pwning with xss: from alert() to reverse shell: defcon banglore 2013

Report

Post on 14-Dec-2014

3.552 Views

Category:

Technology

2 Downloads

Preview:

Click to see full reader

DESCRIPTION

A Glimpse through V4 of OWASP Xenotix XSS Exploit Framework

TRANSCRIPT

PWNING WITH XSS : FROM ALERT() TO REVERSE SHELL

@ajinabraham

DEFCON DCG BANGALORE

#ME• INFO SEC ENTHUSIAST

• OWASP XENOTIX XSS EXPLOIT FRAMEWORK

• FREE AND OPEN INFO SEC EDUCATION SUPPORTER (KERALA CYBER FORCE)

• RUNS A DEFCON CHAPTER DEFCON KERALA

OWASP XENOTIX XSS EXPLOIT FRAMEWORK

SCANNING MODULE

INFO GATHERING MODULE

EXPLOITATION MODULE

START

Xenotix HTTP Web Shell

Proxy

Web Server

ATTACKER

VICTIM

GET http://facebook.com

Serve the JavaScript

File

Send Request to Web Server

Send Request to

Bro

wser

HTML Resp

onse to

Server

HTML Response to ServerFacebook.com HTML page contents

FB’s Server

GET http://facebook.com

Response from FB’s Server

SO....Never Under Estimate

the Power of XSS

THANK YOU

ajinabrahamofficial

ajinabrahamofficial

ajinabraham

ajinabraham

ajin.abraham@owasp.org

top related

banglore 2010, ippta
Documents
pwning pedagogy - an ignite session
Education
defcon presentation
Documents
banglore 12 august 2014
Documents
pwning in c++ (basic)
Technology
business consultant in banglore
Business
library as publisher: pwning open access
Education
courageous leadership @tesco ( banglore)
Education
hotel ashok banglore, final
Documents
banglore metro
Documents
defcon - cdn.cloudflare.steamstatic.com
Documents
transit in banglore
Documents
public place in banglore
Documents
banglore - biocoinworld.com › documents › banglore...
Documents
plctraining banglore
Education
pony pwning djangocon 2010
Technology
defcon - manual
Documents
pwning intranets with html5
Documents
firms in banglore
Documents
3bhk flats in electronic city banglore,3bhk apartments in...
Real Estate