Posts

Showing posts from August, 2011

XSS beef framework

Image
XSS are executed on the client-side. You can use javascript, DOM to steal data, cookie, deface.... I tried many times with javascript, but i found beef, XSS framework. One work: include script and send malicous code to victim: If XSS in POST request, you can create page, it will generate POST request: MF: http://www.mediafire.com/?832ps4haqqg3989 ------------------------------------------------------------ Thanks for reading -------------------------------------------------------------------------- All my Lab: Linux Lab -- window and Cisco Lab to be continued - I will update more.    

TRACE method with XST

TRACE method. Today, i will presente one solution. TRACE method. We known many HTTP reports: GET POST OPTION... But we will focus one method: TRACE. If we use it, it will give copy of our request: icesurfer@nightblade ~ $ nc www.victim.com 80 TRACE / HTTP/1.1 Host: www.victim.com HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 Date: Tue, 31 Oct 2006 08:01:48 GMT Connection: close Content-Type: message/http Content-Length: 39 TRACE / HTTP/1.1 Host: www.victim.com Now, i am goting to talk about: httponly. It is one mechanism to protect cookie. HttpOnly is an additional flag included in a Set-Cookie HTTP response header. f the HttpOnly flag (optional) is included in the HTTP response header, the cookie cannot be accessed through client side script. So, we can use it to prevent XSS attack. But if server support TRACE method, we will east bypass it. Now, we must review before example. TRACE method will give me all all request, that mean we will access cookie, which was tagged