PHDays 2012 fasttrack. Attacks on MS web-clients
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

PHDays 2012 fasttrack. Attacks on MS web-clients

  • 2,063 views
Uploaded on

PHDats

PHDats

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
No Downloads

Views

Total Views
2,063
On Slideshare
2,063
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
20
Comments
1
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Cookie mechanism andattacks on web-clientFast TrackPHDays, Russia, Moscow, 31/05/2012
  • 2. Author bio@d0znpp, d0znpp@onsec.ru•Have engaged in research in the field of webapplication security (since 2004);•Founder and security expert of ONseccompany (since 2009);•Now days: development of self-learningsystems for the detection of attacks on webapplications and heuristic analysis.
  • 3. Cookie mechanism. Rewriting• Global store for all cookies (http-only, secure) on domain and its subdomains• Fixed size of cookie store• Possible to rewrite httpOnly/secure cookie• Possible to rewrite high-level domain cookie from low-level (Chrome)
  • 4. Cookie mechanism. Reading• All subdomains get high-level domain cookie (since new RFC 2011, April)• waf.phdays.com can jack your phdays.com accounts ;)• XSS on subdomains common
  • 5. MS network under attack• Trusted domain• Same Origin Policy on trusted domain• Local network area• Security policy• Bypass “no-proxy for local addresses”• Profit
  • 6. MS network under attack• Iframe bypass local IP addresses• DNS named can resolve in local network• local.evil.com could resolve 192.168.0.1• ISA server make non-HTTP packets to valid-HTTP• Numbers of non-HTTP protocols + ISA = XSS
  • 7. ???PHDays, Russia, Moscow,31/05/2012@d0znppd0znpp@onsec.ru