• Please finish the lab according to the attached file , then submit the report of lab 4 based on the lab report template.
• Please submit your source code in zip file. (4.3.zip)
Assignment 4.1 Session Hijack
• Try to capture session cookie of pms.sustc.edu.cn (yours or your classmates’)
• Manipulate your cookie of pms.sustc.edu.cn to hijack this session. (Chrome Extension: edit this cookie)
• Or you can replay the HTTP request using curl. (https://github.com/jullrich/pcap2curl)
• Write your report:
– How did you capture the cookie? What’s the content of the cookie?
– How did you set your cookie into target values? Show the edit page
– Did you success hijack the session? Describe how did you do it
Assignment 4.2 DNS Inspection
• Capture DNS query sent from your computer
– Using capture filter udp port 53
– Using display filter (any domain filter is ok)
◦ Write your report:
– How did you trigger the DNS query ?
– Where did the query send? (IP)
– What did the query said?
– Does the server support recursive query?
– What did the response said?
Assignment 4.3
Enhanced File Browser (Class A Only)
• Based on Assignment 3.3, implement following features:
– Range Header support
▪ With this feature implemented, user can pause and resume download file from the server.
– Session Cookie support:
▪ Remember last folder user visited, response with 302 Found if user access root directory.
Example:
Request: GET http://localhost:8080
Response: 302 Found, Location: http://localhost:8080/lastdir
Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Location
