Hi Antisnatchor, I had a look at the port-scanner module and as far as I can see it seems to work exactly in the crude manner I was talking about (load set of ips and unsorted-list of images and loop through them). It also seems to handle the on load event only, ignoring possible info that can be obtained from timing the on-error event. I'm actually looking for ways to optimize the usage of what limited information you get from JavaScript image loading. The BeEF project as a whole is very interesting though. It's nice to see that others see the potential of this attack vector and have worked it out so nicely. Regards, Raf On Sun, 2012-04-22 at 11:28 +0100, Michele Orru wrote: > Hey, > > take a look at the port scanner we have in BeEF (http://beefproject.com). > It is combining 3 techniques (img tags, WebSockets and CORS) and merge > the results. > > You can find it under modules -> network -> portscanner > > Cheers > antisnatchor > > On Sat, Apr 21, 2012 at 3:03 PM, allodoxa <spamhole@telenet.be> wrote: > > Hello list, > > > > I was playing with the idea making a JavaScript based network scanner / > > CSRF exploiting tool. I know the idea in itself isn't very new, but I > > feel somehow it never really got the credit that it deserved and still > > believe it's a valid attack vector and with some preparation and minimal > > tweaking/configuring of the scanning engine before sending it to a > > target will yield very good results. > > Anyways; I made a quick write-up of my ideas/findings. Any feedback on > > the matter would be greatly appreciated. > > > > http://allodox.wordpress.com/2012/04/21/javascript-based-network-scanners/ > > > > Regards, > > > > Raf > > > > > > > > _______________________________________________ > > The Web Security Mailing List > > > > WebSecurity RSS Feed > > http://www.webappsec.org/rss/websecurity.rss > > > > Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA > > > > WASC on Twitter > > http://twitter.com/wascupdates > > > > websecurity@lists.webappsec.org > > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org > > >

point in case about image list optimization: (snippet from BeEf port scan module) new Array("Billion Router",":80",false,"/customized/logo.gif",318,69), new Array("Billion Router",":80",false,"/customized/logo.gif",224,55), That's 2 requests per ip you scan, while this could just as well be performed in one with height,width verification in the onload event. regards, Raf On Sun, 2012-04-22 at 14:00 +0200, allodoxa wrote: > Hi Antisnatchor, > > I had a look at the port-scanner module and as far as I can see it seems > to work exactly in the crude manner I was talking about (load set of ips > and unsorted-list of images and loop through them). > > It also seems to handle the on load event only, ignoring possible info > that can be obtained from timing the on-error event. I'm actually > looking for ways to optimize the usage of what limited information you > get from JavaScript image loading. > > The BeEF project as a whole is very interesting though. It's nice to see > that others see the potential of this attack vector and have worked it > out so nicely. > > > Regards, > > Raf > > On Sun, 2012-04-22 at 11:28 +0100, Michele Orru wrote: > > Hey, > > > > take a look at the port scanner we have in BeEF (http://beefproject.com). > > It is combining 3 techniques (img tags, WebSockets and CORS) and merge > > the results. > > > > You can find it under modules -> network -> portscanner > > > > Cheers > > antisnatchor > > > > On Sat, Apr 21, 2012 at 3:03 PM, allodoxa <spamhole@telenet.be> wrote: > > > Hello list, > > > > > > I was playing with the idea making a JavaScript based network scanner / > > > CSRF exploiting tool. I know the idea in itself isn't very new, but I > > > feel somehow it never really got the credit that it deserved and still > > > believe it's a valid attack vector and with some preparation and minimal > > > tweaking/configuring of the scanning engine before sending it to a > > > target will yield very good results. > > > Anyways; I made a quick write-up of my ideas/findings. Any feedback on > > > the matter would be greatly appreciated. > > > > > > http://allodox.wordpress.com/2012/04/21/javascript-based-network-scanners/ > > > > > > Regards, > > > > > > Raf > > > > > > > > > > > > _______________________________________________ > > > The Web Security Mailing List > > > > > > WebSecurity RSS Feed > > > http://www.webappsec.org/rss/websecurity.rss > > > > > > Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA > > > > > > WASC on Twitter > > > http://twitter.com/wascupdates > > > > > > websecurity@lists.webappsec.org > > > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org > > > > > > >

correction: I was looking at the network fingerprinting module On Sun, 2012-04-22 at 14:05 +0200, allodoxa wrote: > point in case about image list optimization: > > (snippet from BeEf port scan module) > new Array("Billion Router",":80",false,"/customized/logo.gif",318,69), > new Array("Billion Router",":80",false,"/customized/logo.gif",224,55), > > > That's 2 requests per ip you scan, while this could just as well be > performed in one with height,width verification in the onload event. > > > regards, > > Raf > > On Sun, 2012-04-22 at 14:00 +0200, allodoxa wrote: > > Hi Antisnatchor, > > > > I had a look at the port-scanner module and as far as I can see it seems > > to work exactly in the crude manner I was talking about (load set of ips > > and unsorted-list of images and loop through them). > > > > It also seems to handle the on load event only, ignoring possible info > > that can be obtained from timing the on-error event. I'm actually > > looking for ways to optimize the usage of what limited information you > > get from JavaScript image loading. > > > > The BeEF project as a whole is very interesting though. It's nice to see > > that others see the potential of this attack vector and have worked it > > out so nicely. > > > > > > Regards, > > > > Raf > > > > On Sun, 2012-04-22 at 11:28 +0100, Michele Orru wrote: > > > Hey, > > > > > > take a look at the port scanner we have in BeEF (http://beefproject.com). > > > It is combining 3 techniques (img tags, WebSockets and CORS) and merge > > > the results. > > > > > > You can find it under modules -> network -> portscanner > > > > > > Cheers > > > antisnatchor > > > > > > On Sat, Apr 21, 2012 at 3:03 PM, allodoxa <spamhole@telenet.be> wrote: > > > > Hello list, > > > > > > > > I was playing with the idea making a JavaScript based network scanner / > > > > CSRF exploiting tool. I know the idea in itself isn't very new, but I > > > > feel somehow it never really got the credit that it deserved and still > > > > believe it's a valid attack vector and with some preparation and minimal > > > > tweaking/configuring of the scanning engine before sending it to a > > > > target will yield very good results. > > > > Anyways; I made a quick write-up of my ideas/findings. Any feedback on > > > > the matter would be greatly appreciated. > > > > > > > > http://allodox.wordpress.com/2012/04/21/javascript-based-network-scanners/ > > > > > > > > Regards, > > > > > > > > Raf > > > > > > > > > > > > > > > > _______________________________________________ > > > > The Web Security Mailing List > > > > > > > > WebSecurity RSS Feed > > > > http://www.webappsec.org/rss/websecurity.rss > > > > > > > > Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA > > > > > > > > WASC on Twitter > > > > http://twitter.com/wascupdates > > > > > > > > websecurity@lists.webappsec.org > > > > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org > > > > > > > > > > > >

Hi alldoxa, It's great to see you interested in improving the state of JavaScript network scanning! I agree that the concepts you've pointed out are important to increase the speed of network scanning. I'm looking forward to seeing your pull request on GitHub. On Sun, Apr 22, 2012 at 10:08 PM, allodoxa <spamhole@telenet.be> wrote: > correction: I was looking at the network fingerprinting module > > On Sun, 2012-04-22 at 14:05 +0200, allodoxa wrote: > > point in case about image list optimization: > > > > (snippet from BeEf port scan module) > > new Array("Billion Router",":80",false,"/customized/logo.gif",318,69), > > new Array("Billion Router",":80",false,"/customized/logo.gif",224,55), > > > > > > That's 2 requests per ip you scan, while this could just as well be > > performed in one with height,width verification in the onload event. > > > > > > regards, > > > > Raf > > > > On Sun, 2012-04-22 at 14:00 +0200, allodoxa wrote: > > > Hi Antisnatchor, > > > > > > I had a look at the port-scanner module and as far as I can see it > seems > > > to work exactly in the crude manner I was talking about (load set of > ips > > > and unsorted-list of images and loop through them). > > > > > > It also seems to handle the on load event only, ignoring possible info > > > that can be obtained from timing the on-error event. I'm actually > > > looking for ways to optimize the usage of what limited information you > > > get from JavaScript image loading. > > > > > > The BeEF project as a whole is very interesting though. It's nice to > see > > > that others see the potential of this attack vector and have worked it > > > out so nicely. > > > > > > > > > Regards, > > > > > > Raf > > > > > > On Sun, 2012-04-22 at 11:28 +0100, Michele Orru wrote: > > > > Hey, > > > > > > > > take a look at the port scanner we have in BeEF ( > http://beefproject.com). > > > > It is combining 3 techniques (img tags, WebSockets and CORS) and > merge > > > > the results. > > > > > > > > You can find it under modules -> network -> portscanner > > > > > > > > Cheers > > > > antisnatchor > > > > > > > > On Sat, Apr 21, 2012 at 3:03 PM, allodoxa <spamhole@telenet.be> > wrote: > > > > > Hello list, > > > > > > > > > > I was playing with the idea making a JavaScript based network > scanner / > > > > > CSRF exploiting tool. I know the idea in itself isn't very new, > but I > > > > > feel somehow it never really got the credit that it deserved and > still > > > > > believe it's a valid attack vector and with some preparation and > minimal > > > > > tweaking/configuring of the scanning engine before sending it to a > > > > > target will yield very good results. > > > > > Anyways; I made a quick write-up of my ideas/findings. Any > feedback on > > > > > the matter would be greatly appreciated. > > > > > > > > > > > http://allodox.wordpress.com/2012/04/21/javascript-based-network-scanners/ > > > > > > > > > > Regards, > > > > > > > > > > Raf > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > The Web Security Mailing List > > > > > > > > > > WebSecurity RSS Feed > > > > > http://www.webappsec.org/rss/websecurity.rss > > > > > > > > > > Join WASC on LinkedIn > http://www.linkedin.com/e/gis/83336/4B20E4374DBA > > > > > > > > > > WASC on Twitter > > > > > http://twitter.com/wascupdates > > > > > > > > > > websecurity@lists.webappsec.org > > > > > > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > The Web Security Mailing List > > WebSecurity RSS Feed > http://www.webappsec.org/rss/websecurity.rss > > Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA > > WASC on Twitter > http://twitter.com/wascupdates > > websecurity@lists.webappsec.org > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org > -- Brendan Coles http://itsecuritysolutions.org/