Task Type: ** (Easy - Medium)
Objective: Understand how real web application attacks work, and methods for mitigating
For this question you must use virtnet (as used in the workshops) to study web application
attacks. This assumes you have already setup and are familiar with virtnet. See Moodle and
workshop instructions for information on setting up and using virtnet, deploying the website,
and performing the attack.
Your task is to:
? Create topology 7 in virtnet
? Deploy the MyUni demo website on the nodes
? On node4, add a user to the grading web application with username set to your
student ID, and password set to your first name.
? Perform an unvalidated redirect attack, such that the attacker steals your
? While performing the attack, take a screenshot of the window showing the stolen
After performing and understanding the attack, answer the following sub-questions.
(a) Give a short description of an unvalidated redirect attack, referring to the steps you
performed in the attack and the vulnerability your attack exploited.
(b) Assuming a website must use redirects, recommend a technique that can be used to
minimise the impact of unvalidated redirect attacks.
(c) In the attack you performed in virtnet, describe what methods the attacker used (other
than an unvalidated redirect) and how the attacker benefits from the attack (that is, what
do they gain and how?).
(d) Include the screenshot of the stolen username/password obtained during the attack.