Scribd
Upload
127 views

HW3 YourFullName

This document outlines an assignment involving modifying and attacking a SimpleWebServer application. It contains 5 questions: [1] discussing types of attacks from a client that never disconnects, [2] modifying the server to allow file uploads and logging, [3] imposing a maximum file size limit, [4] attacking to deface the homepage and remove logs, and [5] disabling the file size check on restart. The assignment requires submitting source code and screenshots.

Uploaded by

Jai C How Dare
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
127 views

HW3 YourFullName

This document outlines an assignment involving modifying and attacking a SimpleWebServer application. It contains 5 questions: [1] discussing types of attacks from a client that never disconnects, [2] modifying the server to allow file uploads and logging, [3] imposing a maximum file size limit, [4] attacking to deface the homepage and remove logs, and [5] disabling the file size check on restart. The assignment requires submitting source code and screenshots.

Uploaded by

Jai C How Dare
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 2

Assignment #3

Turn in your work as a single zip file.

1. What if a client connects to SimpleWebServer, but never sends any data and never
disconnects? What type of attack would such a client be able to conduct? (15 points)

2. Modify SimpleWebServer.java to allow the client to upload files through a PUT command
(e.g., PUT <destination_path> <file_content>) and save all client requests into a log file.
Also modify SimpleWebClient.java to allow the user to upload a given file to the destination
path on the server. The sample methods for text file storage and logging are given below.
You may update storeFile to deal with binary files if needed. (25 points)

public void storeFile(BufferedReader br, OutputStreamWriter osw, String


pathname) throws Exception {
FileWriter fw = null;
Scanner sc = new Scanner(br);
try {
fw = new FileWriter(pathname);
String s = sc.nextLine();
while(!s.isEmpty() && s != null) {
fw.write(s+"\n");
s = sc.nextLine();
}
fw.close();
sc.close();
osw.write("HTP/1.0 201 Created");
} catch(Exception e) {
osw.write("HTTP/1.0 500 Internal Server Error");
}
}

public void logEntry(String filename, String record){


FileWriter fw = new FileWriter(filename, true);
fw.write((new Date()).toString()+” ”+record);
fw.close();
}

3. Rewrite the serveFile method such that it imposes a maximum file size limit. If a user
attempts to download a file that is larger than the maximum allowed size, write a log entry to
a file called error_log.txt and return a “403 Forbidden” HTTP response code. (20 points).

4. Describe and implement: (a) an attack that defaces the index.html homepage, and (b) an
attack that removes the log data. Attach screenshots of your attacks. (20 points)

5. Suppose you are the attacker who has got hold of the complied SimpleWebServer.class.
Describe an attack such that, after SimpleWebServer is re-started (e.g., because of an
exception by another attack), the functionality in (3) is disabled. (20 points)

Notes: attach a copy of your source code and screenshots of program execution. If you choose to
use a different language (e.g., C++), it is your responsibility to translate the given code correctly.

You might also like