳ)5.-ɺ+4ɺ$44ͳͲ
    ΛӾཡͰ͖Δ
    +4ͷ৔߹͸ɺߦ൪߸ΛΫϦοΫ͢Δ͜ͱͰɺ
    

    ϒϨʔΫϙΠϯτΛઃఆͰ͖ɺ
    ॲཧ్தͷม਺ͷ஋ͳͲΛݟΔ͜ͱ͕Ͱ͖Δ

54.  Chrome Developer Tools ʮΞϓϦέʔγϣϯʯλϒ ද͍ࣔͯ͠Δ8FCαΠτ͕ར༻Ͱ͖Δ
    $PPLJF΍MPDBM4UPSBHFͷӾཡ΍ฤू͕Մೳ ʮωοτϫʔΫʯλϒ ϒϥ΢βͰൃੜͨ͠ϦΫΤετΛӾཡͰ͖Δ
    ʮϩάΛอ࣋ʯʹνΣοΫΛ෇͚Δ͜ͱͰϖʔδભҠ͕
    

    ൃੜͯ͠΋ɺϦΫΤετ͕࡟আ͞Εͳ͘ͳΔ

55.  BurpSuite ىಈޙʹʮ1SPYZʯˠʮ*OUFSDFQUʯ͔Β
    ʮ0QFO
    CSPXTFSʯΛΫϦοΫ͢Δ͜ͱͰɺ૊ΈࠐΈϒϥ΢β͕ىಈ

56.  BurpSuite ʮ*OUFSDFQU
    JT
    POʯͷঢ়ଶʹ͢Δͱϒϥ΢βͰൃੜͨ͠ϦΫΤετΛதஅ͠ɺ
    ฤूΛͯ͠ɺૹ৴͢Δ͜ͱ͕Ͱ͖Δ

57.  curl # CookieϔομΛઃఆͯ͠ϦΫΤετ $ curl -H ‘Cookie: user_id=1’ http:!"localhost:8000/

    # ϑΥʔϜͷૹ৴ $ curl -X POST #d ‘param=1&param2=hoge’ http:!"example.com/ # ϑΝΠϧΛΞοϓϩʔυ $ curl -X POST -F upfile=@/path/to/sample.txt http:!"example.com/upload λʔϛφϧ͔Β)551ϦΫΤετΛૹ৴Ͱ͖Δπʔϧ

58.  Pythonͷrequests $ python3 #m pip install requests 1ZUIPOͷ)551ΫϥΠΞϯτϥΠϒϥϦ import

    requests r = requests.get(‘http:!"example.com') print(r.text) r = requests.post(‘http:!"example.com', data={‘param1’: ‘value1’}, headers={‘Cookie’: ‘hoge=fuga’}) print(r.text)

59.  webhook.site IUUQTXFCIPPLTJUF
    ʹΞΫηε͢Δͱɺࣗಈతʹ63-͕ൃߦ͞ΕΔ

60.  webhook.site $curl -X POST !d ‘hoge=fuga' https:"# webhook.site/ /

    <scri t>fetch(‘htt s:"#webhook.site/ ’) "%script> ϒϥ΢βͰΞΫηε DVSMͰૹ৴͢Δ TDSJQUλάͰϦΫΤετૹ৴ ൃߦ͞Εͨ63-ʹԿΒ͔ͷํ๏ͰϦΫΤετΛૹ৴

61.  webhook.site ൃߦ͞Εͨ63-Ѽͷ)551ϦΫΤετͷத਎Λ֬ೝͰ͖Δ NFUIPEͱ63- ΫΤϦύϥϝʔλ ϦΫΤετϘσΟ ϦΫΤετϔομ

62. ࠷ޙʹ

63. ϙΠϯτΛଟ֫͘ಘͨ͠νʔϜ  ࠓճͷԋशͷউऀ͸

64. ϙΠϯτΛଟ֫͘ಘͨ͠νʔϜ  ࠓճͷԋशͷউऀ͸ Ͱ͸ͳ͘ɾɾɾ

65. ϙΠϯτΛଟ֫͘ಘͨ͠νʔϜ  ࠓճͷԋशͷউऀ͸ Ͱ͸ͳ͘ɾɾɾ Ͱ͖Δ͚ͩଟ͘ͷ͜ͱΛֶ΂ͨνʔϜ

66. ϙΠϯτΛଟ֫͘ಘͨ͠νʔϜ  ࠓճͷԋशͷউऀ͸ Ͱ͸ͳ͘ɾɾɾ Ͱ͖Δ͚ͩଟ͘ͷ͜ͱΛֶ΂ͨνʔϜ νʔϜͷதͰڠྗ͋ͬͯ͠ԋशΛਐΊ͍ͯͩ͘͞ ߨࢣਞ͔Βͷώϯτ΋ੵۃతʹ׆༻͍ͯͩ͘͠͞

67. None