Your SlideShare is downloading. ×
Blind XSS
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Blind XSS

360

Published on

Adam Baldwin is the Team Lead at Lift Security, a web application security consultancy and the Chief Security Officer at &yet (andyet.net). He at one time possessed a GCIA and CISSP. Adam is a highly …

Adam Baldwin is the Team Lead at Lift Security, a web application security consultancy and the Chief Security Officer at &yet (andyet.net). He at one time possessed a GCIA and CISSP. Adam is a highly knowledegable information security expert having created the DVCS pillaging toolkit, helmet: the security header middleware for node.js, a minor contributor to the W3AF project, and has previously spoken at DEF CON, Toorcon, Toorcamp, Djangcon, and JSconf.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
360
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. BLIND XSS @adam_baldwin Tuesday, February 26, 13
  • 2. Adam Baldwin • Chief Security Officer at &yet • Security Lead for ^Lift Security • Also @liftsecurity & @nodesecurity Tuesday, February 26, 13
  • 3. • What is it? • Using it in penetration tests • Challenges • xss.io LET’S TALK BLIND XSS Tuesday, February 26, 13
  • 4. BLIND XSS WTF IS Tuesday, February 26, 13
  • 5. • Reflected • Persistent (stored) • DOM XSS IS: Tuesday, February 26, 13
  • 6. • Reflected • Persistent (stored) • DOM BLIND XSS IS: Tuesday, February 26, 13
  • 7. IT’S A DIFFERENT CHALLENGE. Tuesday, February 26, 13
  • 8. IT’S NOT LIKE BLIND SQLI WHERE YOU GET IMMEDIATE FEEDBACK. Tuesday, February 26, 13
  • 9. YOU HAVE NO IDEA WHERE YOUR PAYLOAD’S GOING TO END UP. Tuesday, February 26, 13
  • 10. YOU DON’T EVEN KNOW WHETHER YOUR PAYLOAD WILL EXECUTE (OR WHEN!) Tuesday, February 26, 13
  • 11. YOU MUST THINK AHEAD ABOUT WHAT YOU WANT TO ACCOMPLISH. Tuesday, February 26, 13
  • 12. ... AND YOU HAVE TO BE LISTENING. Tuesday, February 26, 13
  • 13. FOR EXAMPLE... From a penetration test Tuesday, February 26, 13
  • 14. Tuesday, February 26, 13
  • 15. Tuesday, February 26, 13
  • 16. Tuesday, February 26, 13
  • 17. Tuesday, February 26, 13
  • 18. Tuesday, February 26, 13
  • 19. Tuesday, February 26, 13
  • 20. Tuesday, February 26, 13
  • 21. Tuesday, February 26, 13
  • 22. Tuesday, February 26, 13
  • 23. Tuesday, February 26, 13
  • 24. Tuesday, February 26, 13
  • 25. Tuesday, February 26, 13
  • 26. Tuesday, February 26, 13
  • 27. Tuesday, February 26, 13
  • 28. Tuesday, February 26, 13
  • 29. Tuesday, February 26, 13
  • 30. Tuesday, February 26, 13
  • 31. Tuesday, February 26, 13
  • 32. Tuesday, February 26, 13
  • 33. Tuesday, February 26, 13
  • 34. Tuesday, February 26, 13
  • 35. Tuesday, February 26, 13
  • 36. Tuesday, February 26, 13
  • 37. Tuesday, February 26, 13
  • 38. Tuesday, February 26, 13
  • 39. Tuesday, February 26, 13
  • 40. 1.Carefully choose the right payload for the right situation. STEPS TO A SUCCESSFUL BLIND XSS EXPLOIT: Tuesday, February 26, 13
  • 41. 1.Carefully choose the right payload for the right situation. 2.Get lucky! STEPS TO A SUCCESSFUL BLIND XSS EXPLOIT: Tuesday, February 26, 13
  • 42. • Lots of payloads for various situations. • ...but doing everything would be overkill. HTML5SEC.ORG Tuesday, February 26, 13
  • 43. PLAN YOUR PAYLOAD. HOW WILL THE APP USE YOUR DATA? Tuesday, February 26, 13
  • 44. • log viewers • exception handlers • customer service apps (chats, tickets, forums, etc) • anything moderated NICE TARGETS: Tuesday, February 26, 13
  • 45. Tuesday, February 26, 13
  • 46. BLIND XSS MANAGEMENT Tuesday, February 26, 13
  • 47. XSS.IO CAN HELP! Tuesday, February 26, 13
  • 48. SIZE MATTERS... RIGHT? • Sometimes you need all the character space you can get. • No short-url GUID • xss.io uses custom referrer- based redirects instead Tuesday, February 26, 13
  • 49. EXPLOIT CREATOR • Snippets for common tasks • Quickly create and reference dynamic payloads Tuesday, February 26, 13
  • 50. DEAD DROP BLIND XSS API AND MANAGER Tuesday, February 26, 13
  • 51. (XSS.IO DEMO) Tuesday, February 26, 13
  • 52. </PRESENTATION> @adam_baldwin | @LiftSecurity Tuesday, February 26, 13

×