1
00:00:01,100 --> 00:00:10,490
‫So logout is another important function in applications as a login mechanism log out, you should also

2
00:00:10,490 --> 00:00:11,570
‫be done securely.

3
00:00:12,450 --> 00:00:15,690
‫But sometimes the application doesn't log out the user properly.

4
00:00:16,770 --> 00:00:20,160
‫And of course, this causes some serious privacy problems.

5
00:00:21,300 --> 00:00:25,060
‫There may be hundreds of ways to implement such an insecure logout function.

6
00:00:25,500 --> 00:00:28,740
‫So let's just have a look at one of them from BW.

7
00:00:29,650 --> 00:00:31,780
‫OK, so go to Caleigh and log in to be Web.

8
00:00:32,890 --> 00:00:39,340
‫And from the drop down menu above opened the logout management under broken authentication.

9
00:00:41,190 --> 00:00:45,960
‫OK, so this is a sample authenticated page, and the default level is low.

10
00:00:46,950 --> 00:00:53,430
‫Now view the page source to get some interesting information if, of course, the source has it.

11
00:00:54,360 --> 00:00:56,120
‫And there's nothing here.

12
00:00:58,000 --> 00:01:04,510
‫So when the link is clicked, JavaScript confirmation dialogue will appear and then the location will

13
00:01:04,510 --> 00:01:07,150
‫redirect us to a new page.

14
00:01:07,570 --> 00:01:10,900
‫B.A. underscore logout, underscore one.

15
00:01:12,090 --> 00:01:13,890
‫OK, so now open berp.

16
00:01:15,070 --> 00:01:16,990
‫And activate interception.

17
00:01:19,760 --> 00:01:22,470
‫I'm going to rearrange my brother here for a better view.

18
00:01:23,550 --> 00:01:27,630
‫All right, enabling foxy proxy to send traffic to burb.

19
00:01:28,520 --> 00:01:31,340
‫And now I'm going to click here to logout.

20
00:01:31,370 --> 00:01:31,940
‫OK?

21
00:01:32,990 --> 00:01:35,210
‫And burb capture the lock out request.

22
00:01:36,120 --> 00:01:37,710
‫So let's forward the request.

23
00:01:38,970 --> 00:01:47,340
‫And we get a three oh two redirection response, hmm, so it redirects us to another page with a location

24
00:01:47,340 --> 00:01:47,670
‫header.

25
00:01:48,840 --> 00:01:50,370
‫What is it, log in.

26
00:01:52,080 --> 00:01:54,240
‫So that means that the application log out.

27
00:01:55,270 --> 00:01:59,350
‫Sends us to the login page, doesn't log is out.

28
00:02:00,830 --> 00:02:04,550
‫So this is a general logout mechanism example.

29
00:02:06,180 --> 00:02:09,080
‫And I'm going to forward the next messages as well.

30
00:02:11,200 --> 00:02:12,370
‫And I logged out.

31
00:02:14,720 --> 00:02:19,910
‫So the login page opened in the browser, but do we really log out?

32
00:02:20,680 --> 00:02:24,710
‫OK, so now move on to the back button in the toolbar, right?

33
00:02:24,710 --> 00:02:25,190
‫Click.

34
00:02:26,120 --> 00:02:29,780
‫And you will see pages that we've previously visited and cashed.

35
00:02:31,040 --> 00:02:35,330
‫As you can see, the authenticated page that we visited is right there.

36
00:02:36,250 --> 00:02:43,230
‫So if we go back, the page will be displayed and I forgot the purpose interception mode.

37
00:02:43,480 --> 00:02:44,530
‫So go forward.

38
00:02:46,190 --> 00:02:50,600
‫Disable interception, disable foxe proxy also.

39
00:02:52,130 --> 00:02:56,510
‫And open the page again, as we think it should.

40
00:02:56,540 --> 00:02:58,640
‫So now let's visit some other pages.

41
00:03:00,310 --> 00:03:02,710
‫And as you can see, we're still logged in.

42
00:03:04,080 --> 00:03:08,410
‫So even for the medium and high level, the application really blog out the user.

43
00:03:10,540 --> 00:03:12,580
‫But there are a few differences in the code.

44
00:03:13,330 --> 00:03:14,650
‫So now select medium.

45
00:03:16,340 --> 00:03:21,410
‫And I'm going to click here to log out, OK, so I logged out.

46
00:03:22,630 --> 00:03:25,330
‫But when I pressed the back, but nothing happens.

47
00:03:26,690 --> 00:03:29,330
‫This means that the application did indeed Lagny out.

48
00:03:30,770 --> 00:03:33,470
‫And the same thing happens when I choose the high level.

49
00:03:34,100 --> 00:03:38,360
‫OK, so let's let's go to the code and have a look, see what's happening.

50
00:03:39,640 --> 00:03:45,520
‫Now, I previously downloaded the VoIP application of Cali because sometimes I want to show you the

51
00:03:45,520 --> 00:03:51,070
‫code as well, so I'm going to open the underscore logout, underscore one.

52
00:03:52,070 --> 00:03:56,630
‫And scroll down to see the actual section of logout.

53
00:03:58,360 --> 00:04:04,540
‫I yeah, so it works based on the cookie levels, if the level is low, it does nothing and that's why

54
00:04:04,540 --> 00:04:06,810
‫we can see the page by pressing the back button.

55
00:04:08,160 --> 00:04:11,430
‫And if the level is medium, it just destroys the session.

56
00:04:13,100 --> 00:04:15,410
‫Now, for locking out, it may be enough.

57
00:04:16,350 --> 00:04:23,280
‫But it isn't really secure, is it, because the session related values are still present in the session

58
00:04:23,280 --> 00:04:24,720
‫variable in memory.

59
00:04:26,820 --> 00:04:31,440
‫So this variable also needs to be assigned a null or empty value.

60
00:04:32,590 --> 00:04:36,610
‫And that is done in the high level, as you can see here.

61
00:04:37,600 --> 00:04:42,340
‫So this bug is directly caused by an insecure logout mechanism.

62
00:04:43,590 --> 00:04:45,780
‫But we'll be talking about session problems in the next.

63
00:04:47,130 --> 00:04:49,800
‫I want to go on with a couple of other problems.