Friday, October 12, 2007

XSS-Proxy PoC

The other day, i was thinking about how can i actually get more sales during a meeting session with customers and with the current bloom of hacking websites, i thought its time to actually show customers of what i can do and the impact of a XSS vulnerability. I referred to the book "XSS Exploit and Defence" by Jeremiah and Rsnake and i decided to go with a tool called the XSS-Proxy. All i can say is this tool is really light and easy to use. All you need is just perl and a webserver to be running on your machine and one would have to just launch the listener from there on with the command "perl XSS-Proxy-shmoo_0_0_11" in the command prompt. Anton Rager actually spend some time with me explaining to me how this tool works and the impact of an XSS. I would like to thank him here for his time and effort. If those of you guys who would love to try this tool, download it at http://xss-proxy.sourceforge.net. There is also Advanced XSS attacks and a mini whitepaper for further knowledge reading.

First to startup xss-proxy:


Then inject a script tag into the victim page, be it persistent or reflected, try it to realised it.


The admin page contains the links that the victim had visited, and by clicking those links, you can choose to redirect and hijack the victim browser under the same document domain


A sample of the redirect attack. Observe the below grey bar with "Opening page.."
This is achieved through by clicking on the admin page on one of the links the victim had visited and i wanted the victim to visit another page, so i choose the link i wanted the victim to visit and click on it. On the victim side, he will automatically be redirected to the page i chosed.


And finally, i can even proxy javascript injection on the victim browser. A simple one would be alert('XSS');


The Hacka Man

3 comments:

Unknown said...

Ronald,

nice write up. i have also been playing with xss proxy and i think it does a nice job of showing the dangers of xss. i was trying to make the iframe 100% but was never successful. i was wondering if you ever able to make the iframe 100%?

travis

http://travisaltman.com

Anonymous said...

The holidays are a time ed hardy of getting together with friends ed hardy shoes and family, attending elaborate ed hardy clothing parties, and other exciting events ed hardy clothes that involves dressing up in stunning ed hardy store wardrobes. If you ed hardy Bikini are pregnant during ed hardy swimsuits the holidays, it does not ed hardy Caps mean that you are unable buy ed hardy to look fabulous and ed hardy swimwear stylish. Now, an expectant ed hardy sale mother has many styles of chic ed hardy glasses maternity clothing that allows cheap ed hardy her to show off her baby bump Christian audigier while looking spectacular.

Eleanor said...

It won't really have effect, I consider like this.