• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Blind XSS
 

Blind XSS

on

  • 396 views

Adam Baldwin is the Team Lead at Lift Security, a web application security consultancy and the Chief Security Officer at &yet (andyet.net). He at one time possessed a GCIA and CISSP. Adam is a highly ...

Adam Baldwin is the Team Lead at Lift Security, a web application security consultancy and the Chief Security Officer at &yet (andyet.net). He at one time possessed a GCIA and CISSP. Adam is a highly knowledegable information security expert having created the DVCS pillaging toolkit, helmet: the security header middleware for node.js, a minor contributor to the W3AF project, and has previously spoken at DEF CON, Toorcon, Toorcamp, Djangcon, and JSconf.

Statistics

Views

Total Views
396
Views on SlideShare
395
Embed Views
1

Actions

Likes
0
Downloads
10
Comments
0

1 Embed 1

https://twitter.com 1

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Blind XSS Blind XSS Presentation Transcript

    • BLIND XSS @adam_baldwin Tuesday, February 26, 13
    • Adam Baldwin • Chief Security Officer at &yet • Security Lead for ^Lift Security • Also @liftsecurity & @nodesecurity Tuesday, February 26, 13
    • • What is it? • Using it in penetration tests • Challenges • xss.io LET’S TALK BLIND XSS Tuesday, February 26, 13
    • BLIND XSS WTF IS Tuesday, February 26, 13
    • • Reflected • Persistent (stored) • DOM XSS IS: Tuesday, February 26, 13
    • • Reflected • Persistent (stored) • DOM BLIND XSS IS: Tuesday, February 26, 13
    • IT’S A DIFFERENT CHALLENGE. Tuesday, February 26, 13
    • IT’S NOT LIKE BLIND SQLI WHERE YOU GET IMMEDIATE FEEDBACK. Tuesday, February 26, 13
    • YOU HAVE NO IDEA WHERE YOUR PAYLOAD’S GOING TO END UP. Tuesday, February 26, 13
    • YOU DON’T EVEN KNOW WHETHER YOUR PAYLOAD WILL EXECUTE (OR WHEN!) Tuesday, February 26, 13
    • YOU MUST THINK AHEAD ABOUT WHAT YOU WANT TO ACCOMPLISH. Tuesday, February 26, 13
    • ... AND YOU HAVE TO BE LISTENING. Tuesday, February 26, 13
    • FOR EXAMPLE... From a penetration test Tuesday, February 26, 13
    • Tuesday, February 26, 13
    • Tuesday, February 26, 13
    • Tuesday, February 26, 13
    • Tuesday, February 26, 13
    • Tuesday, February 26, 13
    • Tuesday, February 26, 13
    • Tuesday, February 26, 13
    • Tuesday, February 26, 13
    • Tuesday, February 26, 13
    • Tuesday, February 26, 13
    • Tuesday, February 26, 13
    • Tuesday, February 26, 13
    • Tuesday, February 26, 13
    • Tuesday, February 26, 13
    • Tuesday, February 26, 13
    • Tuesday, February 26, 13
    • Tuesday, February 26, 13
    • Tuesday, February 26, 13
    • Tuesday, February 26, 13
    • Tuesday, February 26, 13
    • Tuesday, February 26, 13
    • Tuesday, February 26, 13
    • Tuesday, February 26, 13
    • Tuesday, February 26, 13
    • Tuesday, February 26, 13
    • Tuesday, February 26, 13
    • 1.Carefully choose the right payload for the right situation. STEPS TO A SUCCESSFUL BLIND XSS EXPLOIT: Tuesday, February 26, 13
    • 1.Carefully choose the right payload for the right situation. 2.Get lucky! STEPS TO A SUCCESSFUL BLIND XSS EXPLOIT: Tuesday, February 26, 13
    • • Lots of payloads for various situations. • ...but doing everything would be overkill. HTML5SEC.ORG Tuesday, February 26, 13
    • PLAN YOUR PAYLOAD. HOW WILL THE APP USE YOUR DATA? Tuesday, February 26, 13
    • • log viewers • exception handlers • customer service apps (chats, tickets, forums, etc) • anything moderated NICE TARGETS: Tuesday, February 26, 13
    • Tuesday, February 26, 13
    • BLIND XSS MANAGEMENT Tuesday, February 26, 13
    • XSS.IO CAN HELP! Tuesday, February 26, 13
    • SIZE MATTERS... RIGHT? • Sometimes you need all the character space you can get. • No short-url GUID • xss.io uses custom referrer- based redirects instead Tuesday, February 26, 13
    • EXPLOIT CREATOR • Snippets for common tasks • Quickly create and reference dynamic payloads Tuesday, February 26, 13
    • DEAD DROP BLIND XSS API AND MANAGER Tuesday, February 26, 13
    • (XSS.IO DEMO) Tuesday, February 26, 13
    • </PRESENTATION> @adam_baldwin | @LiftSecurity Tuesday, February 26, 13