• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Make profit with UI-Redressing attacks.
 

Make profit with UI-Redressing attacks.

on

  • 6,106 views

By Amol Naik - October 2011 Meet

By Amol Naik - October 2011 Meet

Statistics

Views

Total Views
6,106
Views on SlideShare
2,551
Embed Views
3,555

Actions

Likes
4
Downloads
0
Comments
1

42 Embeds 3,555

http://amolnaik4.blogspot.in 1607
http://amolnaik4.blogspot.com 1186
http://null.co.in 253
http://amolnaik4.blogspot.de 81
http://amolnaik4.blogspot.ro 66
http://amolnaik4.blogspot.co.uk 42
http://amolnaik4.blogspot.fr 37
http://amolnaik4.blogspot.com.es 36
http://amolnaik4.blogspot.it 28
http://amolnaik4.blogspot.com.br 24
http://amolnaik4.blogspot.ca 23
http://amolnaik4.blogspot.com.au 16
http://amolnaik4.blogspot.se 13
http://amolnaik4.blogspot.mx 12
http://amolnaik4.blogspot.nl 11
http://amolnaik4.blogspot.ru 11
http://amolnaik4.blogspot.be 11
http://amolnaik4.blogspot.no 9
http://amolnaik4.blogspot.com.ar 8
http://amolnaik4.blogspot.kr 8
http://amolnaik4.blogspot.sg 6
http://amolnaik4.blogspot.co.nz 6
http://amolnaik4.blogspot.cz 6
http://www.linkedin.com 5
http://www.amolnaik4.blogspot.in 5
http://amolnaik4.blogspot.co.at 5
http://amolnaik4.blogspot.gr 5
http://amolnaik4.blogspot.co.il 5
http://amolnaik4.blogspot.pt 4
http://amolnaik4.blogspot.tw 4
http://amolnaik4.blogspot.jp 4
http://amolnaik4.blogspot.ie 4
http://amolnaik4.blogspot.ch 3
http://translate.googleusercontent.com 2
http://amolnaik4.blogspot.sk 2
http://amolnaik4.blogspot.dk 1
http://amolnaik4.blogspot.fi 1
http://amolnaik4.blogspot.hu 1
http://www.blogger.com 1
http://amolnaik4.blogspot.ae 1
http://amolnaik4.blogspot.com.tr 1
http://www.amolnaik4.blogspot.com 1
More...

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

11 of 1 previous next

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Make profit with UI-Redressing attacks. Make profit with UI-Redressing attacks. Presentation Transcript

    • Make Profit with UI-Redressing AMol NAik http://amolnaik4.blogspot.com
    • Agenda UI-Redressing Server-Side Mitigations How to make Profit? What to Target? Tools to Hack CSS Basics Exploitation Techniques Conclusion
    • UI-Redressing  Change User Interface in browser  Victim clicks button on attacker site  He/she actually clicking button on Vulnerable siteSource: http://www.imperva.com/resources/glossary/clickjacking_ui-redressing.html
    • UI-Redressing Mostly neglected by vendors  Why? – Need user interaction  Browser dependancy Impact:  Same as CSRF  One click – GONE!!  Bypass CSRF protections  Exploit “Self-XSS”  Cross-domain Content Extraction
    • Server-Side Mitigations X-Frame-Options  Response Header  Supported by most of the latest browsers  Two possible values to use:  DENY  The page cannot be displayed in a frame, regardless of the site attempting to do so  SAMEORIGIN  The page can only be displayed in a frame on the same origin as the page itself.
    • Server-Side Mitigations  Frame Bursting Code  JavaScript  Ensures the current frame is the most top level windowSource: https://www.owasp.org/index.php/Clickjacking
    • How to make Profit? Bug Bounties  Google  Pays from $500 to $3133.7  XSS, CSRF are prime focus  Name will be listed in Google Security Hall of Fame http://www.google.com/about/corporate/company/halloffame.html  Facebook  Starting from $500  XSS, CSRF, Open Redirect, Database Injection  Name will be listed in Facebook WhiteHat http://www.facebook.com/whitehat
    • What to Target? CSRF protected actions Pages with tokens Self-XSS
    • Tools to Hack Browser  I use Add-ons  Clickjacking Defense – Declarative Security  Created by Aditya k Sood  Check for “X-Frame-Options”  Firebug  Many uses  CSS editing On-the-Fly
    • CSS Basics Opacity  Set Transparency for the element Top, Left  Negative values shift elements out of the browser window Position  Specifies the type of positioning method used for an element  Static (default) - The box is a normal box. The top, right, bottom, and left properties do not apply.  Relative - The boxs position is calculated according to the normal flow  Absolute - The boxs position is specified with the top, right, bottom, and left properties  Fixed - The boxs position is calculated according to the absolute model, but in addition, the box is fixed.
    • Exploitation Techniques
    • Exploitation Techniques Action with Single Click  Technique: Simple Clickjacking  Ex: Remove Google Books
    • Exploitation Techniques Action with 2 user clicks  Technique: Fake Arithmetic Captcha  Ex: Remove Google Orkut Service
    • Exploitation Techniques Single CSRF token  Technique: Fake Captcha with SVG Masking  Cross-Domain Content Extraction  Ex: Facebook XHR
    • Exploitation Techniques Multiple CSRF tokens in source  Technique: Drag-n-Drop with “view-source”  Cross-Domain Content Extraction  Ex: Facebook PoC
    • Exploitation Techniques Self-XSS Exploitation  Technique: Drag-n-Drop  Ex: Google Code XSS
    • Conclusion Profit & Fame Most of the sites didn’t implement protections Firefox still supports for “view-source” scheme Attack technique depends on target Imagination is only the limitation
    • References https://www.owasp.org/index.php/Clickjacking http://ui-redressing.mniemietz.de/uiRedressing.pdf http://html5sec.org/ http://blog.kotowicz.net/2011/07/cross-domain- content-extraction-with.html http://www.blog.fortitsecurity.com/2011/09/facebook- graph-api-access-token.html http://www.w3.org/TR/CSS2/visuren.html#positioning -scheme
    • Questions http://twitter.com/amolnaik4