Penetration Testing mailing list archives
Re: XSS interrogations
From: "Jon Xmas" <sapling () bsdmail com>
Date: Thu, 23 Aug 2007 21:03:50 +0800
To see some of the techniques at work I suggest checking out reddragon Attack Api. I believe some of the other big name XSS buffs contributed to another attack api but they called it black dragon which may actually do more but I dont have the link on me at the moment. Red Dragon has some cool functions built into it. Mainly its very harmless it just pulls information or embeds or crashes browsers and what not but all the functions are listed. http://www.0x000000.com/hacks/reddragon.js Ah just found the black dragon home page and as I said it has some of the big names involved. Rsnake and J Grossman both have added their input into this project as well as JUNGSONN PDP (GNUCITIZEN). So its a pretty sweet setup. http://blackdragon.jungsonnstudios.com/
----- Original Message ----- From: "Paul Sebastian Ziegler" <psz () observed de> To: "Jeremy Saintot" <jeremy.saintot () gmail com> Subject: Re: XSS interrogations Date: Thu, 23 Aug 2007 08:29:21 +0200 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Just a rough sketch of what you can do with the different types of XSS. 1) You can grab those cookies. Make the JavaScript send them to you and you may be able to hijack the session or even the account 2) You can read stuff from the Webapp itself (Major consequences if sensitive data like billing information is shown) 3) You can deface the Webpage and spread false information by writing to the document.body.innerHTML element. (Works better with persistent XSS, but reflected does fine as well) 4) With persistent XSS in a big site you can run DoS-Attacks against smaller servers 5) You can surveil the user's behavior 6) XSS allows you to beat about any security mechanism that would normally prevent CSRF 7) You can actually hijack the user's browser and use it as a proxy for yourself. (http://www.portcullis-security.com/16.php) There is a lot more. And you can combine most of this. When asking "what could XSS do" it would be much easier to just consider "what could I possibly do with JavaScript?". Many Greetings Paul -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGzSk8aHrXRd80sY8RCnJqAKDzwI981ybG6RbxOTC4wh/UK9wUXACeJzRj 3g0ETxf2VDefJr6cSG8oIYY= =b1PF -----END PGP SIGNATURE----- ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
-- _______________________________________________ Get your free email from http://bsdmail.com ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- XSS interrogations Jeremy Saintot (Aug 22)
- Re: XSS interrogations Paul Sebastian Ziegler (Aug 22)
- <Possible follow-ups>
- Re: XSS interrogations Jon Xmas (Aug 23)
- HTTP Proxy for thick clients Huan Chi (Aug 28)
- Re: [WEB SECURITY] HTTP Proxy for thick clients haroon meer (Aug 28)
- Re: [WEB SECURITY] HTTP Proxy for thick clients Huan Chi (Aug 28)
- Re: [WEB SECURITY] HTTP Proxy for thick clients haroon meer (Aug 28)
- HTTP Proxy for thick clients Huan Chi (Aug 28)
- RE: [WEB SECURITY] HTTP Proxy for thick clients Ofer Shezaf (Aug 28)
- Re: [WEB SECURITY] HTTP Proxy for thick clients bugtraq (Aug 28)
- Re: [WEB SECURITY] HTTP Proxy for thick clients charlie derr (Aug 28)
- Re: HTTP Proxy for thick clients Jeffory Atkinson (Aug 28)
- Re: HTTP Proxy for thick clients rajat swarup (Aug 29)