XSS Lightning talk

Introduction to Cross Site Scripting Johnny Vestergaard <[email protected]> http://dk.linkedin.com/in/johnnykv Lightning
talk held at OSAA March 2012

XSS - Cross Site Scripting Worst name ever?? • Think
of it as "JavaScript Injection". ◦ (and ignore the haters) • Injection of malicious JavaScript on a site with the intend of client side execution. • Three types: Reflected, Persistent and DOM based. • We will focus on Persistent XSS tonight.

Safe website

Vulnerable website

Hey - it's just client side!

Having a client side party • Possibilities ◦ Host scanning
of client-side LAN ◦ Session takeover (cookie stealing) ◦ Eavesdropping ▪ Keylogging ▪ Events ◦ Complete control of the page • Limitations ◦ Confined to the browser

Demo •Keylogger using metasploit •Cookie stealer with python backend

Demo #1 - Keylogger with metasploit

Demo #2 - The Cookie Monster https://gist.github.com/1968842

Do it yourself Whitehat style • Backtrack 5 ◦ http://www.backtrack-linux.org/
• OWASP Broken Web Applications Project ◦ VMware image with broken web apps ◦ http://bit.ly/yNsF9K • Cookie Monster ◦ http://gist.github.com/1968842 • Slides ◦ http://www.slideshare.net/JohnnyKV/

XSS Lightning talk

XSS Lightning talk

Johnny Vestergaard

More Decks by Johnny Vestergaard

Other Decks in Technology

Featured

Transcript

Introduction to Cross Site Scripting Johnny Vestergaard <[email protected]> http://dk.linkedin.com/in/johnnykv Lightning

XSS - Cross Site Scripting Worst name ever?? • Think

Safe website

Vulnerable website

Hey - it's just client side!

Having a client side party • Possibilities ◦ Host scanning

Demo •Keylogger using metasploit •Cookie stealer with python backend

Demo #1 - Keylogger with metasploit

Demo #2 - The Cookie Monster https://gist.github.com/1968842

Do it yourself Whitehat style • Backtrack 5 ◦ http://www.backtrack-linux.org/