In Part I of this series, we learned how to create two modern cookie stealers for stealthily carrying out session hijacking attacks. Although highly effective in many cases, both cookie stealers were useless against websites that employ HttpOnly session cookies. In this tutorial, we’re not going to be focusing on stealing sessions. Instead, we’re going to learn how to log keystrokes in realtime using WebSockets, as well as map keystrokes to specific DOM elements.
Leave a CommentCategory: Application Security
Imagine we are targeting an instance of Damn Vulnerable Web App on an enterprise network. In this totally realistic scenario, there is also an instance of Web Cal running on the same network. The Web Cal instance is vulnerable to clickjacking. To gain access to DVWA, we can create a malicious web page that masquerades as the Web Cal instance using an iframe. We then could place a second iframe into the page that executes a reflected XSS attack against the target DVWA instance on page load. We could then use social engineering to trick a user into navigating to our fake Web Cal page, and by doing so steal the user’s DVWA session.
Leave a CommentIn this tutorial we will be develop three different cookie stealers of increasing complexity and effectiveness. We will also demonstrate how to use these cookie stealers to perform session hijacking attacks using a web page vulnerable to XSS.
Leave a CommentIn many cases, developers faced with patching a SQL injection will attempt to be clever by turning off error output instead of trying to fix their broken code. This results in a situation in which the target web page is vulnerable to SQLi, but no messages from the database are shown except for the intended output onto the page. This forces us to get creative when attempting to extract information from the target database.
Leave a CommentWriteup for the “Lawn Care Simulator” challenge from CSAW Quals 2015.
Leave a Comment