Cookiejacking-Books Pdf

Cookiejacking
18 Jan 2020 | 74 views | 0 downloads | 23 Pages | 2.51 MB

Share Pdf : Cookiejacking

Download and Preview : Cookiejacking

Report CopyRight/DMCA Form For : Cookiejacking



Transcription

Me myself and I, The IE security zones, Overview on UI redressing attacks. Solving the jigsaw, The big picture, Rosario Valotta Cookiejacking. Me myself and I, Day time IT professional mobile TLC company Rome Italy. Night time web security fan since 2007 released a bunch of advisories and. Nduja Connection first ever cross domain XSS worm, Critical Path Memova 40 Millions users worldwide affected. WMP information gathering and intranet scanning, Blog http sites google com site tentacoloviola.
Rosario Valotta Cookiejacking, Overview on IE security zones. In IE a web site is assigned to a security zone, Sites in the same security zone behave the same way according to security privileges. 5 default zones, ocal Machine Zone, Local Intranet Zone. Trusted Sites Zone Decreasing security privileges, Internet Zone. Restrited Sites Zone, Security profiles, collection of security privileges that can be granted to each given zone.
Predefined High Medium Medium Low Low, Customized, Privileges. ctiveX plugins, Hidden by default, User authentication. Cross zone interaction, Rosario Valotta Cookiejacking. Cross Zone Interaction, By rule of thumb a web content belonging to a less privileged zone cannot. access content belonging to more privileged zone, iframe src file c test txt iframe.
Access denied, So it should be impossible for a web content to access local machine files It. Rosario Valotta Cookiejacking, Do not open that folder aka IE 0 day. iframe src file C Documents and Settings tentacoloViola Cookies. tentacoloviola google 1 txt iframe, ookies folder of the user currently logged. All kind of cookies, Secure HTTPS cookie, Any website. orks on IE 6 7 8 also protected mode, Tested on XP SP3 Vista 7.
Rosario Valotta Cookiejacking, Of coordinated discosure and other oddities. January 28th, isclosed to MSRC, IE 9 beta still vulnerable. March 14 first official release of IE9, IE9 not vulnerable. Two weeks ago, New attack vector found works also on IE9. iframe src file C Documents and Settings tentacoloViola Cookies. tentacoloviola google 1 txt iframe, iframe src http 192 168 1 2 redir pl url file C Documents and.
Settings tentacoloViola Cookies tentacoloviola google 1 txt iframe. Rosario Valotta Cookiejacking, Where do we go from here. Load arbitrary cookies, into an iframe, Same Origin Policy will block any programmatic. Find a way to access access to a local iframe content from web domains. document getElementById Access, myId contentWindow document innerHTML denied. The path of the cookie folder depends on the, Guess victim s username currently logged on. file C Documents and Settings user Cookies user site txt. Different OSs store cookies in different paths, Windows XP C Documents and Settings user Cookies.
Guess victim s OS Vista and 7 C Users user AppData Roaming. Microsoft Windows Cookies Low, Rosario Valotta Cookiejacking. Clickjacking aka UI Redressing attack, Introduced by Jeremiah Grossman and Robert Hansen in 2008. It s all about z axis, I frames overlapping, CSS opacity. opacity 0 z index 1, The basic approach, I frame properly positioned. Iframe made invisible, User clicks hijacked opacity 100 z index 0.
User interaction is needed SOP is not triggered, Advanced scenario content extraction Paul Stone 2010. ocial engineer a victim, Select content from a legitimate 3rd party page. Drag drop content in an attacker controlled element. Steal sensitive HTML contents, Links and Images are converted in URLs event dataTransfer getData Text. Rosario Valotta Cookiejacking, Advanced Clickjacking content extraction. The technique is made up of 6 steps, hird party iframe is positioned on.
the start point of the selection A, he victim starts to select content. e g text or html, hird party iframe is positioned on. the end point of the selection B, The victim stops selecting. hird party iframe is positioned, somewhere between A and B. he victim drags the selected, content into an attacker controlled.
Rosario Valotta Cookiejacking, Attacks mash up how the SOP was won. Load arbitrary cookies, into an iframe, Find a way to access. Iframe loads cookie text file 0 day, Ball image overlapped on the iframe Opacity 100. Content extraction technique, Rosario Valotta Cookiejacking. Load arbitrary cookies Missing pieces, into an iframe.
Find a way to access, Drag drop API doesn t work well across browsers. Two different dragging actions required in order to. Optimize content, s elect content, extraction, drag drop it out of the iframe. The path of the cookie folder depends on the, Guess victim s username currently logged on. file C Documents and Settings user Cookies user site txt. Different OSs store cookies in different paths, Windows XP C Documents and Settings user Cookies. Guess victim s OS Vista and 7 C Users user AppData Roaming. Microsoft Windows Cookies Low, Rosario Valotta Cookiejacking.
Drag drop APIs, cknowledged as one of the innovations introduced in HTML5. Not formally part of latest HTML5 draft, Based on Microsoft s original implementation available on IE 5. Not fully supported on IE 6 7 8, Custom implementation on http www useragentman com. orks well on all IE versions, Custom effects drag feedback image cursor shape change etc. Rosario Valotta Cookiejacking, Advanced content extraction.
Two nested iframes defined in the attacker page, Iframes sizes properly defined in order to ensure. that scrolling is needed for the cookie B content to Cookie A. completely come into view B content, E g A height 100 B height 500 goes here. You must set, the iframe, The sequence to ensure, that scrolling. ser moves the mouse over the B iframe, U is needed to. When user clicks down the mouse button the completey. onfocus event is triggered select the, The scrollspeed property of the iframe A is set to.
With the mouse button down and the iframe B, scrolling into iframe A the final effect is that the user is onfocus scrollspeed 100. selecting text as long as the mouse button is clicked. If the scrollspeed is big enough a single click time. is enough to select the whole cookie content, First drag action content selection collapsed in a. Rosario Valotta Cookiejacking, Load arbitrary cookies Missing pieces. into an iframe, Find a way to access, Optimize content. extraction, The path of the cookie folder depends on the.
Guess victim s username currently logged on, file C Documents and Settings user Cookies user site txt. Different OSs store cookies in different paths, Windows XP C Documents and Settings user Cookies. Guess victim s OS Vista and 7 C Users user AppData Roaming. Microsoft Windows Cookies Low, Rosario Valotta Cookiejacking. Rosario Valotta Cookiejacking Find a way to access cookies Access denied file C Documents and Settings user Windows XP C Documents and Settings user

Related Books

L inaptitude en 50 questions Minist re du Travail

L inaptitude en 50 questions Minist re du Travail

L inaptitude en 50 questions 2e dition Novembre 2012 1 Avant propos Depuis plus de trente ans1 la question de l aptitude ou de l inaptitude m dicale des salari s au poste de travail est au carrefour de multiples pr occupations et enjeux juridiques m dicaux organisationnels

Vague 50 Juin 2020 Sondage pour cci fr

Vague 50 Juin 2020 Sondage pour cci fr

La grande consultation des entrepreneurs Sondage OpinionWay pour CCI France La Tribune LCI Vague 50 Juin 2020 page 6 La crise sanitaire un tremplin pour le t l travail mais pas pour le flex office 12 des dirigeants d entreprisesde 1 salari ou plus d clarent qu avantla crise au moins un de leurs collaborateurs avait recours au

Mon fichier de num ration n 5 Les nombres de 0 50

Mon fichier de num ration n 5 Les nombres de 0 50

Nombres et quantit s de 0 50 1 Compl te avec le bon nombre 2 Compl te la bande num rique Compl te 30 31 32 Nombres et quantit s de 0 50 1 2 Dessine le nombre en barres 16 46 44 31 1 Relie les nombres leur place sur la droite gradu e 29 38 34 51 45 20 30 40 50

7n apps dtic mil

7n apps dtic mil

3 EX PERIM ENTA L M O D EL 43 3 1 M odel Structure 43 3 2 D am ping 45 3 3 Reverberant W ater Tank 48 4 CO M PUTA TIO N AL M O D EL 52 4 1 Finite Elem ent Program Description 52 4 2 Finite Elem ent M odel 52 4 2 1 Plate Elem ent 53 4 2 2 Beam Elem ent 54 4 2 3 Com posite M odel 55 4 2 4 Fluid Loading 56 4 3 Boundary Elem ent

The Common Core State Standards Checklist Grades 3

The Common Core State Standards Checklist Grades 3

Third Grade Common Core State Standards Third Grade Operations and Algebraic Thinking Represent and Solve problems involving Multiplication and Division 3 OA 1 Interpret products of whole numbers e g interpret 5 7 as the total number of objects in 5 groups of 7 objects each 3 OA 2 Interpret whole number quotients of whole numbers e g interpret 56 8 as the number of objects in

2019 AFCEA Intelligence Industry Days Patron Opportunities

2019 AFCEA Intelligence Industry Days Patron Opportunities

2019 AFCEA Intelligence Industry Days Patron Opportunities ODNI AIM Industry Day Foreign Naval and Maritime Threat Symposium Army Intelligence Industry Day NEW Sustaining Sponsor Program Past year sponsors receive a 15 discount Applies to both past year and future year sponsorships Must be the same event sponsored consecutive years to qualify Multiple Event Discount 2 events 20

AFCEA MID AMERICA CYBERSPACE SYMPOSIUM 2019

AFCEA MID AMERICA CYBERSPACE SYMPOSIUM 2019

AFCEA MID AMERICA CYBERSPACE SYMPOSIUM 2019 JUNE 25 26 2019 THE REGENCY CONFERENCE CENTER O FALLON ILLINOIS General Information Shipping Information Warehouse Shipping Information Exhibitor Company Name and Booth Number Heritage Trade Show Services 2322 South 7th St St Louis MO 63104 FOR CyberSpace 2019 Heritage will accept exhibit materials beginning Tuesday May 28th 2019 at

AFCEA WEST 2019 Manual

AFCEA WEST 2019 Manual

WEST 2019 San Diego Convention Center San Diego CA February 13 15 2019 phone 301 937 8600 fax 301 937 6513 e mail cswashington brede com Find more on Brede com Show Details 301 937 8600 Fax 301 937 6513 e mail cswashington brede com Office Hours 8 00 AM 4 30 PM eastern time No telephone orders accepted please complete and submit your order and credit card information to Brede

AFCEA Policy Document September 2019

AFCEA Policy Document September 2019

SEPTEMBER 2019 ii Executive Summary AFCEA Membership The continued success of AFCEA is based on maintaining a reputation for honesty integrity and ethical operations It is important to have clearly defined policy and guidelines to ensure that all people who work for and with AFCEA fully understand the requirements essential to meeting legal and ethical operational requirements In 2008

All AFCEA International Award Winners 2019

All AFCEA International Award Winners 2019

Title Microsoft Word All AFCEA International Award Winners 2019 Author semert Created Date 6 19 2019 9 17 32 AM