Posts

Showing posts from August, 2011

XSS beef framework

Image
XSS are executed on the client-side. You can use javascript, DOM to steal data, cookie, deface....
I tried many times with javascript, but i found beef, XSS framework. One work: include script and send malicous code to victim:
If XSS in POST request, you can create page, it will generate POST request:


MF: http://www.mediafire.com/?832ps4haqqg3989
------------------------------------------------------------
Thanks for reading
--------------------------------------------------------------------------
All my Lab:
Linux Lab -- window and Cisco Lab
to be continued - I will update more.

TRACE method with XST

TRACE method.
Today, i will presente one solution. TRACE method. We known many HTTP reports: GET POST OPTION...
But we will focus one method: TRACE. If we use it, it will give copy of our request:
icesurfer@nightblade ~ $ nc www.victim.com 80
TRACE / HTTP/1.1
Host: www.victim.com

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Tue, 31 Oct 2006 08:01:48 GMT
Connection: close
Content-Type: message/http
Content-Length: 39

TRACE / HTTP/1.1
Host: www.victim.com
Now, i am goting to talk about: httponly. It is one mechanism to protect cookie. HttpOnly is an additional flag included in a Set-Cookie HTTP response header. f the HttpOnly flag (optional) is included in the HTTP response header, the cookie cannot be accessed through client side script.
So, we can use it to prevent XSS attack. But if server support TRACE method, we will east bypass it.

Now, we must review before example. TRACE method will give me all all request, that mean we will access cookie, which was tagged httponly. Remember …