Presentation is loading. Please wait.

Presentation is loading. Please wait.

Exploring DOM-Based Cross Site Attacks

Published byAbraham Gilbert Modified over 5 years ago

Similar presentations

Presentation on theme: "Exploring DOM-Based Cross Site Attacks"— Presentation transcript:

1 Exploring DOM-Based Cross Site Attacks
Dr. Ammar Aldallal Computer Engineering Department

2 Types of cross site scripting What is DOM Cross Site Example
Outline Introduction Web users threats Types of cross site scripting What is DOM Cross Site Example Defending against DOM Cross Site Conclusion 7/28/2019 Dr Ammar Aldallal

3 Introduction The dynamic web applications are quite complex in nature.
Using web applications becomes more and more popular on a daily basis, This motivates the hackers to commit cyber-crimes such as cross-site scripting. This connectivity has raised a major security threat since attacker will be able to access personal and sensitive information. 7/28/2019 Dr Ammar Aldallal

4 Web Users Threats The Open Web Application Security Project has listed top-10 threats of Web Application, among are: Injection Broken Authentication and Session Management Cross- site scripting (XSS) Insecure Direct Object References Un-validated Redirects and Forwards Sensitive Data Exposure 7/28/2019 Dr Ammar Aldallal

5 Definition of Cross- Site Scripting (XSS)
In XSS hacker attacks authentic web page with his malicious code therefore when user visits the web page the script is downloaded From: The Five Most Prevalent Web Threats Today And What You Can Do About Them, © Imperva, Inc. 2017 7/28/2019 Dr Ammar Aldallal

6 Types of Cross- site scripting (XSS)
There are three types of Cross- site scripting (XSS) Non-Persistent (reflected) Cross- site scripting Persistent Cross- site scripting DOM-Based Cross- site scripting 7/28/2019 Dr Ammar Aldallal

7 Types of Cross- site scripting (XSS)
Non-Persistent (reflected)Cross- site scripting means that malicious code is not persistently stored in a vulnerable server, but it is immediately echoed by the vulnerable server back to a victim Persistent Cross- site scripting means that the malicious code is persistently stored in a server’s storage, and may later be embedded in an HTML page sent to the victim. 7/28/2019 Dr Ammar Aldallal

8 What is DOM The Document Object Model is a convention for representing and working with objects in an HTML or XML document. 7/28/2019 Dr Ammar Aldallal

9 What is DOM (Cont.) Basically all HTML documents have an associated Document Object Model , consisting of objects representing the document properties from the point of view of the browser. Whenever a script is executed on client-side, the browser provides the code with the DOM of the HTML page where the script runs, thus, offering access to various properties of the page and their values, populated by the browser from its perspective 7/28/2019 Dr Ammar Aldallal

10 DOM based XSS  DOM cross site scripting attack relies on inappropriate handling, in the HTML page, of the data from its associated DOM, resulting in: Steal the cookies of the user or Change the page's behavior as the attacker like. DOM Based XSS (or as it is called in some texts, “type-0 XSS”) is an XSS attack wherein the attack payload is executed as a result of modifying the DOM “environment” in the victim’s browser used by the original client side script, so that the client side code runs in an “unexpected” manner. That is, the page itself (the HTTP response that is) does not change, but the client side code contained in the page executes differently due to the malicious modifications that have occurred in the DOM environment. 7/28/2019 Dr Ammar Aldallal

11 DOM based XSS Among the objects in the DOM, there are several which the attacker can manipulate in order to generate the XSS condition, and the most popular, from this perspective, are the   document.url,  document.location   document.referrer  7/28/2019 Dr Ammar Aldallal

12 Example of a DOM-Based XSS Attack
Consider the URL: The HTML source of the URL would look like this: <html> <head> <title>Custom Dashboard </title> ... </head> Main Dashboard for <script> var pos=document.URL.indexOf("context=")+8; document.write(document.URL.substring(pos,document.URL.length)); </script> </html> 7/28/2019 Dr Ammar Aldallal

13 Example (Cont.) The result of
would be a customized dashboard for Bader, containing at the top the string: “Main Dashboard for Bader”. The malicious script can be embedded in the URL as follows Next, the browser finds the malicious code in the HTML body and executes it, thus finalizing the DOM XSS attack. When the browser arrives to the script which gets the user name from the URL, referencing the document.urlproperty, it runs it and consequently updates the raw HTML body of the page, resulting in ... Main Dashboard for <script>SomeFunction(somevariable)</script> ...Next, the browser finds the malicious code in the HTML body and executes it, thus finalizing the DOM XSS attack. In reality, the attacker would hide the contents of the payload in the URL using encoding so that it is not obvious that the URL contains a script. Note however, that some browsers may encode the < and > characters in the URL, causing the attack to fail. However there are other scenarios which do not require the use of these characters, nor embedding the code into the URL directly, so these browsers are not entirely immune to this type of attack either. 7/28/2019 Dr Ammar Aldallal

14 Encoding the attack In reality, the attacker would hide the contents of the payload in the URL using encoding so that it is not obvious that the URL contains a script. 7/28/2019 Dr Ammar Aldallal

15 Defending against DOM-based XSS attacks
Because some browsers may encode the “<“ and  ”>”  characters in the URL, the attack will fail.  However there are other scenarios which do not require the use of these characters, so these browsers are not entirely immune to this type of attack. 7/28/2019 Dr Ammar Aldallal

16 Defending against DOM-based XSS attacks
Effective conceptual defense methods against the DOM XSS include: Avoiding client-side sensitive actions such as rewriting or redirection, using client-side data. Inspecting and securely handling references to DOM objects,such as URL, location and referrer. Using intrusion prevention systems which are able to inspect inbound URL parameters and prevent the inappropriate pages to be served. 7/28/2019 Dr Ammar Aldallal

17 Defending against DOM-based XSS attacks
Difficult to detect by server-side attack detection and prevention tools Testing of the effectiveness of the sanitization methods in place, or for discovering the DOM XSS vulnerabilities can be performed Manually attempting to exploit them, Using automated tools that perform automatic penetration testing against this type of vulnerabilities, Using various payloads and mounting points. 7/28/2019 Dr Ammar Aldallal

18 Conclusion The DOM based cross-site is used to operate and retrieve the objects in HTML object. Different methods are used in DOM based cross-site scripting when the client sends unreliable data just to interpret the JavaScript. Finally, the objective of this presentation is to let the user be familiar with this type of cross-site scripting attack; hence, browse cautiously and safely to prevent DOM-based XSS attacks. Use updated web browser. 7/28/2019 Dr Ammar Aldallal

19 Thank you Questions & Answers
7/28/2019 Dr Ammar Aldallal

Download ppt "Exploring DOM-Based Cross Site Attacks"

Similar presentations

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
Nick Feamster CS 6262 Spring 2009

Nick Feamster CS 6262 Spring 2009
Past, Present and Future By Eoin Keary and Jim Manico

Past, Present and Future By Eoin Keary and Jim Manico
Hossain Shahriar Mohammad Zulkernine. One of the worst vulnerabilities in web applications It involves the generation of dynamic HTML contents with invalidated.

Hossain Shahriar Mohammad Zulkernine. One of the worst vulnerabilities in web applications It involves the generation of dynamic HTML contents with invalidated.
What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.

What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
WEB BROWSER SECURITY By Robert Sellers Brian Bauer.

WEB BROWSER SECURITY By Robert Sellers Brian Bauer.
By Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna Network and Distributed System Security(NDSS ‘07)

By Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna Network and Distributed System Security(NDSS ‘07)
WebGoat & WebScarab “What is computer security for $1000 Alex?”

WebGoat & WebScarab “What is computer security for $1000 Alex?”
EECS 354 Network Security Cross Site Scripting (XSS)

EECS 354 Network Security Cross Site Scripting (XSS)
Cross Site Scripting a.k.a. XSS Szymon Siewior. Disclaimer Everything that will be shown, was created for strictly educational purposes. You may reuse.

Cross Site Scripting a.k.a. XSS Szymon Siewior. Disclaimer Everything that will be shown, was created for strictly educational purposes. You may reuse.
Web 2.0 security Kushal Karanjkar Under guidance of Prof. Richard Sinn.

Web 2.0 security Kushal Karanjkar Under guidance of Prof. Richard Sinn.
IDAsec copyright - all rights reserved1 Web Vulnerabilities in the real world.

IDAsec copyright - all rights reserved1 Web Vulnerabilities in the real world.
It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.

It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.
Introduction to the OWASP Top 10. Cross Site Scripting (XSS)  Comes in several flavors:  Stored  Reflective  DOM-Based.

Introduction to the OWASP Top 10. Cross Site Scripting (XSS)  Comes in several flavors:  Stored  Reflective  DOM-Based.
CROSS SITE SCRIPTING..! (XSS). Overview What is XSS? Types of XSS Real world Example Impact of XSS How to protect against XSS?

CROSS SITE SCRIPTING..! (XSS). Overview What is XSS? Types of XSS Real world Example Impact of XSS How to protect against XSS?
Injection Attacks by Example SQL Injection and XSS Adam Forsythe Thomas Hollingsworth.

Injection Attacks by Example SQL Injection and XSS Adam Forsythe Thomas Hollingsworth.
Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software

Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software
Chapter 6: Hostile Code Guide to Computer Network Security.

Chapter 6: Hostile Code Guide to Computer Network Security.
 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.

 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.

Similar presentations

Ads by Google