InfoSec World 2009 - Browser Security

Security: Submitted by Wade on 24-Mar-09 at 03:07am

Interested in Browser Security? Josh Abraham has published his InfoSec World presentation - Total Browser Pwnag3.

Update: The Demos are available here.

John MPI Updated

Security: Submitted by John on 20-Apr-07 at 10:40pm

A new version of John The Ripper MPI (mpi4) is now available in the tools section...
This version includes:

Support for MacOSX/Intel, this support requires SSE2, as does MacOS itself.
Support for runtime status updates (send a SIGHUP to the running john processes).
Several minor bugfixes

Inter-protocol Exploitation and Communication papers

Security: Submitted by Wade on 19-Apr-07 at 02:04pm

Two papers are now available that demonstrate inter-protocol security issues - Inter-protocol Communication and Inter-protocol Exploitation. Among other things they show the practicality of encapsulating exploit code in one protocol to compromise a program which uses a different protocol.

An example is provided that shows how a web browser can launch a MetaSploit type exploit to own an Asterisk server. Of course, this raises concerns over the (in)effectiveness of firewalls against this attack.

Konqueror DoS Via JavaScript Read Of FTP Iframe

Security: Submitted by Mark on 04-Mar-07 at 07:48pm

This Konqueror crash is a spin-off finding from the FTP PASV paper.

Manipulating FTP Clients Using The PASV Command Paper

Security: Submitted by Mark on 04-Mar-07 at 07:46pm

A common implementation flaw in FTP clients allows FTP servers to cause clients to connect to other hosts. This seemly small vulnerability has some interesting consequences for web browser security.
This paper discusses how the flaw affects Firefox, Opera and Konqueror.

Advanced Cross-site Scipting Virus Paper

Security: Submitted by Wade on 30-Jan-07 at 11:34am

This paper explores the real potential of the web being infected with a cross-site scripting virus that autonomously searches for, and employs, new vulnerabilities for propagation.

SynScan 3.9b2 Released, with IPv6 Support

Security: Submitted by John on 15-Nov-06 at 07:41am

Version 3.9b2 of SynScan is an early beta of the forthcoming SynScan 4.0. As far as I'm aware, this is the first half open syn-scanner with support for IPv6.

More...

BeEF (Browser Exploitation Framework) Beta Released

Security: Submitted by Wade on 24-Aug-06 at 07:13pm

BeEF the browser exploitation framework has been released. The current version is beta and still a work in progress but it should be easy to install.

Its purposes in life is to provide an easily integratable framework to demonstrate the impact of browser and cross-site scripting issues in real-time. The modular structure has focused on making module development a trivial process with the intelligence existing within BeEF.

HTTP Penetration Suite

Security: Submitted by Wade on 02-Aug-06 at 07:56pm

Attacks from browsers are increasing in sophistication and researchers are focusing more resources in this area. Recently, a javascript port scanner was published that was based on a SPI Dynamics paper. The scanner is entirely encapsulated within the web browser.

It doesn’t take an Einstein to start linking web application attack vectors. In the “Inter-browser Communication” (IBC) blog I illustrated one basic method to maintain indirect real-time control over a browser (including data transfer). Using IBC it possible to load tools (in real-time) such as a port scanner to the controlled browser and retrieve the results. Following this logic, an entire HTTP Suite can be developed to attack internal networks using the browser as an unsuspecting proxy. Not to mention the extra dimensions that XSS viruses add.

Inter-browser Commutation

Security: Submitted by Wade on 28-May-06 at 10:59pm

Cross-site scripting (XSS) models are commonly thought to be the server controlling the browser. That is, all commands have come from code residing on the server. This is not necessarily the case. Control can be one browser (in)directly controlling/communicating to another. One method of browser-to-browser communication is employing an intermediate web server.

More...