Building Advanced. XSS Vectors

Building Advanced XSS Vectors by @brutelogic About About - Agenda ● ● ● ● ● ● ● ● About Vector Scheme Vector Builder (webGun) Agnostic Event Hand...
Author: Dwight Stafford
2 downloads 3 Views 412KB Size
Report
Download PDF
Building Advanced XSS Vectors by @brutelogic

About

About - Agenda ● ● ● ● ● ● ● ●

About Vector Scheme Vector Builder (webGun) Agnostic Event Handlers Reusing Native Code Filter Bypass Location Based Payloads Multi Reflection

About - Speaker ● ● ● ●

Security researcher @sucurisecurity Former #1 @openbugbounty Some HoF & acknowledgements XSS expert

About - Presentation ● ● ● ●

Not just another talk on XSS Use of alert(1) for didactic purposes Mainly about event based XSS Some stuff may be hard to follow

Vector Scheme

Vector Scheme ●

Regular



Example:

Vector Scheme ●

Full

extra1 extra3

Example: AAAAAAAAA

Vector Builder (webGun) http://brutelogic.com.br/webgun

Vector Builder (webGun) ● ● ● ● ● ● ● ●

Interactive cheat sheet Builder of XSS vectors/payloads More than 3k unique combinations Event or tag oriented Handlers by browser Handlers by length* Manual vector editing Test on target or default test page

* for filter bypass procedure.

Agnostic Event Handlers

Agnostic Event Handlers ● ●

Used with almost any tag Ones that work with arbitrary tags Example: alert(1) javascript:1/*click me!*/ +

Suggest Documents

Cross Site Scripting XSS

Cross Site Scripting XSS
Read more
XSS Tunnelling. Tunnelling HTTP traffic through XSS Channels. Ferruh Mavituna

XSS Tunnelling. Tunnelling HTTP traffic through XSS Channels. Ferruh Mavituna
Read more
Combinatorial XSS Attack Grammars

Combinatorial XSS Attack Grammars
Read more
12.2 Vectors. Vectors. Vectors. Vectors. Combining Vectors. Vectors and the Geometry of Space

12.2 Vectors. Vectors. Vectors. Vectors. Combining Vectors. Vectors and the Geometry of Space
Read more
ARCH STUDIO ADVANCED BUILDING DESIGN

ARCH STUDIO ADVANCED BUILDING DESIGN
Read more
ARCH STUDIO ADVANCED BUILDING DESIGN

ARCH STUDIO ADVANCED BUILDING DESIGN
Read more
Florida Building Code Advanced Course

Florida Building Code Advanced Course
Read more
Vectors

Vectors
Read more
Secure Programming. (XSS) Vulnerabities

Secure Programming. (XSS) Vulnerabities
Read more
PARTE 1. XSS indirecto

PARTE 1. XSS indirecto
Read more
XSS Cross-Site Scripting

XSS Cross-Site Scripting
Read more
Random Vectors 2.1. RANDOM VECTORS

Random Vectors 2.1. RANDOM VECTORS
Read more
CH. II ME256 STATICS Vectors VECTORS

CH. II ME256 STATICS Vectors VECTORS
Read more
L2b Vectors and functions of vectors

L2b Vectors and functions of vectors
Read more
Chapter 5 Advanced Plotting and Model Building

Chapter 5 Advanced Plotting and Model Building
Read more
XSS A Next Generation Windfarm Support Vessel

XSS A Next Generation Windfarm Support Vessel
Read more
XSS: Cross site scripting, detection and prevention

XSS: Cross site scripting, detection and prevention
Read more
or vectors

or vectors
Read more
Chapter 12. Vectors and the Geometry of Space Vectors

Chapter 12. Vectors and the Geometry of Space Vectors
Read more
Security Vulnerabilities in Web Applications. Cross-Site Scripting (XSS) Examples of Malicious Code. Cross Site Scripting (XSS)

Security Vulnerabilities in Web Applications. Cross-Site Scripting (XSS) Examples of Malicious Code. Cross Site Scripting (XSS)
Read more
Chapter 3. What is a vector. Equal Vectors. How do we draw it? Opposite Vectors. Properties of Vectors. Adding Vectors. Vectors

Chapter 3. What is a vector. Equal Vectors. How do we draw it? Opposite Vectors. Properties of Vectors. Adding Vectors. Vectors
Read more
An Introduction to XSS (Cross Site Scripting)

An Introduction to XSS (Cross Site Scripting)
Read more
Learning to Leverage XSS:: Technical Document

Learning to Leverage XSS:: Technical Document
Read more
Using XSS to bypass CSRF protection

Using XSS to bypass CSRF protection
Read more