KATA PENGANTAR. Assalamualaikum Wr. Wb

KATA PENGANTAR Assalamualaikum Wr. Wb. Segala puji kami panjatkan kepada Allah SWT karena atas rahmat dan karunia-Nya, karya akhir yang berjudul ” IMPLEMENTASI DAN PENGUJIAN APLIKASI SCAN MALWARE BERBASIS WEB DENGAN KEAMANAN SSL DAN ANTI SQL INJECTION” ini dapat terselesaikan dengan baik dan tepat sesuai waktu yang telah ditentukan. Laporan ini ditulis untuk memenuhi salah satu syarat kelulusan dari Fakultas Ilmu Terapan, Universitas Telkom. Kami mengucapkan banyak terima kasih atas segala bimbingan dan bantuan yang telah diberikan oleh seluruh pihak yang terlibat dalam perancangan maupun pembuatan karya akhir ini. Semoga karya akhir yang telah kami susun dapat memberikan manfaat, baik secara langsung maupun tidak langsung. Amin Ya Rabbal Alamin. Wassalamualaikum Wr. Wb

Bandung, 07 Juli 2014 Penulis

v

DAFTAR ISI LEMBAR PERSEMBAHAN .................................................................................................................. i LEMBAR PENGESAHAN.................................................................................................................... ii LEMBAR PERNYATAAN ................................................................................................................... iii ABSTRAK ......................................................................................................................................... iv KATA PENGANTAR ........................................................................................................................... v DAFTAR ISI ...................................................................................................................................... vi DAFTAR GAMBAR ........................................................................................................................... ix DAFTAR TABEL .............................................................................................................................. xiii Bab 1 Pendahuluan ......................................................................................................................... 1 1.1.

Latar Belakang ................................................................................................................. 1

1.2.

Tujuan.............................................................................................................................. 2

1.3.

Batasan Masalah ............................................................................................................. 2

1.4.

Sistematika Penulisan ..................................................................................................... 2

Bab 2 Arsitektur Sistem ................................................................................................................... 3 2.1

Struktur Sistem................................................................................................................ 3

2.2

Kebutuhan Sumber Daya Manusia.................................................................................. 4

2.3

Tools Yang Digunakan ..................................................................................................... 4

2.4

Tinjauan Pustaka ............................................................................................................. 6

2.4.1.

Pengertian Malware................................................................................................ 6

2.4.2.

MySQL ..................................................................................................................... 7

2.4.3.

SQL Injection ........................................................................................................... 7

2.4.4.

Flowmap .................................................................................................................. 8

2.4.5.

Algoritma MD5 ........................................................................................................ 8

2.4.6.

Hyper Text Transfer Protocol (HTTP) ...................................................................... 9

2.4.7.

File Transfer Protocol (FTP) ..................................................................................... 9 vi

2.4.8.

Hypertext Text Markup Language (HTML) ............................................................ 10

2.4.9.

PHP ........................................................................................................................ 10

2.4.10.

Secure Socket Layer .............................................................................................. 11

2.4.11.

Hypertext Transfer Protocol Secure (HTTPS) ........................................................ 13

Bab 3 Pembuatan Produk.............................................................................................................. 15 3.1

Skenario Sistem Produk ................................................................................................ 15

3.2

Persiapan Perangkat ..................................................................................................... 16

3.3

Simulasi Sistem.............................................................................................................. 17

Bab 4 Penggunaan Produk ............................................................................................................ 19 4.1

Instalasi dan Setting Produk .......................................................................................... 19

4.1.1

Perancangan Web Programming .......................................................................... 19

4.1.2

Pembuatan Hosting ............................................................................................... 25

4.1.3

Database phpMyAdmin ........................................................................................ 28

4.2

Pembuatan Sertifikat SSL .............................................................................................. 35

4.2.1

Proses Pembuatan Sertifikat SSL ........................................................................... 35

4.2.2

Proses Pemasangan Sertifikat SSL ......................................................................... 42

4.3

Pembuatan Keamanan Password Protect Directori pada CPANEL ............................... 46

4.4

Analisis Web .................................................................................................................. 49

4.4.1

Testing Keamanan dengan SQL Injection. ............................................................. 49

4.4.2

Pengujian Metode Black Box................................................................................. 56

4.4.3

Pengujian Fungsionalitas Dari Tampilan Halaman User........................................ 57

4.4.4

Pengujian Fungsionalitas Dari Tampilan Halaman Admin .................................... 58

4.4.5

Analisis Fungsionalitas Website ............................................................................ 67

4.4.6

Pengujian Keamanan dari sisi SSL ......................................................................... 71

4.4.7

Kompatibilitas ....................................................................................................... 74

4.5

Pengujian Performance ................................................................................................. 82

4.6

Analisis Malware ........................................................................................................... 98

4.7

Petunjuk Penggunaan Produk ..................................................................................... 102 vii

Bab 5 Penutup ............................................................................................................................. 106 5.1

Hambatan yang Dialami .............................................................................................. 106

5.2

Saran Pengembangan ................................................................................................. 106

DAFTAR PUSTAKA........................................................................................................................ 107 LAMPIRAN ................................................................................................................................... 109 6.1

Data Malware .............................................................................................................. 109

6.2

Tabel Hasil Survey ....................................................................................................... 120

6.3

Tabel Hasil Pengujian Performance ............................................................................ 120

viii

DAFTAR GAMBAR Gambar 2.1 Struktur Sistem Aplikasi Androscanner ....................................................................... 3 Gambar 2.2 Simbol-simbol Flowmap .............................................................................................. 8 Gambar 2.3 Cara Kerja SSL ............................................................................................................ 12 Gambar 3.1 Skenario Kerja Produk ............................................................................................... 15 Gambar 3.2 Flow Chart Sistem Kerja sisi Admin dan User ............................................................ 17 Gambar 3.3 Halaman Administrator ............................................................................................. 18 Gambar 3.4 Halaman User ............................................................................................................ 18 Gambar 4.1 Script Hash Pada User ............................................................................................... 19 Gambar 4.2 Script Hash Pada Admin ............................................................................................ 20 Gambar 4.3 Halaman Login Administrator. .................................................................................. 20 Gambar 4.4 Halaman Utama Administrator ................................................................................. 20 Gambar 4.5 Halaman Aplikasi Yang Belum Dianalisa.................................................................... 21 Gambar 4.6 Halaman Malware ..................................................................................................... 21 Gambar 4.7 Halaman Yang Telah Dianalisa .................................................................................. 22 Gambar 4.8 Halaman Tambah Data .............................................................................................. 23 Gambar 4.9 Halaman Utama User ................................................................................................ 23 Gambar 4.10 Halaman Tidak Terdeteksi Malware ....................................................................... 24 Gambar 4.11 Halaman Terdeteksi Malware ................................................................................. 24 Gambar 4.12 Halaman Terdeteksi Malware ................................................................................. 25 Gambar 4.13 Akun hosting............................................................................................................ 25 Gambar 4.14 Halaman CPANEL ..................................................................................................... 26 Gambar 4.15 upload data via FileZilla ........................................................................................... 26 Gambar 4.16 Pembuatan database .............................................................................................. 27 Gambar 4.17 pembuatan MySql ................................................................................................... 27 Gambar 4.18 Relasi database dengan user .................................................................................. 27 Gambar 4.19 PhpMyAdmin........................................................................................................... 30 Gambar 4.20 Halaman CPANEL ..................................................................................................... 31 Gambar 4.21 Hirarki CPANEL ........................................................................................................ 31 Gambar 4.22 Optimize Website .................................................................................................... 32 Gambar 4.23 Optimize Website .................................................................................................... 32 Gambar 4.24 Halaman Home User ............................................................................................... 34 ix

Gambar 4.25 Website Pembuatan SSL.......................................................................................... 35 Gambar 4.26 Menu Pada Instantssl.Com...................................................................................... 35 Gambar 4.27 Private Key............................................................................................................... 36 Gambar 4.28 Informasi Sertifikat SSL............................................................................................ 36 Gambar 4.29 Encoded Private Key ................................................................................................ 37 Gambar 4.30 Certificate Signing Requests (CSR) .......................................................................... 37 Gambar 4.31 Request SSL ............................................................................................................. 38 Gambar 4.32 Encode Certificate Request ..................................................................................... 38 Gambar 4.33 Registrasi Domain.................................................................................................... 39 Gambar 4.34 Validasi Alamat Domain .......................................................................................... 39 Gambar 4.35 Licence Agreement SSl Certificate .......................................................................... 40 Gambar 4.36 Kode Verifikasi ......................................................................................................... 40 Gambar 4.37 Tunggu Konfirmasi................................................................................................... 41 Gambar 4.38 Install SSL ................................................................................................................. 42 Gambar 4.39 Script Encode ........................................................................................................... 42 Gambar 4.40 Sertifikat Web.......................................................................................................... 43 Gambar 4.41 SSL Berhasil Dipasang .............................................................................................. 43 Gambar 4.42 Tampilan Admin Yang Di Pasang HTTPS .................................................................. 44 Gambar 4.43 Tampilan Menu Admin Memkai HTTPS................................................................... 44 Gambar 4.44 Tampilan Menu Dari Sub Menu Data Aplikasi Analisa ............................................ 44 Gambar 4.45 Menu Admin Dari Sub Menu Data Malware ........................................................... 45 Gambar 4.46 Menu Admin Dari Sub Menu Aplikasi Baru ............................................................. 45 Gambar 4.47 Menu Dari Sub Menu Tambah Data ....................................................................... 45 Gambar 4.48 Direktori Androadmin123 ....................................................................................... 46 Gambar 4.49 Create User dan Pengaktifan Protect Directory ...................................................... 47 Gambar 4.50 User Berhasil Dibuat ................................................................................................ 47 Gambar 4.51 Halaman Authorization Required............................................................................ 48 Gambar 4.52 SQL Injection Pada Admin Login .............................................................................. 51 Gambar 4.53 Menu Admin. ........................................................................................................... 51 Gambar 4.54 SQL Injection Form Admin Login Pada Web Keamanan Baik .................................. 52 Gambar 4.55 Serangan SQL Injection Tidak Berhasil Dilakukan.................................................... 55 Gambar 4.56 Sistem Kerja Black Box ............................................................................................ 56 Gambar 4.57 Fungsionalitas Scan Halaman User ......................................................................... 57 Gambar 4.58 Fungsionalitas Menu Pilih File ................................................................................. 57

x

Gambar 4.59 Fungsionalitas Login ................................................................................................ 58 Gambar 4.60 Fungsionalitas Utama Admin .................................................................................. 58 Gambar 4.61 Fungsionalitas Data Aplikasi Analisa ....................................................................... 59 Gambar 4.62 Fungsionalitas Data Aplikasi Analisa Fungsi Ubah .................................................. 59 Gambar 4.63 Fungsionalitas Data Aplikasi Analisa Fungsi Hapus ................................................. 60 Gambar 4.64 Fungsionalitas Data Aplikasi Analisa Fungsi Cari ..................................................... 60 Gambar 4.65 Fungsionlitas Data Aplikasi Analisa Hasil Fungsi Cari .............................................. 61 Gambar 4.66 Fungsionalitas Data Malware .................................................................................. 61 Gambar 4.67 Fungsionalitas Data Malware Fungsi Ubah ............................................................. 62 Gambar 4.68 Fungsionalitas Data Malware Fungsi Hapus............................................................ 62 Gambar 4.69 Fungsionalitas Data Malware Fungsi Cari ............................................................... 63 Gambar 4.70 Fungsionalitas Data Malware Hasil Fungsi Cari ....................................................... 63 Gambar 4.71 Fungsionalitas Menu Aplikasi Baru ......................................................................... 64 Gambar 4.72 Fungsionalitas Menu Aplikasi Baru Fungsi Unduh .................................................. 64 Gambar 4.73 Fungsionalitas Menu Aplikasi Baru Fungsi Analisa.................................................. 65 Gambar 4.74 Fungsionalitas Menu Aplikasi Baru Fungsi Hapus ................................................... 65 Gambar 4.75 Fungsionaltas Menu Tambah Data.......................................................................... 66 Gambar 4.76 Fungsionalitas Menu Keluar .................................................................................... 66 Gambar 4.77 Install Wireshark ..................................................................................................... 71 Gambar 4.78 IP Address Androscanner ........................................................................................ 71 Gambar 4.79 Interface Wireshark ................................................................................................. 72 Gambar 4.80 Halaman Utama Admin ........................................................................................... 72 Gambar 4.81 Hasil Sniffing Website menggunakan SSL................................................................ 73 Gambar 4.82 Hasil Sniffing Website tanpa SSL ............................................................................. 73 Gambar 4.83 Halaman User Chrome ............................................................................................ 74 Gambar 4.84 Halaman Admin Chrome ......................................................................................... 74 Gambar 4.85 Halaman Utama User Mozilla.................................................................................. 75 Gambar 4.86 Halaman Utama Admin Mozilla .............................................................................. 76 Gambar 4.87 Halaman Utama User Safari .................................................................................... 77 Gambar 4.88 Halaman Utama Admin Safari ................................................................................. 77 Gambar 4.89 Halaman Utama User Opera Browser ..................................................................... 78 Gambar 4.90 Halaman Utama Admin Opera Browser .................................................................. 79 Gambar 4.91 Halaman Utama User Android Smartphone ........................................................... 80 Gambar 4.92 Halaman User Terdeteksi Malware ......................................................................... 80

xi

Gambar 4.93 Instalasi WAPT ......................................................................................................... 82 Gambar 4.94 License Angreement ................................................................................................ 82 Gambar 4.95 Memilih Folder Installasi ......................................................................................... 83 Gambar 4.96 Tahap Instalasi Siap Dilakukan ................................................................................ 83 Gambar 4.97 Proses Instalasi Selesai ............................................................................................ 84 Gambar 4.98 Tampilan Utama WAPT ........................................................................................... 84 Gambar 4.99 Pemilihan Scenario .................................................................................................. 85 Gambar 4.100 Pemilihan Jumlah User .......................................................................................... 85 Gambar 4.101 Recording Option .................................................................................................. 86 Gambar 4.102 Proses Recording ................................................................................................... 86 Gambar 4.103 Verify Hasil Record ................................................................................................ 87 Gambar 4.104 Grafik Overal Performance.................................................................................... 88 Gambar 4.105 Grafik Eror ............................................................................................................. 88 Gambar 4.106 Grafik Bandwidth .................................................................................................. 89 Gambar 4.107 Halaman Utama Virustotal .................................................................................... 98 Gambar 4.108 Proses Mengupload File ........................................................................................ 98 Gambar 4.109 Memulai Proses Scanning ..................................................................................... 99 Gambar 4.110 Proses Upload dan Analisa Malware ..................................................................... 99 Gambar 4.111 File Selesai Dianalisa............................................................................................ 100 Gambar 4.112 Jenis Malware...................................................................................................... 100 Gambar 4.113 Resiko Dampak Malware ..................................................................................... 101 Gambar 4.114 Level Tingkat Bahaya Malware............................................................................ 101 Gambar 4.115 Tampilan Home ................................................................................................... 102 Gambar 4.116 Proses Upload File ............................................................................................... 102 Gambar 4.117 Tampilan Aplikasi Aman ...................................................................................... 103 Gambar 4.118 Notifikasi Tampilan Jika File Terdeteksi .............................................................. 103 Gambar 4.119 Tampilan File Terdeteksi ..................................................................................... 104 Gambar 4.120 Notifikasi Analisa Terdeteksi Malware................................................................ 104 Gambar 4.121 Tampilan Analisa Malware Lebih Lanjut ............................................................. 105

xii

DAFTAR TABEL Tabel 2.1 Kebutuhan Sumber Daya Manusia .................................................................................. 4 Tabel 3.1 Spesifikasi Perangkat Keras ........................................................................................... 16 Tabel 4.1 Tabel Virus ..................................................................................................................... 28 Tabel 4.2 Tabel Baru...................................................................................................................... 28 Tabel 4.3 Tabel Admin................................................................................................................... 29 Tabel 4.4 Tabel App....................................................................................................................... 29 Tabel 4.5 Serangan SQL Injection Form Admin Login Pada Web Kemanan Rendah. .................... 49 Tabel 4.6 Serangan SQL Injection Form Admin Login Pada Web Kemanan Baik .......................... 53 Tabel 4.7 Hasil Pengujian .............................................................................................................. 55 Tabel 4.8 Pengujian Upload File Halaman User ............................................................................ 67 Tabel 4.9 Analisis Fungsionalitas Website .................................................................................... 67 Tabel 4.10 Pengujian Halaman Website Pada Google Chrome .................................................... 75 Tabel 4.11 Pengujian Halaman Website Pada Mozilla Firefox ...................................................... 76 Tabel 4.12 Pengujian Halaman Website Pada Safari Browser ...................................................... 78 Tabel 4.13 Pengujian Halaman Website Pada Opera Browser ..................................................... 79 Tabel 4.14 Pengujian Halaman Website Pada Android Smartphone............................................ 81

xiii

KATA PENGANTAR. Assalamualaikum Wr. Wb

Recommend Documents