Comments on: Traversing the Web http://www.gnucitizen.org/blog/traversing-the-web/ Information Security Think Tank Fri, 29 Aug 2008 18:39:16 +0000 http://wordpress.org/?v=2.6.1 By: Same Origin Bypassing Using Image Dimensions « omg.wtf.bbq. http://www.gnucitizen.org/blog/traversing-the-web/#comment-100050 Same Origin Bypassing Using Image Dimensions « omg.wtf.bbq. Wed, 16 Jan 2008 03:52:39 +0000 http://www.gnucitizen.org/blog/traversing-the-web#comment-100050 [...] has been a lot of research into ways of getting around the same origin policy. What if the browser sandbox we’re all [...] [...] has been a lot of research into ways of getting around the same origin policy. What if the browser sandbox we’re all [...]

]]> By: Yahoo Site Explorer Spider | GNUCITIZEN http://www.gnucitizen.org/blog/traversing-the-web/#comment-35586 Yahoo Site Explorer Spider | GNUCITIZEN Sun, 15 Jul 2007 21:47:15 +0000 http://www.gnucitizen.org/blog/traversing-the-web#comment-35586 [...] from this page. I’ve being talking about client-side spiders for quite some time now over here and here and I even came up with POC based on Yahoo Pipes for my OWASP presentation on Advanced Web [...] [...] from this page. I’ve being talking about client-side spiders for quite some time now over here and here and I even came up with POC based on Yahoo Pipes for my OWASP presentation on Advanced Web [...]

]]> By: GNUCITIZEN » The Web has Betrayed Us http://www.gnucitizen.org/blog/traversing-the-web/#comment-22325 GNUCITIZEN » The Web has Betrayed Us Fri, 18 May 2007 06:25:53 +0000 http://www.gnucitizen.org/blog/traversing-the-web#comment-22325 [...] I believe that this spider is a lot more stable then what JIKTO is using. Why? It is like that because the core component of JIKTO was the same origin unification hack which was initially described here. I repeat, it is a hack. By using a proper mashup service, we do not relay on hacks any more, we use actual service side components that can be scribed via client side technologies. In general, we can use publicly available services for their processing power and more over, we can use them in a distributed way and this is what is dangerous about them. I can talk on this subject for hours and still not be able to say everything that I have in my head. For that reason, let’s have a couple of examples of potentially destructive uses of public APIs, so you can see the big picture from the angle I see it. [...] [...] I believe that this spider is a lot more stable then what JIKTO is using. Why? It is like that because the core component of JIKTO was the same origin unification hack which was initially described here. I repeat, it is a hack. By using a proper mashup service, we do not relay on hacks any more, we use actual service side components that can be scribed via client side technologies. In general, we can use publicly available services for their processing power and more over, we can use them in a distributed way and this is what is dangerous about them. I can talk on this subject for hours and still not be able to say everything that I have in my head. For that reason, let’s have a couple of examples of potentially destructive uses of public APIs, so you can see the big picture from the angle I see it. [...]

]]> By: Gar http://www.gnucitizen.org/blog/traversing-the-web/#comment-20054 Gar Mon, 07 May 2007 01:20:48 +0000 http://www.gnucitizen.org/blog/traversing-the-web#comment-20054 I'm probably very naive, but I just wish that browser implementors got rid of cookies in iframes. The only sensible use would be doubleclick and urchin anyway. I’m probably very naive, but I just wish that browser implementors got rid of cookies in iframes.
The only sensible use would be doubleclick and urchin anyway.

]]> By: GNUCITIZEN » The Attack of the TINY URLs http://www.gnucitizen.org/blog/traversing-the-web/#comment-19546 GNUCITIZEN » The Attack of the TINY URLs Thu, 03 May 2007 09:52:34 +0000 http://www.gnucitizen.org/blog/traversing-the-web#comment-19546 [...] For the purpose of this exercise I employ a single technique that I discussed in detail over here. What this technique shows is that although parent documents cannot read the content of child iframes, child iframes can assign values to their parent’s fragment identifier. In conjunction with tinyurl storage capabilities and a simple trick, this technique can be used to make JavaScript agents live and bread on the web. [...] [...] For the purpose of this exercise I employ a single technique that I discussed in detail over here. What this technique shows is that although parent documents cannot read the content of child iframes, child iframes can assign values to their parent’s fragment identifier. In conjunction with tinyurl storage capabilities and a simple trick, this technique can be used to make JavaScript agents live and bread on the web. [...]

]]> By: GNUCITIZEN » Google AJAX Feed API Dangers http://www.gnucitizen.org/blog/traversing-the-web/#comment-14947 GNUCITIZEN » Google AJAX Feed API Dangers Thu, 19 Apr 2007 13:48:13 +0000 http://www.gnucitizen.org/blog/traversing-the-web#comment-14947 [...] Although SOP works and it greatly improves the browser security, there are ways it can be circumvented to one degree or another. For example, I’ve demonstrated a simple technique where attackers can use publicly available anonymous proxies to unify the origins of two or more web resources. The techniques was used as a key component of Jikto, which was released by Billy Hoffman from SPI Dynamics as a Proof of Concept of how JavaScript can probe various websites for vulnerabilities and spread when XSS or SQL Injection holes are found. [...] [...] Although SOP works and it greatly improves the browser security, there are ways it can be circumvented to one degree or another. For example, I’ve demonstrated a simple technique where attackers can use publicly available anonymous proxies to unify the origins of two or more web resources. The techniques was used as a key component of Jikto, which was released by Billy Hoffman from SPI Dynamics as a Proof of Concept of how JavaScript can probe various websites for vulnerabilities and spread when XSS or SQL Injection holes are found. [...]

]]> By: maluc http://www.gnucitizen.org/blog/traversing-the-web/#comment-246 maluc Thu, 12 Oct 2006 14:01:01 +0000 http://www.gnucitizen.org/blog/traversing-the-web#comment-246 Wow, the author of stripe snoop..? That code helped me more than you could know, so.. thanks ^^ -maluc Wow, the author of stripe snoop..? That code helped me more than you could know, so.. thanks ^^

-maluc

]]> By: Acidus http://www.gnucitizen.org/blog/traversing-the-web/#comment-230 Acidus Tue, 10 Oct 2006 18:22:05 +0000 http://www.gnucitizen.org/blog/traversing-the-web#comment-230 There are some really cool attacks you can do with Ajax Bridges/proxies/gateways. Most of the time it makes more sense for an attacker to use the bridge on www.example.com to attack api.datastore.com than to directly attack api.datastore.com Check out slides 37 - 45 (ignore the slanting) <a href="http://www.spidynamics.com/spilabs/education/presentations/BillyHoffman-Ajax(in)security.pdf" rel="nofollow">http://www.spidynamics.com/spilabs/education/presentations/BillyHoffman-Ajax(in)security.pdf</a> There are some really cool attacks you can do with Ajax Bridges/proxies/gateways. Most of the time it makes more sense for an attacker to use the bridge on http://www.example.com to attack api.datastore.com than to directly attack api.datastore.com

Check out slides 37 - 45 (ignore the slanting)

http://www.spidynamics.com/spi.....ffman-Ajax(in)security.pdf

]]>