Using zombie and botnet model in silent web application reconnaissance
In today’s internet, communication between users is evolving in a very fast pace, interaction through web application becomes one of the most common way to exchange information with each other. As more and more web applications emerge in the market, web application naturally becomes a target for att...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
2013
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/10356/52775 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | In today’s internet, communication between users is evolving in a very fast pace, interaction through web application becomes one of the most common way to exchange information with each other. As more and more web applications emerge in the market, web application naturally becomes a target for attackers to work their way in exploiting the application. Moreover, many of the users today have low awareness of internet security which enable the attackers to unknowingly control them to perform malicious activities.
In this project, we will be looking at different types of tools for web application reconnaissance, in particular using zombie and botnet model, and discuss what is the information collected and how silent the reconnaissance will be to the web application server and user.
This project provides a brief introduction on the two types of zombie and botnet model, centralized and decentralized, as well as two types of reconnaissance techniques, active and passive. A range of selected reconnaissance tools are then tested for the usage of the tools and the information collected. Finally, analysis of each individual tools and comparison between the tools would be done.
Level of silence in this project is depicted as how stealthy the reconnaissance is to the web application server; it is considered as silence as long as it is untraceable back to the attacker. The results have shown that for the active reconnaissance tools, the higher the level of silence, the lesser the information gained. But with the combination of passive and active techniques, we can achieve high silence level and high information gain.
The combination of the techniques is by using the passive zombie and botnet model technique to perform active web application reconnaissance which can be incorporated into one new toolkit for easy manipulation over the botnet. |
|---|