Section(B)

Secure Socket Layer (SSL)

provides security to the data that is transferred between web
browser and server. SSL encrypts the link between a web server and
a browser which ensures that all data passed between them remain
private and free from attack.
Secure Socket Layer Protocols:
 SSL record protocol
 Handshake protocol
 Change-cipher spec protocol
 Alert protocol
SSL Protocol Stack:

SSL Record Protocol:

SSL Record provides two services to SSL connection.
 Confidentiality
 Message Integrity
In the SSL Record Protocol application data is divided into
fragments. The
fragment is compressed and then encrypted MAC (Message
Authentication Code) generated by algorithms like SHA (Secure
Hash Protocol) and MD5 (Message Digest) is appended. After that
encryption of the data is done and in last SSL header is appended to
the data

.
Handshake Protocol:
Handshake Protocol is used to establish sessions. This protocol allows the
client and server to authenticate each other by sending a series of messages to
each other. Handshake protocol uses four phases to complete its cycle.
 Phase-1: In Phase-1 both Client and Server send hello-packets to each
other. In this IP session, cipher suite and protocol version are exchanged
for security purposes.
 Phase-2: Server sends his certificate and Server-key-exchange. The
server end phase-2 by sending the Server-hello-end packet.
 Phase-3: In this phase, Client replies to the server by sending his
certificate and Client-exchange-key.
 Phase-4: In Phase-4 Change-cipher suite occurs and after this the
Handshake Protocol ends.
Alert Protocol:
This protocol is used to convey SSL-related alerts to the peer entity.
Each message in this protocol contains 2 bytes.

The
level is further classified into two parts:

Warning (level = 1):

This Alert has no impact on the connection between sender and
receiver. Some of them are:
Bad certificate: When the received certificate is corrupt.
No certificate: When an appropriate certificate is not available.
Certificate expired: When a certificate has expired.
Certificate unknown: When some other unspecified issue arose in
processing the certificate, rendering it unacceptable.
Close notify: It notifies that the sender will no longer send any
messages in the connection.
Unsupported certificate: The type of certificate received is not
supported.
Certificate revoked: The certificate received is in revocation list.

Fatal Error (level = 2):

This Alert breaks the connection between sender and receiver. The
connection will be stopped, cannot be resumed but can be restarted.
Some of them are :
Handshake failure: When the sender is unable to negotiate an
acceptable set of security parameters given the options available.
Decompression failure: When the decompression function receives
improper input.
Illegal parameters: When a field is out of range or inconsistent with
other fields.
Bad record MAC: When an incorrect MAC was received.
Unexpected message: When an inappropriate message is
received.
The second byte in the Alert protocol describes the error.
Salient Features of Secure Socket Layer:
 The advantage of this approach is that the service can be tailored
to the specific needs of the given application.
 Secure Socket Layer was originated by Netscape.
 SSL is designed to make use of TCP to provide reliable end-to-
end secure service.
 This is a two-layered protocol.
Versions of SSL:
SSL 1 – Never released due to high insecurity.
SSL 2 – Released in 1995.
SSL 3 – Released in 1996.
TLS 1.0 – Released in 1999.
TLS 1.1 – Released in 2006.
TLS 1.2 – Released in 2008.
TLS 1.3 – Released in 2018.

SSL (Secure Sockets Layer) certificate is a digital certificate used to

secure and verify the identity of a website or an online service. The
certificate is issued by a trusted third-party called a Certificate
Authority (CA), who verifies the identity of the website or service
before issuing the certificate.
The SSL certificate has several important characteristics that make it
a reliable solution for securing online transactions:
1. Encryption: The SSL certificate uses encryption algorithms to
secure the communication between the website or service and its
users. This ensures that the sensitive information, such as login
 credentials and credit card information, is protected from being
intercepted and read by unauthorized parties.
2. Authentication: The SSL certificate verifies the identity of the
website or service, ensuring that users are communicating with
the intended party and not with an impostor. This provides
assurance to users that their information is being transmitted to a
trusted entity.
3. Integrity: The SSL certificate uses message authentication codes
(MACs) to detect any tampering with the data during
transmission. This ensures that the data being transmitted is not
modified in any way, preserving its integrity.
4. Non-repudiation: SSL certificates provide non-repudiation of
data, meaning that the recipient of the data cannot deny having
received it. This is important in situations where the authenticity of
the information needs to be established, such as in e-commerce
transactions.
5. Public-key cryptography: SSL certificates use public-key
cryptography for secure key exchange between the client and
server. This allows the client and server to securely exchange
encryption keys, ensuring that the encrypted information can only
be decrypted by the intended recipient.
6. Session management: SSL certificates allow for the
management of secure sessions, allowing for the resumption of
secure sessions after interruption. This helps to reduce the
overhead of establishing a new secure connection each time a
user accesses a website or service.
7. Certificates issued by trusted CAs: SSL certificates are issued
by trusted CAs, who are responsible for verifying the identity of
the website or service before issuing the certificate. This provides
a high level of trust and assurance to users that the website or
service they are communicating with is authentic and trustworthy.
In addition to these key characteristics, SSL certificates also come in
various levels of validation, including Domain Validation (DV),
Organization Validation (OV), and Extended Validation (EV). The
level of validation determines the amount of information that is
verified by the CA before issuing the certificate, with EV certificates
providing the highest level of assurance and trust to users.For more
information about SSL certificates for each Validation level type,
please refer to Namecheap.
Overall, the SSL certificate is an important component of online
security, providing encryption, authentication, integrity, non-
repudiation, and other key feature

that ensure the secure and reliable transmission of sensitive

information over the internet.
Refer to the difference between Secure Socket Layer (SSL) and
Transport Layer Security (TLS)

FTP details
File transfer protocol (FTP) is an Internet tool provided by
TCP/IP. The first feature of FTP is developed by Abhay Bhushan
in 1971. It helps to transfer files from one computer to another by
providing access to directories or folders on remote computers and
allows software, data, text file to be transferred between different
kinds of computers. The end-user in the connection is known as
localhost and the server which provides data is known as the
remote host.
The goals of FTP are:
 It encourages the direct use of remote computers.
 It shields users from system variations (operating system,
directory structures, file structures, etc.)
 It promotes sharing of files and other types of data.

Why FTP?

FTP is a standard communication protocol. There are various

other protocols like HTTP which are used to transfer files between
computers, but they lack clarity and focus as compared to FTP.
Moreover, the systems involved in connection are heterogeneous
systems, i.e. they differ in operating systems, directory, structures,
character sets, etc the FTP shields the user from these differences
and transfer data efficiently and reliably. FTP can transfer ASCII,
EBCDIC, or image files. The ASCII is the default file share format,
in this, each character is encoded by NVT ASCII. In ASCII or
EBCDIC the destination must be ready to accept files in this mode.
The image file format is the default format for transforming binary
files.

FTP Clients

FTP works on a client-server model. The FTP client is a program

that runs on the user’s computer to enable the user to talk to and
get files from remote computers. It is a set of commands that
establishes the connection between two hosts, helps to transfer
the files, and then closes the connection. Some of the commands
are: get filename(retrieve the file from server), mget
filename(retrieve multiple files from the server ), ls(lists files
available in the current directory of the server). There are also
built-in FTP programs, which makes it easier to transfer files and it
does not require remembering the commands.

Type of FTP Connections

FTP connections are of two types:

Active FTP connection: In an Active FTP connection, the client
establishes the command channel and the server establishes the
data channel. When the client requests the data over the
connection the server initiates the transfer of the data to the client.
It is not the default connection because it may cause problems if
there is a firewall in between the client and the server.
Passive FTP connection: In a Passive FTP connection, the client
establishes both the data channel as well as the command
channel. When the client requests the data over the connection,
the server sends a random port number to the client, as soon as
the client receives this port number it establishes the data channel.
It is the default connection, as it works better even if the client is
protected by the firewall.

Anonymous FTP

Some sites can enable anonymous FTP whose files are available
for public access. So, the user can access those files without any
username or password. Instead, the username is set to
anonymous and the password to the guest by default. Here, the
access of the user is very limited. For example, the user can copy
the files but not allowed to navigate through directories.

How FTP works?

The FTP connection is established between two systems and they

communicate with each other using a network. So, for the
connection, the user can get permission by providing the
credentials to the FTP server or can use anonymous FTP.
When an FTP connection is established, there are two types of
communication channels are also established and they are known
as command channel and data channel. The command channel is
used to transfer the commands and responses from client to
server and server to client. FTP uses the same approach as
TELNET or SMTP to communicate across the control connection.
It uses the NVT ASCII character set for communication. It uses
port number 21. Whereas the data channel is used to actually
transfer the data between client and server. It uses port number
20.
The FTP client using the URL gives the FTP command along with
the FTP server address. As soon as the server and the client get
connected to the network, the user logins using User ID and
password. If the user is not registered with the server, then also
he/she can access the files by using the anonymous login where
the password is the client’s email address. The server verifies the
user login and allows the client to access the files. The client
transfers the desired files and exits the connection. The figure
below shows the working of FTP.

Detail steps of FTP

 FTP client contacts FTP server at port 21 specifying TCP as

transport protocol.
 Client obtain authorization over control connection.
 Client browse remote directory by sending commands over
control connection.
 When server receives a command for a file transfer, the server
open a TCP data connection to client.
 after transferring one file, server closes connection.
 server opens a second TCP data connection to transfer
another file.
 FTP server maintains state i.e. current directory, earlier
authentication.

.
Transmission mode

FTP transfer files using any of the following modes:

 Stream Mode: It is the default mode. In stream mode, the data
is transferred from FTP to TCP in stream bytes. Here TCP is
the cause for fragmenting data into small segments. The
connection is automatically closed if the transforming data is in
the stream bytes. Otherwise, the sender will close the
connection.
 Block Mode: In block mode, the data is transferred from FTP
to TCP in the form of blocks, and each block followed by a 3-
byte header. The first byte of the block contains the information
about the block so it is known as the description block and the
other two bytes contain the size of the block.
 Compressed Mode: This mode is used to transfer big files. As
we know that, due to the size limit we can not transfer big files
on the internet, so the compressed mode is used to decrease
the size of the file into small and send it on the internet.

FTP Commands

Sr.
Command Meaning
no.

1. cd Changes the working directory on the remote host

2. close Closes the FTP connection

3. quit Quits FTP

 4. pwd displays the current working Directory on the remote host

5. dis or ls Provides a Directory Listing of the current working directory

6. help Displays a list of all client FTP commands

7. remotehelp Displays a list of all server FTP commands

8. type Allows the user to specify the file type

9. struct specifies the files structure

Applications of FTP

The following are the applications of FTP:

 FTP connection is used by different big business organizations
for transferring files in between them, like sharing files to other
employees working at different locations or different branches
of the organization.
 FTP connection is used by IT companies to provide backup
files at disaster recovery sites.
 Financial services use FTP connections to securely transfer
financial documents to the respective company, organization, or
government.
 Employees use FTP connections to share any data with their
co-workers.
Advantages

 Multiple transfers: FTP helps to transfer multiple large files in

between the systems.
 Efficiency: FTP helps to organize files in an efficient manner
and transfer them efficiently over the network.
 Security: FTP provides access to any user only through user
ID and password. Moreover, the server can create multiple
levels of access.
 Continuous transfer: If the transfer of the file is interrupted by
any means, then the user can resume the file transfer
whenever the connection is established.
 Simple: FTP is very simple to implement and use, thus it is a
widely used connection.
 Speed: It is the fastest way to transfer files from one computer
to another.

Disadvantages

 Less security: FTP does not provide an encryption facility

when transferring files. Moreover, the username and passwords
are in plain text and not a combination of symbols, digits, and
alphabets, which makes it easier to be attacked by hackers.
 Old technology: FTP is one of the oldest protocols and thus it
uses multiple TCP/IP connections to transfer files. These
connections are hindered by firewalls.
 Virus: The FTP connection is difficult to be scanned for viruses,
which again increases the risk of vulnerability.
 Limited: The FTP provides very limited user permission and
mobile device access.
 Memory and programming: FTP requires more memory and
programming efforts, as it is very difficult to find errors without
the commands.
 What is Google Dorking or Google ethical
hacking?




Google Dorking is a technique used by hackers and security

researchers to find sensitive information on websites using
Google’s search engine. It is also known as Google hacking or
Google Dorking.
Search Filters
Google Dorking involves using advanced search operations in
Google to search for specific keywords, file types, or website
parameters. These operators can be combined to create more
powerful search queries that can reveal information that would not
be easily accessible otherwise.
Some examples of advanced search operators used in Google
Dorking include:

Dork Description Example

Searches for occurrences of all the

allintext allintext:”keyword”
keywords given.

Searches for the occurrences of

intext intext:”keyword”
keywords all at once or one at a time.

Searches for a URL matching one of

inurl inurl:”keyword”
the keywords.

intitle Searches for occurrences of keywords intitle:”keyword”

 Dork Description Example

in title all or one.

Specifically searches that particular

site site and lists all the results for that site:”www.geeksforgeeks.org”
site.

Searches for a particular filetype

filetype filetype:”pdf”
mentioned in the query.

link Searches for external links to pages link:”keyword”

List web pages that are “similar” to a

related related:www.geeksforgeeks.org
specified web page.

Shows the version of the web page

cache cache:www.geeksforgeeks.org
that Google has in its cache.

These are some of the dorks who generally used more as

compared to other dorks. Dorks are just not limited to this list, you
can also make your own custom dork by innovating already
existing dorks. For reference, you can visit Google Hacking
Database.
Examples
Let’s have an example of using a
dork intitle:”GeeksForGeeks” which will filter the sites
containing GeeksForGeeks in their title :
 intitle:”GeeksForGeeks” (There are a lot more results, explore it by doing)

And one more inurl:”GeeksForGeeks”, it will filter all those sites

which are having GeeksForGeeks in their URL.
 inurl:”GeeksForGeeks” (Try it yourself to learn more)

Other Operators
Apart from the above-mentioned operator, there are also some
logical operators which can be used to filter the search engine
results according to the need. You will definitely get the stuff on
seeing these operators. Here are these:
 OR: This self-explanatory operator searches for a given search
term OR an equivalent term.
site:geeksforgeeks.org | site:www.geeksforgeeks.org

 AND: Similarly, this operator searches for a given search term

AND an equivalent term.
site:geeksforgeeks.com & site:www.geeksforgeeks.org

 Search Term: This operator only looks for the precise phrase
within speech marks.
"GeeksForGeeks POTD"

 Glob Pattern (*): This works best when you don’t know what
goes on in the place of the asterisk(*).
site: *.geeksforgeeks.org

 Including Results: Will include the results.

site:linkedin.com +site:linkedin.*

 Exclude Results: Will exclude the results.

site:linkedin.* -site:linkedin.com

This is all about the operators which can be used apart from the
dorks which doing a google search.
While Google Dorking can be used for legitimate purposes such as
researching a website’s security vulnerabilities, hackers use this
technique maliciously to find sensitive information such as
usernames, passwords, and other potential information. As a
result, it is important for website owners to secure their websites
and avoid exposing sensitive information in publicly accessible
directories.
In addition, internet users should also be careful about the
information they share online and use strong, unique passwords
for each of their online accounts to avoid falling victim to a cyber
attack.
Overall, Google Dorking is a powerful technique that can be used
for both good and bad purposes. Website owners and internet
users should be aware of its potential risks and take steps to
protect themselves from any potential security breaches.

Prevention From Google Dorking

As an owner/developer, you will wish your website to be secure
from google dorking. You can do so by following the below-
mentioned stuff:
 Use Robots.txt: You may tell search engines not to index
particular web pages or directories on your website using a
robots.txt file. By doing this, you may be able to stop attackers
from discovering weak points on your website. There are a lot
of modifications that can be done to robots.txt. For ex:
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
// This meta tag will prevent all
robots from scanning your website

To get more insights about robots.txt, follow this GFG Article.

 Disable Directory Indexing: Web servers frequently permit
directory crawling by default, allowing anybody to see a
directory’s contents. You can stop it from happening by turning
off directory indexing in your web server settings.
 Use a Firewall: You can use a WAF (Web Application Firewall)
to enhance the security of your website. It will provide you with
an extra layer of security.
 Use Access Control: You can use authentication or MFA
(Multi-Factor Authentication) on the pages if you don’t want let
anyone to have access. It will prevent unauthorized access to
the website.
By following these methods, you can protect your website over the
internet from google hackers, or better to say, google dorking.
Note: This article is only for educational purposes.
 Sniffing attacks
A sniffing attack in system hacking is a form of denial-of-service
attack which is carried out by sniffing or capturing packets on the
network, and then either sending them repeatedly to a victim
machine or replaying them back to the sender with modifications.
Sniffers are often used in system hacking as a tool for analyzing
traffic patterns in a scenario where performing more intrusive and
damaging attacks would not be desirable.
Sniffing Attack:
A sniffing attack can also be used in an attempt to recover a
passphrase, such as when an SSH private key has been
compromised. The sniffer captures SSH packets containing
encrypted versions of the password being typed by the user at
their terminal, which can then be cracked offline using brute force
methods.
 The term “sniffing” is defined in RFC 2301 as: “Any act of
capturing network traffic and replaying it, usually for the
purpose of espionage or sabotage.”
 This definition is not accurate for UNIX-based systems, since
any traffic can be sniffed as long as either the attacker has
access to network interfaces (NIC) or modifies packets that
could not be altered in transit. Sniffing can be performed using
a special program like tcpdump, tcpflow, or LanMon that is
connected to a port over which the packets can be inspected
remotely.
 Another sniffing attack called ARP spoofing involves sending
forged Address Resolution Protocol (ARP) messages to the
Ethernet data link layer. These messages are used to associate
a victim machine’s IP address with a different MAC address,
leading the targeted machine to send all its traffic intended for
the victim through an attacker-controlled host.
 This is used to both hijack sessions and also cause flooding of
the network via a denial-of-service attack (see Smurf attack).
Every IP packet contains, in addition to its payload, two fields:
an IP header, and an Ethernet header encapsulating it.

 The combination of these two headers is often referred to as a

“packet” by those who work with internet communications. An
attacker can, therefore, view and modify an IP packet’s IP
header without having to see its payload.
 The Ethernet header contains information about the destination
MAC address (the hardware address of the recipient machine)
and the Ether Type field contains a value indicating what type
of service is requested (e.g., precedence or flow control).
 The Ether type could be “0xFFFF”, indicating that no service
fields were included for the Ethernet frame. This was used in
Cisco’s implementation prior to version 8.0.
Key Points:
There are a number of different methods that an attacker can use
to perform ARP spoofing. They include:
 The attacker has access to the “ARP cache” on their infected
machine, which also contains other machines’ MAC addresses,
but who do not have or are not using the same IP addresses as
other machines with the same MAC addresses in their ARP
caches.
 The attacker does not know what method the other machines
use for keeping a table of MAC addresses, and so simply sets
up a network with many duplicate entries.
 The attacker sends out forged ARP messages, trying to
associate their infected machine with another machine’s MAC
address.
Countermeasures:
There are a number of ways that the attacker can be prevented
from using these methods, including:
 ARP spoofing is not a very effective attack, except in networks
that are poorly secured.
 In order for an attacker to use this method as a form of
masquerading, they must be able to send packets directly to
the network (either through access to Wi-Fi or by finding a
security flaw). Because of this, the attacker’s IP address is
likely to become known very quickly.
 A sniffing attack is a form of attack where the attacker tries to
access certain data over the network and sniffing is used as an
essential task in capturing data. The term “sniffing” comes from
the action of sniffing or smelling. The attacker gets hold of this
information by using special software called “network analyzer”.
 Sniffing in Hacking: it is considered to be an intrusion on your
computer system without permission, without your knowledge,
and without legal authorization. It’s called hacking, which can
be performed by several methods.
Conclusion:
In conclusion, it can be said that sniffing is a method used to
extract information from the network in order to get access to a
system or to deny access.