Hello list,
I was playing with the idea making a JavaScript based network scanner /
CSRF exploiting tool. I know the idea in itself isn't very new, but I
feel somehow it never really got the credit that it deserved and still
believe it's a valid attack vector and with some preparation and minimal
tweaking/configuring of the scanning engine before sending it to a
target will yield very good results.
Anyways; I made a quick write-up of my ideas/findings. Any feedback on
the matter would be greatly appreciated.
http://allodox.wordpress.com/2012/04/21/javascript-based-network-scanners/
Regards,
Raf
Hey,
take a look at the port scanner we have in BeEF (http://beefproject.com).
It is combining 3 techniques (img tags, WebSockets and CORS) and merge
the results.
You can find it under modules -> network -> portscanner
Cheers
antisnatchor
On Sat, Apr 21, 2012 at 3:03 PM, allodoxa spamhole@telenet.be wrote:
Hello list,
I was playing with the idea making a JavaScript based network scanner /
CSRF exploiting tool. I know the idea in itself isn't very new, but I
feel somehow it never really got the credit that it deserved and still
believe it's a valid attack vector and with some preparation and minimal
tweaking/configuring of the scanning engine before sending it to a
target will yield very good results.
Anyways; I made a quick write-up of my ideas/findings. Any feedback on
the matter would be greatly appreciated.
http://allodox.wordpress.com/2012/04/21/javascript-based-network-scanners/
Regards,
Raf
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
--
/antisnatchor