Hi Antisnatchor,
I had a look at the port-scanner module and as far as I can see it seems
to work exactly in the crude manner I was talking about (load set of ips
and unsorted-list of images and loop through them).
It also seems to handle the on load event only, ignoring possible info
that can be obtained from timing the on-error event. I'm actually
looking for ways to optimize the usage of what limited information you
get from JavaScript image loading.
The BeEF project as a whole is very interesting though. It's nice to see
that others see the potential of this attack vector and have worked it
out so nicely.
Regards,
Raf
On Sun, 2012-04-22 at 11:28 +0100, Michele Orru wrote:
Hey,
take a look at the port scanner we have in BeEF (http://beefproject.com).
It is combining 3 techniques (img tags, WebSockets and CORS) and merge
the results.
You can find it under modules -> network -> portscanner
Cheers
antisnatchor
On Sat, Apr 21, 2012 at 3:03 PM, allodoxa spamhole@telenet.be wrote:
Hello list,
I was playing with the idea making a JavaScript based network scanner /
CSRF exploiting tool. I know the idea in itself isn't very new, but I
feel somehow it never really got the credit that it deserved and still
believe it's a valid attack vector and with some preparation and minimal
tweaking/configuring of the scanning engine before sending it to a
target will yield very good results.
Anyways; I made a quick write-up of my ideas/findings. Any feedback on
the matter would be greatly appreciated.
http://allodox.wordpress.com/2012/04/21/javascript-based-network-scanners/
Regards,
Raf
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
point in case about image list optimization:
(snippet from BeEf port scan module)
new Array("Billion Router",":80",false,"/customized/logo.gif",318,69),
new Array("Billion Router",":80",false,"/customized/logo.gif",224,55),
That's 2 requests per ip you scan, while this could just as well be
performed in one with height,width verification in the onload event.
regards,
Raf
On Sun, 2012-04-22 at 14:00 +0200, allodoxa wrote:
Hi Antisnatchor,
I had a look at the port-scanner module and as far as I can see it seems
to work exactly in the crude manner I was talking about (load set of ips
and unsorted-list of images and loop through them).
It also seems to handle the on load event only, ignoring possible info
that can be obtained from timing the on-error event. I'm actually
looking for ways to optimize the usage of what limited information you
get from JavaScript image loading.
The BeEF project as a whole is very interesting though. It's nice to see
that others see the potential of this attack vector and have worked it
out so nicely.
Regards,
Raf
On Sun, 2012-04-22 at 11:28 +0100, Michele Orru wrote:
Hey,
take a look at the port scanner we have in BeEF (http://beefproject.com).
It is combining 3 techniques (img tags, WebSockets and CORS) and merge
the results.
You can find it under modules -> network -> portscanner
Cheers
antisnatchor
On Sat, Apr 21, 2012 at 3:03 PM, allodoxa spamhole@telenet.be wrote:
Hello list,
I was playing with the idea making a JavaScript based network scanner /
CSRF exploiting tool. I know the idea in itself isn't very new, but I
feel somehow it never really got the credit that it deserved and still
believe it's a valid attack vector and with some preparation and minimal
tweaking/configuring of the scanning engine before sending it to a
target will yield very good results.
Anyways; I made a quick write-up of my ideas/findings. Any feedback on
the matter would be greatly appreciated.
http://allodox.wordpress.com/2012/04/21/javascript-based-network-scanners/
Regards,
Raf
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
correction: I was looking at the network fingerprinting module
On Sun, 2012-04-22 at 14:05 +0200, allodoxa wrote:
point in case about image list optimization:
(snippet from BeEf port scan module)
new Array("Billion Router",":80",false,"/customized/logo.gif",318,69),
new Array("Billion Router",":80",false,"/customized/logo.gif",224,55),
That's 2 requests per ip you scan, while this could just as well be
performed in one with height,width verification in the onload event.
regards,
Raf
On Sun, 2012-04-22 at 14:00 +0200, allodoxa wrote:
Hi Antisnatchor,
I had a look at the port-scanner module and as far as I can see it seems
to work exactly in the crude manner I was talking about (load set of ips
and unsorted-list of images and loop through them).
It also seems to handle the on load event only, ignoring possible info
that can be obtained from timing the on-error event. I'm actually
looking for ways to optimize the usage of what limited information you
get from JavaScript image loading.
The BeEF project as a whole is very interesting though. It's nice to see
that others see the potential of this attack vector and have worked it
out so nicely.
Regards,
Raf
On Sun, 2012-04-22 at 11:28 +0100, Michele Orru wrote:
Hey,
take a look at the port scanner we have in BeEF (http://beefproject.com).
It is combining 3 techniques (img tags, WebSockets and CORS) and merge
the results.
You can find it under modules -> network -> portscanner
Cheers
antisnatchor
On Sat, Apr 21, 2012 at 3:03 PM, allodoxa spamhole@telenet.be wrote:
Hello list,
I was playing with the idea making a JavaScript based network scanner /
CSRF exploiting tool. I know the idea in itself isn't very new, but I
feel somehow it never really got the credit that it deserved and still
believe it's a valid attack vector and with some preparation and minimal
tweaking/configuring of the scanning engine before sending it to a
target will yield very good results.
Anyways; I made a quick write-up of my ideas/findings. Any feedback on
the matter would be greatly appreciated.
http://allodox.wordpress.com/2012/04/21/javascript-based-network-scanners/
Regards,
Raf
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
Hi alldoxa,
It's great to see you interested in improving the state of JavaScript
network scanning! I agree that the concepts you've pointed out are
important to increase the speed of network scanning. I'm looking forward to
seeing your pull request on GitHub.
On Sun, Apr 22, 2012 at 10:08 PM, allodoxa spamhole@telenet.be wrote:
correction: I was looking at the network fingerprinting module
On Sun, 2012-04-22 at 14:05 +0200, allodoxa wrote:
point in case about image list optimization:
(snippet from BeEf port scan module)
new Array("Billion Router",":80",false,"/customized/logo.gif",318,69),
new Array("Billion Router",":80",false,"/customized/logo.gif",224,55),
That's 2 requests per ip you scan, while this could just as well be
performed in one with height,width verification in the onload event.
regards,
Raf
On Sun, 2012-04-22 at 14:00 +0200, allodoxa wrote:
Hi Antisnatchor,
I had a look at the port-scanner module and as far as I can see it
seems
to work exactly in the crude manner I was talking about (load set of
ips
and unsorted-list of images and loop through them).
It also seems to handle the on load event only, ignoring possible info
that can be obtained from timing the on-error event. I'm actually
looking for ways to optimize the usage of what limited information you
get from JavaScript image loading.
The BeEF project as a whole is very interesting though. It's nice to
see
that others see the potential of this attack vector and have worked it
out so nicely.
Regards,
Raf
On Sun, 2012-04-22 at 11:28 +0100, Michele Orru wrote:
Hey,
take a look at the port scanner we have in BeEF (
It is combining 3 techniques (img tags, WebSockets and CORS) and
merge
the results.
You can find it under modules -> network -> portscanner
Cheers
antisnatchor
On Sat, Apr 21, 2012 at 3:03 PM, allodoxa spamhole@telenet.be
wrote:
Hello list,
I was playing with the idea making a JavaScript based network
scanner /
CSRF exploiting tool. I know the idea in itself isn't very new,
but I
feel somehow it never really got the credit that it deserved and
still
believe it's a valid attack vector and with some preparation and
minimal
tweaking/configuring of the scanning engine before sending it to a
target will yield very good results.
Anyways; I made a quick write-up of my ideas/findings. Any
feedback on
the matter would be greatly appreciated.
Regards,
Raf
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
--
Brendan Coles
http://itsecuritysolutions.org/