Presentation is loading. Please wait.

Presentation is loading. Please wait.

Slipping Past the Firewall DNS Rebinding with Pure Java Applets Billy K Rios (BK) and Nate McFeters.

Published byJoshua Frost Modified over 11 years ago

Similar presentations

Presentation on theme: "Slipping Past the Firewall DNS Rebinding with Pure Java Applets Billy K Rios (BK) and Nate McFeters."— Presentation transcript:

1 Slipping Past the Firewall DNS Rebinding with Pure Java Applets Billy K Rios (BK) and Nate McFeters

2 Overview Implications of DNS Rebinding Attacks The Attack Demo Final Thoughts Questions?

3 Implication of DNS Rebinding Attacks Some Thoughts about Firewalls –I prefer pwning the server :p –Client Side Technologies –Heavy Doors with Open Windows –Sun Tzu was a Hacker….

4 Implication of DNS Rebinding Attacks JavaScript –Sockets?!?! Flash –Sockets! LiveConnect (Firefox and other Gecko Based Browsers) –Sockets!

5 Why JAVA Applets? David Bryne –Java Applets? ….. Actually LiveConnect (Firefox only!)

6 Princeton Computer Science PHDs? Why JAVA Applets?

7 Sockets! Abstraction Libraries / Classes –JDBC –SSL –Others Remote Control over Java Applet

8 The Attack - Setup The Internet XSSd Web Site Victim Attacker Oracle DB

9 The Attack - Setup

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24 Close The Browser –Closing the Browser Destroys the Instance of the JVM –Applet Remains cached till 2010 Call an External Java Supported Application –Firefoxurl, Navigatorurl, Picasa… –Each Application has its own instance of the JVM –Applet Remains cached till 2010 Load Different Versions of the JRE –Somewhat limited in newer versions of the JVM –Maybe removed in the future –Applet Remains cached till 2010

25 The Attack

26

27

28

29

30

31

32

33 Remotely Controlling the Applet Script Src –Remote JavaScript is loaded Via Script Src –Dynamic Content (Despite Caching) JavaScript / Java Applet Interaction –Public Methods –Public Variables Remote Control Through an XSS Proxy (XS-Sniper)

34 DEMO

35 Questions and Final Thoughts

Download ppt "Slipping Past the Firewall DNS Rebinding with Pure Java Applets Billy K Rios (BK) and Nate McFeters."

Similar presentations

URI Use and Abuse P\/\/N1ch1\/\/4. Contributing Authors Nathan McFeters – Senior Security Analyst – Ernst & Young Advanced Security Center, Chicago Billy.

URI Use and Abuse P\/\/N1ch1\/\/4. Contributing Authors Nathan McFeters – Senior Security Analyst – Ernst & Young Advanced Security Center, Chicago Billy.
Past, Present and Future By Eoin Keary and Jim Manico

Past, Present and Future By Eoin Keary and Jim Manico
The OWASP Foundation Web Application Security Host Apps Firewall Host Apps Database Host Web serverApp serverDB server Securing the.

The OWASP Foundation Web Application Security Host Apps Firewall Host Apps Database Host Web serverApp serverDB server Securing the.
VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.

VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.
Internet Security Protocols

Internet Security Protocols
Web Server Programming

Web Server Programming
Muhammad Taimoor Khan

Muhammad Taimoor Khan
AJAX Presented by: Dickson Fu Dimas Ariawan Niels Andreassen Ryan Dial Jordan Nielson CMPUT 410 University of Alberta 2006.

AJAX Presented by: Dickson Fu Dimas Ariawan Niels Andreassen Ryan Dial Jordan Nielson CMPUT 410 University of Alberta 2006.
1 Owais Mohammad Haq Department of Computer Science Eastern Michigan University April, 2005 Java Script.

1 Owais Mohammad Haq Department of Computer Science Eastern Michigan University April, 2005 Java Script.
Design of Web-based Systems IS Development: lecture 10.

Design of Web-based Systems IS Development: lecture 10.
Servlets and a little bit of Web Services Russell Beale.

Servlets and a little bit of Web Services Russell Beale.
USING FLASH IN HTML Topics Include: What is Flash? Why use Flash? Flash VS Other Methods What are some things I can do with flash? How can I start using.

USING FLASH IN HTML Topics Include: What is Flash? Why use Flash? Flash VS Other Methods What are some things I can do with flash? How can I start using.
Outline IS400: Development of Business Applications on the Internet Fall 2004 Instructor: Dr. Boris Jukic Server Side Web Technologies: Part 2.

Outline IS400: Development of Business Applications on the Internet Fall 2004 Instructor: Dr. Boris Jukic Server Side Web Technologies: Part 2.
Multiple Tiers in Action

Multiple Tiers in Action
Secure Collective Internet Defense (SCID) Yu Cai 05/30/2003

Secure Collective Internet Defense (SCID) Yu Cai 05/30/2003
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Browser Exploitation Framework (BeEF) Lab

Browser Exploitation Framework (BeEF) Lab
 What I hate about you things people often do that hurt their Web site’s chances with search engines.

 What I hate about you things people often do that hurt their Web site’s chances with search engines.
Remote Accessing Your Home Computer Using VNC and a Dynamic DNS Name.

Remote Accessing Your Home Computer Using VNC and a Dynamic DNS Name.
Web-based Software Development - An introduction.

Web-based Software Development - An introduction.

Similar presentations

Ads by Google