So let’s say that you decide to write a tool for doing some web related exploitation, enumeration, etc. The preferred language of choice comes down to perl, python ruby (C if you are an old school diehard).

the JavaScript Code

It has to run from the command line. It has to have flags, etc, etc, and pretty much everything else a command line tool usually needs. The end result is something that does something but not necessarily does it well and the reason for this is although the general purpose interpreted languages nowadays have better libraries (like the web voodoo stuff in ruby and python) than in the past, they are still general purpose and therefore not suitable for everything unless you are ready to reinvent the wheel at some point. So what do we do?

The best thing to do is to be a fast learner and forget about what you know and concentrate on what you need and what will serve you a better job.

So we are writing a tool for doing web exploitation. Perhaps there isn’t a better environment for this kind of stuff than the browser itself. Why? Because we can take the browser and its architecture for granted and we can build on the top of it, hustle-free. No SSL worries. No proxies, agents, headers, redirects, parsing, DOM trees, DHTML, evals, etc, etc, etc, worries. It is quite amazing the things that you can do with some JavaScript hacking and a simple browser.

Right now I am working on several quite cool projects which will do exactly that. I came to the conclusion that I no longer need any HTTP proxies because I can do a better job with client-side JavaScript running directly from the target’s SOP sandbox. Yes you can! All of the code can be loaded when needed with a single click on a bookmark and should run flawlessly even on on phone as long as JavaScript is allowed. Here is an example that illustrates what I have in mind:

$.ajax({url: 'http://someurl', success: function (data) {$('a', data).each(function (i, e) { /* do something with each link */ });}});

What you see here is the basic logic of a spider written with jQuery. In a similar fashion we can create a complete request sniffer by just hooking on XMLHttpRequest, onload events and a few other places.

Now this is definitely not mind-blowing. We have been doing similar things for a number of years already but for the sole purpose of exploiting the user. However, a similar technology can be used to accommodate the tester.