Kali进行web渗透笔记(七)
来源:互联网 发布:淘宝代销怎么设置运费 编辑:程序博客网 时间:2024/06/16 05:23
Exploiting Clients Using XSS and CSRF Flaws
- Over the years,the cross-scripting attack has been using JavaScript to perform mailcious activities such as malvertising,port scanning and key logging.(The XSS attack can also be used to inject VBScript,ActiveX,or Flash into a vulnerable web page.)
- Some of the ways in which JavaScript used in HTML code are shown here:
Script tag:<script> alert ("XSSed"); </script>Body tag:<body onload=alert("XSSed")>Image tag:<img src="javascript:alert('XSS');">
- When JavaScript is loaded in the browser,it can access the cookies assigned to the user session and access the URL history.Cookies are often used as session identifiers.If the attacker can steal them,they can gain control over the session.Also,Javascript has access to the entire DOM of the web page and can modify the HTML page.
- DOM is logical structure that defines the attributes and the ways in which the objects(text,images,headers,or links)in a web page are represented. It also defines rules to manipulate them.
- The alert method is often used for demonstration purpose and to test if the application is vulnerable.
major categories of XSS:
- Persistent XSS(sored XSS)
- Reflected XSS(nonpersistent XSS)
- DOM XSS
Defence against DOM-based XSS:
- One og the key defence methods is to avoid building the HTML page using client-side data.
Avoid using risky HTML and JavaScript methods:
document.write():
document.write('City name='+userinput);element.innerHTML:
element.innerHTML='<div>'+userinput+'</div>';eval;
var UserInpu"'Mumbai';alert(x);";
eval("document.forms[0]."+"Cityname="+txtUserInput);
Can encode the user input before using it in the client side code.Using string delimiters and wrapping the user data into a custom function.
XSS combinate JavaScript
- Account hijacking
- Altering contents
- Defacing complete website
- Running a port scan from the victim’s machine
- Log key strokes
- Stealing browsr information
If the HttpOnly flag is set ,which is an optional cookie flag,JavaScript won’t be able to access the cookie.
Scanning for XSS flaws
- OWASP Zed Attack proxy
- XSSer
- W3Af
Cross-site request forgery
- Changing user details such as e-mail address and date of birth in a web application.
- Making fraudulent banking transactions
- Fraudulent upvoting and downvoting on websites
- Adding items in the cart without the user’s knowledge on an e-commerce website
Attack dependencies:
- the victim must have an active authenticated session against the target web application.The application should also allow transactions within a session without asking for reauthentication.
- CSRF is a blind attack and the response from the target web application is not sent to the attacker but the victim.The attacker must have knowledge about the parameters on the website that would trigger the intended action.
- The attacker needs to find a way to trick the user to click on a preconstructed URL or to visit an attacker controlled website if the target application is using the POST method .
Attack methodology
- Image tag
- script tag
- using the POSt method
The best way to analyze the application for CSRF flaw is to first gain complete understanding on the functionality of the web application.Fire up a proxy such as Burp or ZAP,and capture traffic to analyze the request and the response.
- Kali进行web渗透笔记(七)
- Kali进行web渗透笔记(一)
- Kali进行web渗透笔记(二)
- Kali进行web渗透笔记(三)
- Kali进行web渗透笔记(四)
- Kali进行web渗透笔记(五)
- Kali进行web渗透笔记(六)
- Kali进行web渗透笔记(八)
- Kali进行web渗透笔记(九)
- Kali进行web渗透笔记(十)
- Kali进行web渗透笔记(十一)
- kali linux web渗透测试学习笔记
- kali linux web渗透测试学习笔记
- 【安全牛学习笔记】Kali实战-Web渗透
- Kali linux渗透测试(七)
- 搭建Web版Kali Linux渗透系统
- 《Web渗透测试使用kali linux》pdf
- Kali Linux Web 渗透测试秘籍 第一章 配置 Kali Linux
- 表单验证<AngularJs>
- PAT-基础编程题-5-38 数列求和-加强版
- Unity之快捷键组合
- Kali进行web渗透笔记(六)
- 代码训练营—File,删除一个带内容的目录
- Kali进行web渗透笔记(七)
- Android UI(二)
- 正则表达式使用
- Chromium网页Pending Layer Tree激活为Active Layer Tree的过程分析
- 我的第一个公众号
- Kali进行web渗透笔记(八)
- Kali进行web渗透笔记(九)
- 第一篇博文
- Kali进行web渗透笔记(十)