School of Computer Science Engineering and Information

Systems (SCORE)

Fall Semester 2023 – 24

CSE3501 – Information Security Analysis and Audit

Slot: F1

Attackers and Defenders Team Penetration Testing

REVIEW

Under the guidance of,

Dr. Navaneethan C

Team Members:

Name Reg. No
Anantha Cauvery M 20MIS0122

Suthindra D 20MIS0329

Arulmozhiarasu M 20MIS0358

1
 LIST OF FIGURES

Figure No Figure Label Page Number

1.1 DoS Attack & detect using Slowloris, 28
LOIC and Wireshark tools
1.2 Man in the Middle Attack using Ettercap & 28
Defence using XARP tools
2.1 Functional Architecture of DoS Attack 29
2.2 Functional Architecture of DoS Defence 29
3.1 Modular Architecture of MITM (ARP 30
poisoning) Attack
4.1 Image depicting DoS Attack on Apache2 31
using Slowloris tool
4.2 Image depicting creation of sockets and 31
website loads for more time
4.3 Image depicting DoS attack on Gruyere 32
website using LOIC tool
4.4 Image depicting Gruyere website is loading 32
for more time
4.5 Enabling the Ettercap tool for MITM 33
attack in Kali Linux
4.6 Starting sniffing by adding the targets 33
4.7 Sniffing is stopped 34
4.8 Pinging the target IP address in cmd 34
4.9 Flooding IP address 192.168.34.178 35
4.10 DoS attack in progress on IP address 35
192.168.34.174 (Attacker machine)
4.11 Detecting DoS using Wireshark tool 35
(Victim machine)
4.12 Detecting MITM attack using Xarp tool 36
4.13 Details of attacks 36

2
ABSTRACT:

Attackers and Defenders Team penetration/pen test is an attempt to evaluate the security of an
IT infrastructure by safely trying to exploit vulnerabilities. The objective of this project is not
only to pinpoint security issues but also to get information that will help improve those issues.

Attacker Team: An attacker team plays the role of the attacker by trying to find vulnerabilities
and break through cybersecurity defences. We address two attacks namely,

• Denial of service attack: We induce DOS attack using Slowloris & LOIC tool. The
application we are going to induce attack is Apache2 server.

• Man in the Middle Attack- ARP spoofing: We induce MITM attack using Ettercap tool.

Defender Team: A defender team defends against attacks and responds to incidents when they
occur. These attacks can be prevented by using following tools:

• Wireshark for detecting DOS attack.

• XARP tool for detecting ARP spoofing.

Here, we create 2 virtual machine Kali Linux, and Ubuntu. Attacking team will be using Kali
Linux and defending team will be using Ubuntu for DoS attack.

Again, attacking team will be using Kali Linux OS and defending team will be using Ubuntu
for ARP spoofing.

INTRODUCTION:

In this project, 6 among 10 OWASP attacks, Social Engineering Attacks are done. The OWASP
top 10 attacks are Broken Authentication and Session Management attacks, Security
Misconfiguration, Cross-Site Scripting (XSS), Injection – SQL Injection, Insecure Direct
Object References (IDOR), Cross-Site Request Forgery (CSRF), Insecure Cryptographic
Storage, Failure to Restrict URL Access, Insufficient Transport Layer Protection and
Unvalidated Redirects and Forwards. Attackers and defenders’ teams both strive to increase an
organization's security, but they approach the task in different ways. An attackers team
simulates an attacker by looking for weaknesses and trying to get past cybersecurity barriers.

3
 When an incident occurs, a defending team answers and defends against attacks. With the goal
of simulating an actual attack, these two professional teams compete to test a security system.
Finding vulnerabilities, enhancing network security, developing expertise in identifying and
containing attacks, and developing cybersecurity teams are just a few advantages of using
attackers’ teams as opposed to defenders’ teams.

LITERATURE SURVEY:

Paper title Challenges about Methodology Application Pros Cons

previous
technologies
Paper 1: High false positive The paper The paper aims It addresses It only
SECSIX: or false negative proposes a to provide a three major focuses on
security rates security engine comprehensive types of web PHP web
engine for called and integrated application applications
CSRF, SQL Limited scope or SECSIX, solution for vulnerabiliti and does not
injection coverage of which stands preventing web es in a single consider
and XSS vulnerabilities for Security application security other
attacks Engine for vulnerabilities engine. programming
Inefficiency or CSRF, SQL that are common languages or
complexity of Injection and and critical in It uses a platforms.
detection or XSS attacks. the modern web hybrid
prevention environment. approach It does not
mechanisms The paper that compare or
describes the The paper combines contrast its
Lack of overall claims that static and solution with
integration or architecture SECSIX can dynamic other existing
compatibility with and the effectively analysis or emerging
existing systems algorithms of counter SQL techniques. technologies
or frameworks SECSIX, injection, XSS, or
which works in and CSRF It generates frameworks.
Dependency on two modes: attacks with models
manual safe mode and high detection based on It does not
intervention or real mode. rates and low tokens, tags, discuss the
user input false positive attributes, limitations or
The paper rates. and sessions challenges of
explains how to compare its solution
SECSIX The paper safe and real or provide
performs suggests that inputs. any future
scanning, SECSIX can be work
hotspot applied to any It provides a directions.
identification, PHP web detailed
instrumentatio application description
n, model without and
generation, requiring any evaluation of

4
 validation, and modification or the proposed
error reporting configuration by solution with
for each type the developers empirical
of or users. data.
vulnerability.

The paper also

provides
implementatio
n details and
empirical
analysis results
of SECSIX on
three PHP web
applications
with different
complexities.
Paper 2: The paper The paper uses The paper aims The pros of The cons of
Systematic discusses the a systematic to provide a the paper are the paper are
Literature challenges and literature survey of the that it covers that it does
Review on issues of previous review (SLR) current state-of- a novel and not include
Penetration technologies used methodology the-art in important any empirical
Testing for in penetration to conduct a penetration topic that evaluation or
Mobile testing, such as the comprehensive testing of MCC has not been validation of
Cloud lack of models and critical applications and sufficiently its proposed
Computing and tools, the analysis of the to identify the addressed by classification
Applications complexity and existing requirements, previous scheme or
cost of manual studies on challenges, and studies; it requirements;
testing, the penetration future directions provides a it does not
disregard of testing of for this research rigorous and discuss the
offloading and mobile, cloud, domain. The systematic ethical or
multiple and MCC paper also review of the social
vulnerability applications1. proposes a new related implications
domains, and the The paper classification literature; it of
platform follows the scheme for presents a penetration
dependency and standard SLR penetration clear and testing; and it
invisibility of guidelines of testing models informative does not
testing processes. Kitchenham based on their summary of compare or
and Charters components, the findings; contrast its
and consists of target and it offers findings with
three main vulnerabilities, useful other related
phases: and features. insights and surveys or
planning, recommenda reviews.
conducting, tions for
and reporting. future
research.
Paper 3: The difficulty of Defining the Detecting and It provides a It does not
Social cyber collecting and research countering comprehensi provide a
forensics: analysing large- problem and online influence ve overview clear
leveraging campaigns and of the definition or

5
open-source scale social media the scope of cyber threats by emerging conceptual
information data in real time. analysis. various actors, field of framework
and social such as state- social for social
network The lack of Identifying the sponsored cybersecurit cybersecurity
analysis to standardized relevant data actors, terrorist y and its that
advance methods and tools sources and groups, criminal objectives, distinguishes
cyber for social cyber collecting the organizations, challenges, it from other
security forensics and data using etc. and related fields
informatics influence various tools opportunities or
detection. and Enhancing the It showcases disciplines.
techniques, resilience and some
The ethical and such as web security of examples of It does not
legal implications crawlers, APIs, online social discuss in
of accessing and scraping, etc. communities cybersecurit detail the
using online social and civil society y research theoretical
data for security Preprocessing against cyber- projects and foundations
purposes. and cleaning mediated tools that or
the data to manipulation demonstrate assumptions
The complexity remove noise, and the value underlying
and diversity of duplicates, misinformation. and impact social
cyber-mediated errors, etc. of this field. cybersecurity
influence Supporting the research or
campaigns and Analysing the decision-making It proposes a the ethical
their effects on data using and policy- research principles or
human behaviour various making agenda for guidelines
and social methods and processes of social that should
outcomes. tools, such as governments cybersecurit guide it.
network and y that
analysis, organizations in outlines It does not
content dealing with some key present any
analysis, cyber-related research empirical
sentiment challenges and questions, evidence or
analysis, opportunities. topics, and evaluation of
machine directions the
learning, etc. Advancing the for future effectiveness
scientific work. or outcomes
Visualizing understanding of of social
and human cybersecurity
interpreting the behaviour and research or
results using social dynamics tools.
various tools in cyber-
and mediated
techniques, environments.
such as graphs,
maps,
dashboards,
etc.

Evaluating the
validity and

6
 reliability of
the results and
comparing
them with
other sources
of evidence.

Reporting and
disseminating
the findings
and
recommendati
ons to relevant
stakeholders
and audiences.
Paper 4: A Previous The paper The paper aims The paper The paper
SQL technologies for proposes an to provide a uses multi- does not
Injection SQL injection adaptive deep comprehensive grained provide a
Detection detection include forest-based SQL injection scanning and clear
Method static analysis, method (ADF) detection cascade definition of
Based on dynamic analysis, to detect architecture that structure to adaptive
Adaptive parameter complex SQL can detect all enhance the deep forest
Deep Forest filtering, and injection SQL injection feature and how it
machine learning attacks. attack types and representatio differs from
methods. ADF consists has the n and deep forest.
Static analysis of two stages: flexibility to characterizat The paper
methods cannot off-line update when a ion learning does not
detect attacks with training and new type of of SQL explain how
correct input types online testing. attack occurs. injection the AdaBoost
and have high In the off-line The paper also attacks. algorithm is
false positive training stage, aims to improve The paper integrated
rates. the paper the detection evaluates the into the deep
Dynamic analysis collects accuracy, proposed forest model
methods can only training data efficiency, method on in detail.
detect predefined from honeypot robustness, and various types The paper
vulnerabilities and technology and scalability of of SQL does not
have no detection vulnerability SQL injection injection provide a
capability for submission detection attacks and comprehensi
unknown platforms, methods compares it ve literature
vulnerabilities. preprocesses compared with with review of
Parameter filtering the data, previous classical related work
methods rely on extracts technologies. machine on SQL
regular features based The paper can learning injection
expressions and on SQL be applied to methods and detection
blacklists, which injection web security, deep neural methods.
cannot cover the characteristics, database network The paper
diversity of SQL and trains a security, methods. does not
grammar and user deep forest network The paper discuss the
input. model with security, and shows that limitations
multi-grained other fields that the proposed and future

7
 Machine learning scanning and involve SQL method has work of the
methods require cascade queries and user better proposed
complex feature structure. inputs. performance method.
engineering and In the online than existing
have limited testing stage, methods in
detection scope the paper terms of
for different decodes the accuracy,
subsets of SQL unknown SQL recall, F1-
injection. They statements, score,
also suffer from extracts computation
overfitting and features, and al cost,
scalability classifies them flexibility,
problems when as malicious or and
dealing with normal using robustness.
multiple features the trained
and large-scale model.
data. The paper also
incorporates
the AdaBoost
algorithm into
the deep forest
model to
update the
feature weights
according to
the
classification
error rate of
each layer.
Paper 5: Black box, white The paper The paper The paper The paper
Hardware box, and grey box presents a case demonstrates the provides a does not
Penetration testing, which study of the application of realistic and provide a
Testing have limitations in Hack@DAC hardware comprehensi formal
Knocks test coverage, 2019 penetration ve scenario evaluation or
Your SoCs scalability, and competition, testing as a of hardware comparison
Off complexity. where the practical and security of their
Formal authors effective testing based approach
verification, which participated as technique to on a real with other
is mathematically a team of identify security competition. existing
rigorous but hardware vulnerabilities in The paper methods or
computationally penetration SoC designs. illustrates tools.
expensive and testers. The paper also their The paper
infeasible for large Divide the SoC shows the approach does not
SoCs. into different importance of with discuss the
SecVerilog, which domains: security concrete ethical
introduces system verification and examples of implications
security-aware architecture, IP validation for vulnerabiliti or potential
language core hardware es and misuse of
constructs but architecture components, exploits that hardware
does not guarantee and especially 3PIP they penetration

8
 the correct usage implementatio cores that might discovered testing
of them by the n, and CPU. not be during the techniques.
developers. Perform trustworthy or competition.
manual code well-tested. The The paper
inspection to paper aims to discusses
find indicators encourage possible
that confirm or further research countermeas
reject the and ures and
hypotheses. development of future
tools and directions
methods for for
hardware improving
security testing.hardware
security
verification
and
validation.
Paper 6: A Previous The paper The paper is The paper The paper
Survey on technologies for describes the useful for covers a does not
Web web application background researchers and wide range provide any
Application security suffer and impact of practitioners of web empirical
Attacks. from various each type of who are application evaluation or
limitations such as attack, as well interested in attacks and comparison
built-in as the existing web application their of the
limitations, partial techniques for security and prevention existing
implementations, mitigating want to learn techniques in techniques in
complicated them. The about the a systematic terms of
frameworks, paper also various types of and performance,
developer’s discusses the attacks and their comprehensi accuracy,
ability, run-time challenges and countermeasures ve manner. scalability, or
overhead, false issues of . usability.
positives and false previous The paper
negatives, no technologies, The paper can provides a The paper
secure channel as well as their help them to clear and does not
between the web respective understand the concise propose any
server and web limitations. strengths and summary of novel or
browser, response weaknesses of each innovative
delay, additional The paper does existing technique, as solution or
infrastructure, and not propose techniques, as well as its framework
cost of any new well as to advantages for web
deployment. technique or identify the gaps and application
framework for and challenges disadvantage security.
Previous web in the field. s.
technologies for application The paper
SQL injection security, but The paper can The paper does not
prevention include rather provides also serve as a highlights discuss other
query structure a reference for the types of web
validation, data comprehensive future work and limitations application
mining, overview and development of and attacks that
middleware-based analysis of the more effective challenges of are not

9
 encryption and current state- and efficient previous covered by
hashing, attribute of-the-art. solutions for technologies, the OWASP
value removal, web application as well as top 10 list.
and query security. the future
comparison. possibilities
and feasible
countermeas
ures.
Paper 7: The complexity It proposes a The paper aims It addresses It does not
Early and diversity of methodology to apply a pressing consider
Detection of web application for developing SCAAMP to and relevant other types of
Security threats and a tool, called supplement the problem in web
Misconfigur attacks, which SCAAMP, that defence against web application
ation. require automates the security application vulnerabilitie
comprehensive detection and misconfiguratio security, s, such as
and multi-layered correction of n vulnerabilities which is code
defence security in web often injection,
mechanisms. misconfigurati applications and overlooked logic flaws or
The lack of on server or broken
security awareness vulnerabilities environments. underestimat authenticatio
and skills among in web server The paper ed by n, which may
web developers, environments claims that developers also affect
who often use for Apache, SCAAMP can and the security
ready-made MySQL, and benefit the users administrato of web
frameworks and PHP (AMP). (i.e., web rs. applications.
code without developers and It provides a It does not
understanding Identifying the administrators) comprehensi evaluate the
their security security- by: ve and performance
implications. critical Giving them systematic or scalability
The difficulty and configuration control over analysis of of the tool,
impracticality of directives for their backend security such as its
manually auditing each configurations configuratio execution
and fixing security component of and alerting n time,
configuration the AMP them to potential vulnerabiliti memory
settings for web environment, risks and es in the usage or
server based on recommendation AMP compatibility
environments, official s. environment, with different
which are often documentation Making it easier covering a versions or
relaxed or s, for them to audit wide range configuration
insecure by recommendati and fix of directives s of the AMP
default. ons, and expert misconfiguratio and components.
The scarcity and opinions. n vulnerabilities scenarios. It does not
limitations of Designing a with minimal It presents a compare or
existing tools and web-based effort and novel and contrast its
techniques for user interface intervention. practical tool tool with
detecting and that allows Reducing the that other existing
preventing users to need for follow- automates tools or
security initialize, up extensive and the detection techniques
misconfiguration audit, fix and expensive and for web
vulnerabilities in rate the security testing correction of application

10
 web applications security for their web security security
and server configuration applications. misconfigura testing or
environments. settings of tion configuration
their server vulnerabiliti management,
environments. es in a user- which may
Implementing friendly way. have similar
the core It conducts a or
modules of detailed complementa
SCAAMP, experimental ry features or
which include evaluation of objectives.
the security the tool on
configuration real-life
auditor, fixer server
and safety packages
rating module, with
as well as the different
auxiliary platforms,
modules for showing its
platform effectiveness
detection, and
environment usefulness.
resitter and
initializer.
Paper 8: Lack of The paper uses The paper aims The paper The paper
Broken experience and a manual to provide a covers a does not
Authenticati knowledge in web penetration comprehensive wide range provide any
on and security testing method assessment and of web theoretical or
Session programming following a analysis of application empirical
Managemen among developers. double-blind broken vulnerabiliti justification
t Neglecting of testing strategy authentication es and their for the
Vulnerabilit using encryption to conduct a and session exploitation selection of
y: A Case methods and case study on management techniques, the sample
Study of secure coding 267 websites vulnerability which can size and the
Web practices. of public and and its help to sampling
Application Inadequate testing private sectors exploitation understand method,
Vulnerabilit and auditing of in Bangladesh. techniques in the current which may
ies in Web web applications The paper web applications state of web affect the
Applications before identifies five of Bangladesh. security in validity and
. deployment. exploitation The paper also Bangladesh. reliability of
Insufficient techniques of intends to raise The paper the results.
research on broken awareness and uses a The paper
broken authentication provide systematic does not
authentication and and session recommendation literature compare or
session management s for improving review to evaluate the
management vulnerability, the security of identify the effectiveness
vulnerabilities and such as session web applications existing of different
their exploitation misconfigurati against these research prevention
techniques. on attack, attacks. gaps and techniques or
cracking/guess challenges tools for
ing weak on broken mitigating

11
 password, authenticatio broken
exploiting n and authenticatio
authentication session n and session
problem, management management
decoding vulnerability. vulnerability.
inadequate The paper The paper
encryption, provides a does not
and exploiting detailed discuss the
other description ethical
vulnerabilities. and implications
The paper demonstratio or limitations
analyses the n of each of
frequency and exploitation conducting
impact of these technique penetration
exploitation with testing on
techniques on screenshots real websites
different and code without prior
domains and examples, consent or
sectors, and which can authorization
provides some help to from the
prevention reproduce owners.
guidelines for and prevent
developers and the attacks.
administrators.
Paper 9: The paper The paper The paper aims The paper The paper
Advanced discusses the proposes a to provide a covers a does not
social limitations of taxonomy for comprehensive wide range provide
engineering traditional security the and complete of social empirical
attacks. measures and user classification overview of engineering data or
awareness of social social attacks, both evaluation of
programs to engineering engineering traditional the proposed
prevent social attacks based attacks on the and novel, taxonomy or
engineering on three main knowledge and provides the state-of-
attacks. categories: worker, to a detailed the-art
The paper also channel, monitor the state analysis of attacks. The
points out the lack operator, and of the art of their paper also
of systematic and type. research in this characteristi does not
comprehensive The paper field, and to cs, methods, discuss in
research on social reviews the provide a and depth the
engineering, state-of-the-art comprehensive consequence possible
especially on attacks on taxonomy to s. The paper solutions or
novel and online social categorize social also offers a countermeas
nontraditional networks, engineering clear and ures to
attacks such as cloud services attacks and structured prevent or
APTs, waterholing and mobile measure their taxonomy mitigate
and automated applications, impact. that can help social
social engineering. and describes The paper also researchers engineering
The paper how they can intends to and attacks. The
highlights the be used to facilitate the practitioners paper also
challenges of perform development of to does not

12
 detecting and advanced effective understand address the
defending against social countermeasures and classify ethical or
social engineering engineering and further different legal issues
attacks that exploit attacks on the interdisciplinary types of related to
online social knowledge research in the social social
networks, cloud worker. field of social engineering engineering
services and The paper engineering. attacks. The research or
mobile provides real- paper also practice.
applications as world discusses
new attack examples of real-world
vectors. recent social incidents of
engineering successful
attacks that social
used spear- engineering
phishing and attacks and
waterholing as their
the initial implications
attack vectors for
and analyses information
their impact security and
and privacy.
implications.
Paper 10: The paper The paper The paper The paper The paper
Automatic discusses the proposes claims that provides a does not
Recognition, limitations of EsPReSSO, a EsPReSSO can detailed provide a
Processing previous Burpsuite facilitate the overview of formal
and approaches to extension that security analysis modern SSO security
Attacking of analyse SSO automatically of SSO protocols analysis or
Single Sign- protocols, such as identifies SSO protocols by and how evaluation of
On formal analysis, protocol providing an they can be EsPReSSO
Protocols implementation messages and easy to use and distinguishe itself, such as
with Burp analysis, and classifies them, comprehensive d from each its
Suite. specific tools. so that security tool that other. correctness,
auditors can supports The paper completeness
The paper points benefit from it. multiple introduces a , or
out that formal protocols and novel tool soundness.
analysis cannot The paper attack scenarios. that can
detect describes the detect and The paper
implementation design and The paper classify SSO does not
flaws, implementatio suggests that messages compare
implementation n of EsPReSSO can automaticall EsPReSSO
analysis is often EsPReSSO, help security y in a with other
limited to one which consists auditors to browser’s existing tools
protocol or one of three detect, display, traffic flow.or extensions
attacker model, modules: and modify SSO for SSO
and specific tools Scanner, messages in a The paper analysis in
are not extensible Visualizer, and human readable demonstrates terms of
or accurate Manipulator. format, as well the features,
enough to support as to launch usefulness
more attack attacks using and

13
 vectors and The paper predefined or effectiveness accuracy, or
protocols. evaluates the custom vectors. of performance.
functionality EsPReSSO
The paper also and The paper also by showing The paper
notes that existing performance of states that examples of does not
tools and EsPReSSO by EsPReSSO can how it can discuss the
extensions for testing it on be easily be used for ethical or
SSO analysis are various extended to security legal
either focused on websites that include more audits and implications
one protocol (such use different protocols, attacks. of using
as SAML) or do SSO protocols. features, and EsPReSSO
not provide attacks in the for malicious
enough features future. purposes or
for manipulating without
and attacking SSO consent.
messages.
Paper 11: CSRF attacks are The paper The paper aims The paper The paper
Threat difficult to detect reviews and to provide a provides a does not
Modelling and prevent analyses more useful reference comprehensi provide any
for CSRF because they than 200 CSRF for CSRF ve and empirical
attacks. exploit the normal attacks researchers or systematic evaluation or
behaviour of web published on web application analysis of validation of
browsers and the NVD security CSRF the proposed
servers, such as (National administrators to attacks based approach or
sending cookies Vulnerability design CSRF on real- the suggested
and validating Database) until defences and world data mitigations.
requests based on March 2009, mitigation and The paper
them. and classifies mechanisms. examples. does not
CSRF attacks can them into three The paper also The paper compare or
have serious categories: intends to raise proposes a contrast its
consequences, stored CSRF, awareness and novel and approach
such as reflected education practical with other
compromising CSRF, and among web approach to existing
user accounts, combination of users and threat methods or
transferring funds, both. developers modelling frameworks
changing The paper about the risks and attack for CSRF
preferences, or demonstrates a and impacts of analysis of detection or
performing real-world CSRF attacks. CSRF prevention.
unauthorized reflected attacks from The paper
actions on behalf CSRF attack an does not
of the user. against a adversarial address some
CSRF attacks can popular perspective. emerging or
be launched from Chinese social The paper advanced
different domains network presents techniques or
or within the same website and clear and challenges of
domain, using shows how the detailed CSRF
various techniques attacker can diagrams attacks, such
such as malicious force the user and as cross-site
links, forms, to logout by illustrations scripting
images, scripts, or to explain request

14
 XMLHTTPReque crafting a the processes forgery
st objects. malicious link. and (CSRF-
CSRF attacks can The paper scenarios of XSS), cross-
bypass some creates threat CSRF origin
security models for attacks. resource
mechanisms, such stored and The paper sharing
as HTTPS, SSL, reflected offers some (CORS), or
or secret tokens, CSRF attacks suggestions browser
by exploiting using data flow and extensions.
vulnerabilities in diagrams recommenda
the web (DFD) and tions for
applications or the identifies the mitigating
browsers. possible CSRF
CSRF attacks can vulnerabilities vulnerabiliti
be combined with that can be es and
other web exploited by protecting
application adversaries to web
attacks, such as conduct CSRF applications
XSS, SQL attacks. The and users
injection, or paper also from CSRF
phishing, to develops attacks.
increase their attack trees to
effectiveness and illustrate how
impact. the attackers
can leverage
these
weaknesses to
achieve their
goals.
Paper 12: A The lack of The The paper aims It provides a It does not
study of automation and architecture to provide an comprehensi provide a
metasploit standardization in and overview and ve and detailed
framework: the pen-testing components of analysis of updated evaluation or
A pen- process, which Metasploit Metasploit introduction comparison
testing tool. leads to Framework, Framework for to Metasploit of Metasploit
inefficiency, such as the security Framework, Framework's
inconsistency, and modules, professionals, one of the performance
human errors. payloads, ethical hackers, most widely or accuracy
The difficulty of exploits, researchers, used pen- with other
finding and encoders, post- students, and testing tools tools or
exploiting exploitation enthusiasts who in the world. frameworks.
vulnerabilities in activities, and are interested in It covers
complex and interfaces. learning about both the It does not
dynamic systems, The features pen-testing tools theoretical include any
such as web and and techniques. and practical empirical or
applications, cloud functionalities The paper also aspects of experimental
environments, and of Metasploit intends to Metasploit data or
mobile devices. Framework, highlight the Framework, results to
The limited such as the importance and with support its
coverage and ability to scan, challenges of examples

15
 accuracy of enumerate, pen-testing in and claims or
existing tools and exploit, and the current screenshots arguments.
frameworks, evade cybersecurity to illustrate
which may miss detection on landscape. its usage and It does not
some critical various capabilities. address some
vulnerabilities or platforms and It compares recent
generate false systems. Metasploit development
positives or The benefits Framework s or trends in
negatives. and limitations with other pen-testing
The ethical and of Metasploit pen-testing tools and
legal implications Framework, tools and techniques,
of conducting pen- such as its ease frameworks, such as
testing activities, of use, highlighting machine
such as obtaining extensibility, its strengths learning,
permission, reliability, and artificial
respecting privacy, performance. weaknesses. intelligence,
and avoiding or cloud-
collateral damage. based
solutions.
Paper 13: The paper The The paper's The paper The paper
Deemon: highlights several methodology application is addresses the does not
Detecting challenges and of the paper focused on the limitations provide a
CSRF with issues with involves the detection of of previous detailed
Dynamic previous development anti-CSRF technologies evaluation of
Analysis technologies used of an vulnerabilities in and proposes the
and in the context of application- web an effectiveness
Property dynamic security agnostic, applications. It automated of the
Graphs. testing. These automated aims to provide framework proposed
challenges include framework a comprehensive that framework in
the inability of called and reusable combines detecting a
unsupervised web Deemon. representation of different CSRF
scanners and static Deemon is application modelling vulnerabilitie
analysis designed to be functionality to approaches. s.
techniques to cope used by detect security- The The
with the developers and relevant state methodology scalability
complexity of security changes. By is and
modern web analysts during identifying the application- performance
application security relationships agnostic, of the
workflows and the testing. It between request making it framework in
lack of a proper addresses the parameters and applicable to large-scale
description of the challenges state transitions, various web applications
workflow, which mentioned the paper's applications. are not
hinders the earlier by approach can The paper extensively
scalability of static combining help in the provides a discussed.
approaches. aspects of the detection of a comprehensi The paper
Additionally, web CSRF ve does not
existing tools application, vulnerabilities representatio compare the
mainly operate in such as and the n of proposed
a black-box transitions development of application approach
manner and describing the testing functionality, with existing

16
 struggle to discern evolution of strategies. The allowing for techniques in
when a request internal states methodology of the detection terms of
changes the and data flow the paper can be of security- accuracy and
server-side state, information applied to relevant state efficiency.
making it difficult capturing the various web changes.
to detect security- propagation of applications to
relevant state data items enhance their
changes. across tiers and security.
states.

Paper 14: The paper The paper The paper aims It addresses It focuses on
Implementa discusses the follows the to provide a a real-world PHP
tion of a limitations of ADDIE practical and problem of language
Hands-on existing solutions instructional effective IDOR only, which
Attack and for finding and design model training program vulnerability may limit its
Defence Lab preventing IDOR to create a for IT students that is applicability
on Insecure vulnerabilities, web-based and common and to other web
Direct such as source hands-on professionals critical in technologies.
Object code analysis attack and who are web It does not
References. tools, Blackbox defence lab for responsible for applications. compare its
security scanners, IDOR software It follows a lab design
web application vulnerability. development, systematic with other
firewalls, and CTF The paper quality and rigorous existing CTF
challenges. conducts a assurance, instructional challenges or
The paper needs analysis, secure software design web
identifies the a student design, and model to application
challenges of analysis, a penetration create a security
detecting IDOR content testing. web-based courses in
vulnerabilities analysis, a The paper hands-on lab terms of
using automated structure intends to that covers effectiveness
tools, such as the analysis, an improve both attack or efficiency.
variability of online learners' and defence It does not
authorization environment awareness and aspects. provide a
patterns, the analysis, a skills in finding It evaluates detailed
difficulty of technical and fixing IDOR the prototype analysis or
predicting object analysis, and vulnerabilities of the lab discussion of
references, and the an assessment through hands- with relevant the
lack of proper criterion for on attack and pilot groups evaluation
access control the lab design. defence and results or
checks. The paper exercises. participants feedback
The paper also implements a The paper and from the
points out the vulnerable web contributes to incorporates participants.
issues of existing application the web their
CTF challenges using PHP and application feedbacks to
for IDOR MySQL with security improve the
vulnerability, such multiple IDOR education and lab
as the lack of vulnerabilities research by design⁸[8].
defensive as the target creating a novel It provides a
exercises, the need system for the IDOR lab that is publicly
for instructor lab exercises. integrated with accessible

17
 assistance, the The paper RangeForce and reusable
unavailability for develops the platform and lab that can
academic use, and lab exercises available as an be applied
the absence of using CTF open-source for different
IDOR exercises in approach, project. projects and
some cases. which include additional
both attacking exercises.
and defending It integrates
scenarios. The the lab with
paper also RangeForce
creates platform that
automated offers virtual
scripts to teaching
evaluate assistance
learners' and cloud-
solutions and based
provide accessibility.
feedback.
Paper 15: The paper reviews The paper The paper The paper The paper is
Social the previous adopts a provides an covers a mainly based
Engineering technologies used conceptual and integrative and wide range on
and Cyber in cybersecurity, theoretical structural of topics conceptual
Security. such as password approach to perspective to related to and
cracking, software analyse and understand how social theoretical
vulnerabilities discuss social social engineering analysis,
exploit, firewall, engineering engineering in without
and antivirus attacks from attacks work and cybersecurit empirical
software. different take effect, y, such as evidence or
The paper points perspectives. which can help the data to
out that these The paper researchers, definition, support or
technologies are proposes a practitioners, model, validate the
not effective conceptual and educators in mechanism, model and
against social model that the field of vulnerability, the concepts.
engineering describes how cybersecurity. method, and The paper
attacks, which social The paper offers scenario of does not
focus on engineering lots of materials social provide a
exploiting human attacks work for security engineering clear
vulnerabilities and take effect, awareness attacks. operationaliz
rather than based on three training and The paper ation or
technical core entities: future empirical integrates measurement
weaknesses. effect research, such as various of the effect
The paper also mechanism, the effect theories and mechanisms
identifies some human mechanisms, findings and human
challenges and vulnerability, human from vulnerabilitie
issues in studying and attack vulnerabilities, different s, which may
and defending method. attack methods, disciplines, limit their
against social The paper and scenarios of such as applicability
engineering analyses and social psychology, and
attacks, such as discusses 30+ engineering. sociology, testability in
the lack of a clear effect communicati

18
 definition, a mechanisms The paper also on, and empirical
comprehensive and 40+ suggests that the neuroscience research.
model, an human model can be , to explain The paper
empirical research vulnerabilities helpful to how social does not
method, and a in six aspects: develop a engineering discuss the
domain ontology persuasion, domain attacks work ethical issues
of social social ontology of and take or challenges
engineering. influence, social effect. involved in
cognition & engineering in The paper studying or
attitude & cybersecurity, provides defending
behaviour, which can many against social
trust & facilitate the examples engineering
deception, knowledge and cases to attacks, such
language & representation, illustrate the as the
thought & sharing, and application privacy,
decision, reasoning in this and consent, and
emotion & domain. implication harm of the
decision- of the model participants
making. and the or targets.
concepts in
real-world
situations.
Paper 16: A Constant The paper does The paper aims It covers a It lacks a
survey on upgrades: not explicitly to provide a wide range clear
Network penetration testers state its comprehensive of topics research
Penetration need to keep up methodology, overview of related to question,
Testing. with the latest but it seems to network network hypothesis,
technologies and follow a penetration penetration or objective
tools to perform literature testing for testing in a that guides
effective and review researchers, concise and its analysis
comprehensive approach practitioners, organized and
tests. students, and manner. discussion.
Time constraints: anyone It provides It does not
penetration testing interested in the clear provide a
can be a lengthy field of definitions, critical
and complex cybersecurity. explanations, evaluation or
process, The paper can examples, comparison
depending on the be used as a and of the
scope and reference or a diagrams to different
objectives of the guide for facilitate tools and
test. Testers need understanding understandin methods that
to balance the the basics, g.It cites it reviews.
depth and breadth benefits, relevant and It does not
of the test with the challenges, and reliable discuss the
available time and best practices of sources of ethical or
resources and network information legal
prioritize the most penetration to support its implications
critical testing. claims and of network
vulnerabilities and arguments. penetration
risks. testing.

19
Paper 17: The paper The paper The paper It proposes a It does not
SQL discusses the presents a claims that the novel and address some
Injection problems of SQL design of an proposed system comprehensi challenges
Attacks and injection attacks, automatic can effectively ve system and
Vulnerabilit which are a type vulnerability detect SQL for detecting limitations of
ies IoT. of code injection detection injection SQL the system,
technique that system for web vulnerabilities in injection such as the
exploits the applications, web applications vulnerabiliti scalability,
vulnerability of which uses a and provide es, which efficiency,
web applications combination of detailed integrates robustness,
and databases. static and information and both static and false
The paper dynamic suggestions for and dynamic positive rate
mentions that analysis fixing them. analysis of the
previous techniques. The paper techniques, system.
technologies for The paper demonstrates the and covers The paper
preventing SQL describes the application of various types also does not
injection attacks architecture the system by of SQL discuss some
include validating and testing it on injection ethical and
input and output components of several real- attacks. legal issues
data, using the system, world web The paper related to the
parameterized such as the applications, also provides system, such
queries, separating crawler, the such as DVWA, a clear and as the
data and access parser, the PetCo, Guess, detailed potential
roles, and analyser, the and Barracuda description misuse or
applying security injector, and Networks. of the abuse of the
patches. the reporter. The paper also system system by
The paper also The paper also compares the design and malicious
points out the explains the performance and implementati users or
limitations and algorithms and accuracy of the on, as well hackers.
drawbacks of processes of system with as a
these the system, other existing thorough
technologies, such such as the tools and evaluation
as the complexity extraction of methods, such and
of validation rules, SQL as comparison
the performance statements, the AppDetectivePr with other
overhead of identification o, AppSentry, approaches.
parameterized of injection Scuba, and
queries, the points, the manual testing.
difficulty of generation of
managing roles attack
and permissions, payloads, and
and the lack of the verification
timely updates. of attack
results.
Paper 18: Program analysis The Real-time The paper The paper
DIAVA: A techniques require introduction of monitoring of tackles a focuses
Traffic- access to the a multilevel network traffic substantial solely on
Based source code of regular for cloud-based and pertinent four weak
Framework web applications, expression web services, problem in encryption
for a resource often model capable enabling the realm of algorithms

20
Detection of unavailable for of effectively proactive web (MD5, SHA-
SQL cloud service filtering and warnings to application 1, SHA-256,
Injection providers. identifying tenants about security and SHA-
Attacks and WAF techniques SQL injection successful SQL within cloud 512) for
Vulnerabilit primarily focus on attacks within injection attacks computing. dictionary
y Analysis of blocking network and data leaks. It presents attack
Leaked potentially traffic. Robustness an analysis,
Data suspicious SQL A novel testing for newly innovative potentially
requests but lack bidirectional deployed web and overlooking
the ability to network traffic applications on comprehensi other
accurately analysis the cloud, ve encryption
determine the method, facilitating the framework methods
success or severity proficient at identification for the employed by
of an attack, capturing and resolution of detection web
especially when it successful vulnerabilities and applications.
comes to SQL injection prior to service evaluation of It lacks a
evaluating the attacks and launch. SQL formal
potential harm extracting any injection evaluation of
caused. leaked data attacks, the
Both techniques found within leveraging framework's
predominantly database network performance
involve responses. traffic and accuracy
unidirectional The analysis for using real-
analysis of SQL development improved world
requests, of a GPU- efficiency datasets or
disregarding the based and accuracy benchmarks,
bidirectional dictionary compared to potentially
analysis that attack analysis traditional limiting its
encompasses both approach, methods. generalizabili
SQL requests and optimized for ty and
database the rapid validity.
responses, which decryption of
can yield crucial leaked
insights into the ciphertexts
nature of an attack while
and the data that evaluating
may have been their
compromised. vulnerability
based on
decryption
complexity.
Paper 19: The paper reviews The paper The paper offers The paper The paper's
Social previous introduces a an integrated extensively length and
Engineering technologies conceptual and structural covers a density may
in employed in the model that perspective on wide array potentially
Cybersecuri field of elucidates how comprehending of topics hinder its
ty: Effect cybersecurity, social the workings pertaining to readability
Mechanisms including engineering and impact of social and
, Human password attacks operate social engineering accessibility
Vulnerabilit cracking, software and exert engineering in for some

21
ies and vulnerability influence, with attacks, serving cybersecurit readers.
Attack exploitation, a foundation in as a valuable y, It relies
Methods firewall three core resource for encompassin relatively
implementation, components: researchers, g less on
and antivirus effect practitioners, psychology, empirical
software. mechanisms, and educators in sociology, evidence or
The paper human the communicati data to
identifies several vulnerability, cybersecurity on, substantiate
challenges and and attack field, aiding in cognition, its claims and
issues associated methods. the development and arguments,
with these It delves into of more behaviour. which could
technologies, an analysis and effective It delivers a impact the
including their discussion of countermeasures comprehensi paper's
limited effect and prevention ve and validity and
effectiveness in mechanisms strategies. systematic reliability.
defending against spanning six It provides analysis of The paper
social engineering facets: substantial effect does not
attacks that persuasion, material for mechanisms extensively
capitalize on social security and human delve into the
human influence, awareness vulnerabiliti ethical
vulnerabilities. cognition, training and lays es related to implications
The necessity for attitude and the groundwork social or challenges
deep technical behavior, trust for future engineering associated
knowledge and and deception, empirical attacks, with social
coding skills to language, research through enhancing engineering
combat thought and its exploration the in
sophisticated decision, of effect understandin cybersecurity
attackers. emotion, and mechanisms, g of this , potentially
Potential decision- human phenomenon overlooking
incompatibility making. vulnerabilities, . significant
with emerging Additionally, attack scenarios, Numerous aspects of
technologies and the paper and methods. examples this issue.
cyber conducts an The paper can and case
environments such analysis and be instrumental studies are
as social discussion of in developing a employed to
networks, mobile human domain illustrate
communication, vulnerabilities ontology of how social
industrial internet, across six social engineering
and the Internet of dimensions: engineering attacks
Things (IoT). cognition and within the operate and
knowledge, cybersecurity exert
behaviour and realm, influence in
habit, emotions enhancing various
and feelings, knowledge contexts and
human nature, representation situations,
personality and reasoning in increasing
traits, and this domain. the practical
individual relevance of
characteristics. the paper.

22
Paper 20: Health campaigns The paper The paper aims Utilizes a May not
Social necessitate utilizes a to provide a rigorous and include all
Engineering adequate systematic comprehensive systematic relevant
Attacks education for literature and critical method to papers due to
Prevention: effectiveness, with review based review of the review search
A no clear measure on Bryman & existing literature on criteria and
Systematic of success. Bell's literature literature on the a relevant database
Literature Ethical standards review prevention of and timely limitations.
Review may exhibit method. social topic. May not
variability It follows three engineering Encompasse capture the
depending on phases of attacks. s a wide latest
context and the systematic It intends to range of development
actors involved in literature recommend sources from s and trends
social engineering review: strategies to different in social
penetration planning, prevent social databases, engineering
testing. conducting, engineering disciplines, attacks and
Human-as- and reporting. attacks based on and prevention
security-sensor In the planning an analysis of perspectives. techniques.
frameworks phase, the the advantages Identifies May not
require guidance paper defines and limitations gaps and provide
to explore the the research of previous challenges in empirical
potential of super- question, the methods, current evidence or
recognizers and search process, models, and research and practical
policing for the paper frameworks. suggests examples to
system security. selection The paper can directions support or
User-centric criteria, and be a valuable for future illustrate the
frameworks the paper resource for research. findings.
necessitate assessment researchers,
empirical testing matrix. practitioners,
of factors and During the educators, and
dimensions conducting policy makers
affecting user phase, the interested in
awareness and paper searches enhancing the
behaviour. for papers security and
User vulnerability using four privacy of
models face digital information
limitations due to databases systems and
ethical (Elsevier, networks.
considerations, IEEE,
scenario-based Springer, and
experiments, and Willey) with a
academic search string
community related to the
samples. keyword
"Prevention
Social
Engineering
Attacks."
Paper 21: The paper The paper The paper The paper The paper
Toward an discusses the proposes a demonstrates the presents a does not

23
SDN-Based limitations of conceptual feasibility and clear provide a
Web traditional security design of an potential of motivation formal
Application solutions for web SDN-based using SDN as a and security
Firewall: applications, such WAF that WAF to defend contribution analysis or
Defending as web application consists of four against web for proof of
against SQL firewalls (WAFs), stages: attacks, implementin correctness
Injection which may require reception, especially SQL g an SDN- for the
Attacks expensive processing, injection attacks, based WAF proposed
hardware and inspection, and without relying to mitigate solution.
software, lack containment. on third-party web attacks. The paper
centralized control The paper applications or The paper does not
and visibility, and implements hardware. provides a consider
be vulnerable to two modules The paper detailed other types of
evasion for the provides a novel description web attacks
techniques by inspection contribution to of the besides SQL
attackers. stage, one the field of SDN conceptual injection or
The paper also based on security by design and other
reviews the signatures, and addressing the implementati methods for
existing research one based on specific on stages of detecting
on using software- regular challenges and the SDN- application-
defined expressions, to requirements of based WAF. level attacks
networking (SDN) detect SQL web application The paper besides
for security injection security in an conducts a signatures
purposes, which attacks in web SDN comprehensi and regular
mainly focuses on traffic. environment. ve expressions.
network-level The paper The paper also evaluation The paper
attacks, such as evaluates the suggests future and does not
DDoS and performance of research comparison address the
malware, rather the SDN-based directions for of the SDN- scalability
than application- WAF in terms enhancing the based WAF issues or
level attacks, such of TCP ACK reliability, with a controller
as SQL injection latency and scalability, and traditional vulnerabilitie
and XSS. CPU usage robustness of the WAF using s that may
The paper overhead and SDN-based real-world arise in larger
identifies the gap compares it WAF and traffic and or more
in the literature on with a exploring other scenarios. complex
implementing an traditional solutions for networks.
SDN-based WAF WAF mitigating web
to mitigate web (ModSecurity) attacks using
attacks and the using a virtual SDN.
challenges of lab setup.
designing and
evaluating such a
solution.
Paper 22: A High cost or The paper The paper aims The paper The paper
Novel database proposes five to enhance the addresses a does not
Approach specificity of new Snort security of web relevant and provide a
for some solutions. rules to detect applications and prevalent comprehensi
Detecting Inability of Snort different types databases problem of ve literature
SQL to detect all types of SQLIA, against SQLIA SQLIA that review or

24
Injection of SQLIA, taking into by improving affects many comparison
Attacks especially blind account the the detection web with other
Using Snort SQLIA, timing variations of ability and range applications related works
attacks, generic keywords, of Snort, a and on SQLIA
UNION queries, spacing, widely used databases. detection and
and logically hexadecimal open-source The paper prevention.•
incorrect queries. encoding, and intrusion proposes The
False positives comments in detection and simple and paper does
and false the queries. prevention effective not explain
negatives The paper tests system. Snort rules how the self-
generated by some the proposed The paper that can made dataset
Snort rules. rules on a self- provides a detect was
Hexadecimal and constructed scalable, cost- various types constructed
comment fillers in dataset of 110 effective, and of SQLIA, or how
SQL queries that SQL injected database- including representativ
can evade websites and independent some that e it is of real-
signature 53 normal solution for are not world SQLIA
detection. websites using detecting detected by scenarios.
WebGoat as a SQLIA using existing The paper
vulnerable signature-based rules. does not
server. methods. The paper consider
The paper The paper demonstrates other evasion
evaluates the contributes to the good techniques or
performance of the research on performance attack
the proposed web security and of the vectors that
rules by intrusion proposed may bypass
calculating the detection by rules in the proposed
precision and proposing novel terms of rules, such as
recall rates for and robust Snort precision obfuscation,
each rule and rules that cover and recall encoding, or
comparing a wider rates using a out-of-band
them with spectrum of self-made methods.
existing rules. SQLIA. dataset and
WebGoat.

EXISTING METHODOLOGY:

Attackers and defenders team penetration testing involve a variety of tactics and techniques.

Phishing Attacks: Sending deceptive emails to trick employees into revealing sensitive
information or clicking on malicious links.

Social Engineering: Manipulating individuals into divulging confidential information through

techniques like pretexting, baiting, or tailgating.

25
SQL Injection: Exploiting vulnerabilities in web applications to gain unauthorized access to
databases.

Intrusion Detection Systems (IDS): Monitoring network traffic and system logs to detect and
respond to suspicious activities.

Access Controls: Implementing proper access controls and authentication mechanisms ensures
that only authorized.

Firewall Mechanism: firewall is a network security device or software that acts as a barrier
between a trusted internal network and untrusted external networks, such as the internet. Its
primary purpose is to monitor and control incoming and outgoing network traffic based on
predetermined security rules.

PROPOSED SYSTEM:

DoS Attack using Slowloris & LOIC:

A denial-of-service (DoS) attack is an attempt to make a computer resource unavailable to its

intended users. Slowloris is a type of DoS attack that uses many small HTTP requests to
overwhelm the target server.

In this case, the attackers used Slowloris to send many HTTP GET requests to the target server.
The GET requests were very slow, so they took up a lot of the server's resources. As a result,
the server was unable to respond to legitimate requests from other users.

Wireshark:

Wireshark is a network protocol analyser, or an application that captures packets from a

network connection, such as from your computer to your home office or the internet. Packet is
the name given to a discrete unit of data in a typical Ethernet network.

MITM Attack using Ettercap:

A man-in-the-middle (MITM) attack is a type of attack in which the attacker intercepts and
modifies communication between two parties. Ettercap is a tool that can be used to carry out
MITM attacks.

26
In this case, the attackers used Ettercap to intercept traffic between the target server and its
clients. They were then able to read the traffic and modify it. For example, they could have
injected malicious code into the traffic.

XArp:

XArp is a tool that can be used to detect MITM attacks. It does this by monitoring for ARP
spoofing attacks. ARP spoofing is a type of attack in which the attacker sends fake ARP packets
to trick the network into thinking that they are the target server.

In this case, XArp was able to detect the MITM attack because it saw that the attackers were
sending fake ARP packets.

OVERVIEW:

DoS Attack and Detection:

Slowloris Attack: Slowloris is a type of DoS attack that aims to keep many connections to a
targeted web server open and hold them open as long as possible, causing the server to exhaust
its resources. It operates by sending partial HTTP requests and keeping them incomplete.
Detection mechanisms for Slowloris typically involve monitoring the number of open
connections from a single IP address and monitoring the rate of requests to identify unusual
traffic patterns.

LOIC DoS Attack: Loic is a free, open-source stress testing tool that can be used to generate
large amounts of network traffic to a targeted server or website. It can be used to test the
performance of a server or website under load, or to launch a denial-of-service (DoS) attack.
Loic can generate a variety of different types of traffic, including HTTP, HTTPS, and ICMP
traffic.

Wireshark Detection: Wireshark is a network protocol analyser, or an application that captures

packets from a network connection, such as from your computer to your home office or the
internet. Packet is the name given to a discrete unit of data in a typical Ethernet network.

Man-in-the-Middle Attack and Detection:

Ettercap Attack: Ettercap is a popular tool for performing Man-in-the-Middle attacks. It allows
an attacker to intercept, capture, and modify communication between two parties without their

27
knowledge. It can be used to eavesdrop on sensitive data or even inject malicious content into
the communication stream.

XArp Detection: XArp is a network security tool designed to detect ARP (Address Resolution
Protocol) spoofing, which is a common technique used in Man-in-the-Middle attacks. ARP
spoofing involves manipulating the ARP cache to redirect traffic through the attacker's
machine. XArp monitors ARP traffic on the network and can identify anomalies or suspicious
ARP activity, helping to detect and mitigate Man-in-the-Middle attacks.

SYSTEM ARCHITECTURE:

Figure 1.1 DoS Attack & Detection using Slowloris, LOIC, Wireshark tools

Figure 1.2 Man in the Middle Attack using Ettercap & Defence using XARP tools

28
FUNCTIONAL ARCHITECTURE:

Figure 2.1 Functional Architecture of DoS Attack

Figure 2.2 Functional Architecture of DoS Defense

29
MODULAR DESIGN:

Figure 3.1 Modular Architecture of MITM (ARP poisoning) Attack

INNOVATIVE IDEA IN OUR PROJECT:

DoS Attack and Detection: Slowloris Attack: Slowloris is a kind of DoS attack that seeks to
maintain a large number of open connections to a targeted web server for as long as feasible in
order to deplete the host's resources. It sends and retains unfinished HTTP requests in order to
function. Slowloris detection methods usually entail counting open connections from a single
IP address and tracking request rate to spot anomalous traffic patterns.

The open-source packet sniffer tool known as Wireshark is capable of identifying a wide range
of network-based assaults, including denial-of-service (DoS) attacks such as LOIC. It can
generate alerts or stop traffic by using specified rules and heuristics to detect problematic traffic
patterns.

30
SOFTWARE DETAILS AND SCREENSHOTS:

Slowloris:

Slowloris is a free and Open-source tool available on GitHub. With this tool, we can do a denial
of service attack. It is a framework written in Python. This tool allows one machine to hijack
another machine's web server, and it uses perfectly legal HTTP traffic. Slowloris can be used
to perform DDoS attacks on any web server. It establishes a full TCP connection and then
requires only a few hundred requests over a long period of time at regular intervals. As a result,
the tool does not need to spend a lot of traffic to use the available connections on the server.
The program was named after slow lorises, a group of primates which are known for their slow
movement.

Figure 4.1 Image depicting DoS Attack on Apache2 using Slowloris tool

Figure 4.2 Image depicting creation of sockets and website loads for more time

31
LOIC:

Loic is an Open-source tool. It has a graphical user interface that allows users to specify the
target server or website, the type of attack to launch, and the number of threads to use. Loic
can generate a variety of different types of traffic, including HTTP, HTTPS, and ICMP traffic.

Figure 4.3 Image depicting DoS attack on Gruyere website using LOIC tool

Figure 4.4 Image depicting Gruyere website is loading for more time

Ettercap:

Ettercap is a free and open-source network security tool for man-in-the-middle attacks on a
LAN. It can be used for computer network protocol analysis and security auditing. It runs on
various Unix-like operating systems including Linux, Mac OS X, BSD, and Solaris, and on

32
Microsoft Windows. It is capable of intercepting traffic on a network segment, capturing
passwords, and conducting active eavesdropping against several common protocols. Its
original developers later founded Hacking Team.

Figure 4.5 Enabling the Ettercap tool for MITM attack in Kali Linux

Figure 4.6 Starting sniffing by adding the targets

33
 Figure 4.7 Sniffing is stopped

Figure 4.8 Pinging the target IP address in cmd

Wireshark:

Wireshark is a network protocol analyser, or an application that captures packets from a

network connection, such as from your computer to your home office or the internet. Packet is
the name given to a discrete unit of data in a typical Ethernet network. Wireshark is the most
often-used packet sniffer in the world.

34
 Figure 4.9 Flooding IP address 192.168.34.178

Figure 4.10 DoS attack in progress on IP address 192.168.34.174 (Attacker machine)

Figure 4.11 Detecting DoS using Wireshark tool (Victim machine)

35
XArp:

XArp is a network security tool designed to detect and defend against ARP (Address Resolution
Protocol) spoofing attacks. ARP spoofing, also known as ARP poisoning, is a type of attack
where an attacker manipulates the ARP cache of devices on a local network to intercept,
modify, or redirect network traffic. XArp is designed to help protect against this type of attack.

Figure 4.12 Detecting MITM attack using Xarp tool

Figure 4.13 Details of attacks

36
SAMPLE CODE:

Slowloris:

Cmd-1:

 Sudo apt-get update

 Sudo apt install git
 git clone https://github.com/gkbrk/slowloris.get
 ls
 cd slowloris
 ls

Cmd-2:

 sudo apt install apache2

 sudo systemctl status apache2
 service apache2 start
 sudo apt install net-tools
 ifconfig

Cmd-1:

 cd slowloris
 ls
 python3 slowloris.py -s 500 -p 80 10.0.2.15 (loads to open)
 python3 slowloris.py -s 1000 -p 80 10.0.2.15 (more loading time)
 python3 slowloris.py -s 10000 -p 80 10.0.2.15 (unable to connect to 10.0.2.15)

Ettercap:

Kali Linux (inbuilt):

 sudo ettercap -G

37
CONCLUSION AND FUTURE WORK:

Attackers Team:

Findings and Vulnerabilities: Summarize the vulnerabilities discovered, including their

severity and potential impact. This should cover weaknesses in systems, networks, or
applications. Present a breakdown of how these vulnerabilities could be exploited.

Successes and Failures: Highlight successful breaches or compromised areas to emphasize

the weaknesses found. Acknowledge any areas where penetration testing did not yield expected
results or faced challenges.

Recommendations for Mitigation: Provide suggestions for mitigating the identified

vulnerabilities. These recommendations should be specific, actionable, and prioritized based
on the severity of the risks discovered during the testing.

Lessons Learned: Discuss any new techniques, tools, or methodologies discovered during the
testing process. Mention what worked well and areas that need improvement for future testing.

Defenders Team:

Vulnerability Response Plan: Outline a clear plan on how the defenders should respond to the
identified vulnerabilities. This includes patching, network segmentation, access controls, or
any other measures to mitigate risk.

Improvements and Best Practices: Suggest improvements to existing security measures, best
practices, and proactive strategies that can help defend against similar attacks in the future.

Training and Awareness: Stress the importance of continuous security training and awareness
programs for employees. Strong defences often depend on educated and aware staff who can
identify potential threats.

Post-Testing Measures: Discuss post-testing measures such as further monitoring, retesting,

or reassessing the system to ensure that implemented changes are effective.

Future Works:

Threat Intelligence Integration: Suggest integrating threat intelligence mechanisms to keep

up to date with the latest attack vectors and patterns.

38
Automation and Advanced Technologies: Explore the potential of automation tools and more
advanced technologies for both attacking and defending purposes.

Regulatory Compliance and Standards: Highlight the importance of adhering to industry

standards and regulatory compliance, suggesting continuous alignment with
evolving standards.

By incorporating these recommendations and future works, both the Attackers and Defenders
teams can establish a robust security posture, continually improving their resilience against
potential cyber threats.

REFERENCES:

[1] Nagpal, B., Chauhan, N., & Singh, N. (2017). SECSIX: security engine for CSRF, SQL
injection and XSS attacks. International Journal of System Assurance Engineering and
Management, 8, 631-644.

[2] Al-Ahmad, A. S., Kahtan, H., Hujainah, F., & Jalab, H. A. (2019). Systematic literature
review on penetration testing for mobile cloud computing applications. IEEE Access, 7,
173524-173540.

[3] Al-khateeb, S., & Agarwal, N. (2020). Social cyber forensics: leveraging open source
information and social network analysis to advance cyber security informatics. Computational
and Mathematical Organization Theory, 26, 412-430.

[4] Li, Q., Li, W., Wang, J., & Cheng, M. (2019). A SQL injection detection method based on
adaptive deep forest. IEEE Access, 7, 145385-145394.

[5] Fischer, M., Langer, F., Mono, J., Nasenberg, C., & Albartus, N. (2020). Hardware
penetration testing knocks your SoCs off. IEEE Design & Test, 38(1), 14-21.

[6] Pannu, G. K. (2014). A survey on web application attacks. IJCSIT) International Journal
of Computer Science and.

[7] Eshete, B., Villafiorita, A., & Weldemariam, K. (2011, August). Early detection of security
misconfiguration vulnerabilities in web applications. In 2011 Sixth International Conference
on Availability, Reliability and Security (pp. 169-174). IEEE.

39
[8] Hassan, M. M., Nipa, S. S., Akter, M., Haque, R., Deepa, F. N., Rahman, M., ... & Sharif,
M. H. (2018). Broken authentication and session management vulnerability: a case study of
web application. Int. J. Simul. Syst. Sci. Technol, 19(2), 1-11.

[9] Krombholz, K., Hobel, H., Huber, M., & Weippl, E. (2015). Advanced social engineering
attacks. Journal of Information Security and applications, 22, 113-122.

[10] Mainka, C., Mladenov, V., Guenther, T., & Schwenk, J. (2015). Automatic recognition,
processing and attacking of single sign-on protocols with burp suite. Open Identity Summit
2015.

[11] Lin, X., Zavarsky, P., Ruhl, R., & Lindskog, D. (2009, August). Threat modeling for CSRF
attacks. In 2009 International Conference on Computational Science and Engineering (Vol. 3,
pp. 486-491). IEEE.

[12] Raj, S., & Walia, N. K. (2020, July). A study on metasploit framework: A pen-testing tool.
In 2020 International Conference on Computational Performance Evaluation (ComPE) (pp.
296-302). IEEE.

[13] Pellegrino, G., Johns, M., Koch, S., Backes, M., & Rossow, C. (2017, October). Deemon:
Detecting CSRF with dynamic analysis and property graphs. In Proceedings of the 2017 ACM
SIGSAC Conference on Computer and Communications Security (pp. 1757-1771).

[14] Demesa, E. G. (2018). Implementation of a Hands-on Attack and Defence Lab on Insecure
Direct Object References.

[15] Breda, F., Barbosa, H., & Morais, T. (2017). Social engineering and cyber security.
In INTED2017 Proceedings (pp. 4204-4211). IATED.

[16] Jayasuryapal, G., Pranay, P. M., & Kaur, H. (2021, April). A survey on network penetration
testing. In 2021 2nd International Conference on Intelligent Engineering and Management
(ICIEM) (pp. 373-378). IEEE.

[17] Jacob, I., & Pirnau, M. (2020). SQL INJECTION ATTACKS AND VULNERABILITIES.
Journal of Information Systems & Operations Management, 68-81.

[18] Gu, H., Zhang, J., Liu, T., Hu, M., Zhou, J., Wei, T., & Chen, M. (2019). DIAVA: a traffic-
based framework for detection of SQL injection attacks and vulnerability analysis of leaked
data. IEEE Transactions on Reliability, 69(1), 188-202.

40
[19] Wang, Z., Zhu, H., & Sun, L. (2021). Social engineering in cybersecurity: Effect
mechanisms, human vulnerabilities, and attack methods. IEEE Access, 9, 11895-11910.

[20] Syafitri, W., Shukur, Z., Asma’Mokhtar, U., Sulaiman, R., & Ibrahim, M. A. (2022). Social
engineering attacks prevention: A systematic literature review. IEEE Access, 10, 39325-39343.

[21] Alotaibi, F. M., & Vassilakis, V. G. (2023). Toward an SDN-Based Web Application
Firewall: Defending against SQL Injection Attacks. Future Internet, 15(5), 170.

[22] Gupta, A., & Sharma, L. S. (2022). A novel approach for detecting sql injection attacks
using snort. Journal of The Institution of Engineers (India): Series B, 103(5), 1443-1451.

41