Beating Trivial Server Side Filters With WebKit

I've just started reading an awesome book and I thought I'd share some of my findings with you. I'll share the title of the book at the end of the post, and I must say its a must read for anyone trying to master XSS attacks.

That being said lets get down to business
Browser LanguagesLost in translation Quick question what languages does your browser parse or "recognize" for you language theorists and computer scientists out there? Did you answer HTML,HMTL+,HTML2.0,XHTML,JavaScript,VBScript,etc? Well then, you are supposed to be right, but in strict terms this is not entirely true! If the set of languages B---which is commonly understood as the browser language---is the set of languages containing HMTL,XHTML,JavaScript,etc. only then this not the language your browser recognizes. Your browser actually recognizes a lot more, in the case of WebKit browsers---especially Chrome, which is what I based my research on here---HTML*---including all HTML versions---is actua…

WebKit XSSAuditor : The XSS catalyst

---Google:"Chrome 18 anti XSS bypass" and feel lucky ;) A while ago I released a bypass for the webkit XSSAuditor in Chrome, I thought I'd honor it with a blog post and discuss another danger the XSSAuditor presents to web application security. This 'danger' of XSS filters has been published in a very popular paper--- about some XSS filters. What I'm doing here is demonstrating whats described. XSSAuditor is part of WebKit's HTML parser and exists to try and mitigate reflected XSS attacks. Unfortunately because of how the auditor operates it can often have quite the opposite effect! In this post I'll explain the situations where XSSAuditor can actually have the adverse effect on a web application's protection against XSS attacks.

NoNoScript : ByPassing NoScript's XSS filters via Error Basd SQLi

NoScript is a firefox add-on or `extension' in charge of stopping reflected XSS attacks. It operates by inspecting and auditing responses---much like other XSS filters---AND requests made by browsers.

Largely NoScript provides a great service, and manages to stop most attacks provided that the injection data is recognizable in the requests---meaning both POST and GET requests. Though because of how it works, when injection data
is not recognizable in requests, NoScript---and for that matter no other XSS filters---will be able to detect the attacks. This largely happens when data is injected in encrypted/hashed/encoded* format.

granted some encodings are accounted for in NoScript and other XSS filters, don't expect to get around the best XSS filters known to man by simply %-encoding your injection data!

One example of a XSS attack where payloads are injected in a way that is not
recognizable to NoScript is in SQL injections. Namely Error Based SQL injection. The following demo…

Reverse Engineering : it's not all its cracked up to be

A lot of people are still bewildered by Reverse Engineering. A lot of people are still wondering what it is and how on earth they can learn to do it. This post---hopefully---will break the mysticism around Reverse Engineering.
 before I can get into it I need to answer this question:
What is Reverse Engineering?Reverse engineering is the process of discovering the technological principles of a device, object, or system through analysis of its structure, function, and operation.[1] It often involves taking something (e.g., a mechanical device, electronic component, software program, or biological, chemical, or organic matter) apart and analyzing its workings in detail to be used in maintenance, or to try to make a new device or program that does the same thing without using or simply duplicating (without understanding) the original. ---- Wikipedia   What I'm going to talk about in this post is Reverse Engineering software.

Social Engineering : Exploiting the Human

Oh no its another blog post about social engineering run away! lols No! This post about the way I personally approach social engineering and the mindset one should have to be able to create new and unexpected methods of extracting information from a target.

Your goal is to get information from a target, the problem you have is that this target is not just going to hand you this information---though in some rare cases it will be this easy---. How do you get the target from a state where it doesn't want to give you this information to a state where it'll willingly hand over the information to you? I think about it in terms of 5 steps:

GooDork v2.2.1 : Custom User-Agents and More Results

The new version of the GooDork is out. I've decided to give you guys a crash course in using the new features.

GooDork : Super Charging your Google Hacking

I recently started work on a very exciting project called GooDork in its most basic function this python script allows you to run google dorks straight from your command line.

Though its real power lies what it allows you to do with the results from a google dork.


Show more