Introduction to Cross Site Scripting
Johnny Vestergaard <[email protected]>http://dk.linkedin.com/in/johnnykv
Lightning talk held at OSAA
March 2012
XSS - Cross Site Scripting Worst name ever??
● Think of it as "JavaScript Injection".○ (and ignore the haters)
● Injection of malicious JavaScript on a site with the intend of client side execution.
● Three types: Reflected, Persistent and DOM based.● We will focus on Persistent XSS tonight.
Safe website
Vulnerable website
Hey - it's just client side!
Having a client side party
●Possibilities○Host scanning of client-side LAN○ Session takeover (cookie stealing)○Eavesdropping
■Keylogging■ Events
○Complete control of the page● Limitations
○Confined to the browser
Demo
●Keylogger using metasploit
●Cookie stealer with python backend
Demo #1 - Keylogger with metasploit
Demo #2 - The Cookie Monster
https://gist.github.com/1968842
Do it yourselfWhitehat style
● Backtrack 5○ http://www.backtrack-linux.org/
●OWASP Broken Web Applications Project○ VMware image with broken web apps○ http://bit.ly/yNsF9K
●Cookie Monster○ http://gist.github.com/1968842
● Slides○ http://www.slideshare.net/JohnnyKV/