dr. evil’s guide to web 2 - thotcon · crotchety old web html v1.0 synchronous “web pages”...
TRANSCRIPT
![Page 1: Dr. Evil’s Guide to Web 2 - THOTCON · Crotchety Old Web HTML v1.0 Synchronous “web pages” Simple txt editor HTML + JavaScript Browser renders HTML Web 2.0 Sexy HTML v5.0 Asynchronous](https://reader033.vdocuments.site/reader033/viewer/2022042812/5fafdaee88f158025828ac07/html5/thumbnails/1.jpg)
1 May 26, 10
Dr. Evil’s Guide to Web 2.0
![Page 2: Dr. Evil’s Guide to Web 2 - THOTCON · Crotchety Old Web HTML v1.0 Synchronous “web pages” Simple txt editor HTML + JavaScript Browser renders HTML Web 2.0 Sexy HTML v5.0 Asynchronous](https://reader033.vdocuments.site/reader033/viewer/2022042812/5fafdaee88f158025828ac07/html5/thumbnails/2.jpg)
Talk 4-1-1
May 26, 10
![Page 3: Dr. Evil’s Guide to Web 2 - THOTCON · Crotchety Old Web HTML v1.0 Synchronous “web pages” Simple txt editor HTML + JavaScript Browser renders HTML Web 2.0 Sexy HTML v5.0 Asynchronous](https://reader033.vdocuments.site/reader033/viewer/2022042812/5fafdaee88f158025828ac07/html5/thumbnails/3.jpg)
MANDATORY BACKGROUND Let’s do this…
May 26, 10
![Page 4: Dr. Evil’s Guide to Web 2 - THOTCON · Crotchety Old Web HTML v1.0 Synchronous “web pages” Simple txt editor HTML + JavaScript Browser renders HTML Web 2.0 Sexy HTML v5.0 Asynchronous](https://reader033.vdocuments.site/reader033/viewer/2022042812/5fafdaee88f158025828ac07/html5/thumbnails/4.jpg)
OMG WTF is Web 2.0?
May 26, 10
![Page 5: Dr. Evil’s Guide to Web 2 - THOTCON · Crotchety Old Web HTML v1.0 Synchronous “web pages” Simple txt editor HTML + JavaScript Browser renders HTML Web 2.0 Sexy HTML v5.0 Asynchronous](https://reader033.vdocuments.site/reader033/viewer/2022042812/5fafdaee88f158025828ac07/html5/thumbnails/5.jpg)
BASIC COMPONENTS <script>alert(‘Part 1’)</script>
May 26, 10
![Page 6: Dr. Evil’s Guide to Web 2 - THOTCON · Crotchety Old Web HTML v1.0 Synchronous “web pages” Simple txt editor HTML + JavaScript Browser renders HTML Web 2.0 Sexy HTML v5.0 Asynchronous](https://reader033.vdocuments.site/reader033/viewer/2022042812/5fafdaee88f158025828ac07/html5/thumbnails/6.jpg)
I built a castle…
Crotchety Old Web HTML v1.0
Synchronous “web pages” Simple txt editor HTML + JavaScript Browser renders HTML
Web 2.0 Sexy HTML v5.0
Asynchronous “Web applications” 4 DVDs of Visual Studio HTML + AJAX, JavaScript,
Flash, Silverlight …
Plug-ins galore
May 26, 10
![Page 7: Dr. Evil’s Guide to Web 2 - THOTCON · Crotchety Old Web HTML v1.0 Synchronous “web pages” Simple txt editor HTML + JavaScript Browser renders HTML Web 2.0 Sexy HTML v5.0 Asynchronous](https://reader033.vdocuments.site/reader033/viewer/2022042812/5fafdaee88f158025828ac07/html5/thumbnails/7.jpg)
What to Exploit?
Exploit interoperability Data exchange
Exploit the user Users are the weak link
Exploit the browser? Many other options…
May 26, 10
![Page 8: Dr. Evil’s Guide to Web 2 - THOTCON · Crotchety Old Web HTML v1.0 Synchronous “web pages” Simple txt editor HTML + JavaScript Browser renders HTML Web 2.0 Sexy HTML v5.0 Asynchronous](https://reader033.vdocuments.site/reader033/viewer/2022042812/5fafdaee88f158025828ac07/html5/thumbnails/8.jpg)
SO MANY TARGETS <script>alert(‘Part 2’)</script>
May 26, 10
![Page 9: Dr. Evil’s Guide to Web 2 - THOTCON · Crotchety Old Web HTML v1.0 Synchronous “web pages” Simple txt editor HTML + JavaScript Browser renders HTML Web 2.0 Sexy HTML v5.0 Asynchronous](https://reader033.vdocuments.site/reader033/viewer/2022042812/5fafdaee88f158025828ac07/html5/thumbnails/9.jpg)
Client-side Objects
Why
• Profit? • Free stuff? • It’s easy? • Hard to get caught?
How • Analysis tools − Client-side decompiler* − Proxy − Text editor − Hex editor
• Your brain • Patience
May 26, 10
![Page 10: Dr. Evil’s Guide to Web 2 - THOTCON · Crotchety Old Web HTML v1.0 Synchronous “web pages” Simple txt editor HTML + JavaScript Browser renders HTML Web 2.0 Sexy HTML v5.0 Asynchronous](https://reader033.vdocuments.site/reader033/viewer/2022042812/5fafdaee88f158025828ac07/html5/thumbnails/10.jpg)
Social Media
Why
• Social media exposed APIs are ripe for exploitation
• Profit from people • People are sheep (trust) • Click-happy end users
How
• Exploit trust issues in social interactions
• RTF [api]M – plug-ins for social platforms
• Social engineering • Legal (but shady) use of
legitimate platforms
May 26, 10
![Page 11: Dr. Evil’s Guide to Web 2 - THOTCON · Crotchety Old Web HTML v1.0 Synchronous “web pages” Simple txt editor HTML + JavaScript Browser renders HTML Web 2.0 Sexy HTML v5.0 Asynchronous](https://reader033.vdocuments.site/reader033/viewer/2022042812/5fafdaee88f158025828ac07/html5/thumbnails/11.jpg)
HTML v5 Hotness
Why
• HTMLv5 is a massive standard
• Most developers haven’t read >25%
• So many cool new toys to play with
How
• Legal code malicious purpose (ClickJacking?!)
• Stuff XSS into EXIF tags, used with the FileAPI operators in HTMLv5 (Photoshop online)
• Asynchronous application logic exploitation
May 26, 10
![Page 12: Dr. Evil’s Guide to Web 2 - THOTCON · Crotchety Old Web HTML v1.0 Synchronous “web pages” Simple txt editor HTML + JavaScript Browser renders HTML Web 2.0 Sexy HTML v5.0 Asynchronous](https://reader033.vdocuments.site/reader033/viewer/2022042812/5fafdaee88f158025828ac07/html5/thumbnails/12.jpg)
HAVING FUN <script>alert(‘Part 3’)</script>
May 26, 10
![Page 13: Dr. Evil’s Guide to Web 2 - THOTCON · Crotchety Old Web HTML v1.0 Synchronous “web pages” Simple txt editor HTML + JavaScript Browser renders HTML Web 2.0 Sexy HTML v5.0 Asynchronous](https://reader033.vdocuments.site/reader033/viewer/2022042812/5fafdaee88f158025828ac07/html5/thumbnails/13.jpg)
Game #1
• Identify a game • “Open it up” • Find the logic
• String constructor (+3) • Show complete POST/
GET to “win” (+5)
May 26, 10
![Page 14: Dr. Evil’s Guide to Web 2 - THOTCON · Crotchety Old Web HTML v1.0 Synchronous “web pages” Simple txt editor HTML + JavaScript Browser renders HTML Web 2.0 Sexy HTML v5.0 Asynchronous](https://reader033.vdocuments.site/reader033/viewer/2022042812/5fafdaee88f158025828ac07/html5/thumbnails/14.jpg)
Game #2
• Find a login mechanism • “Open it up” • Identify authN logic
• Hidden URLs (+3) • Bypass login (+5)
May 26, 10
![Page 15: Dr. Evil’s Guide to Web 2 - THOTCON · Crotchety Old Web HTML v1.0 Synchronous “web pages” Simple txt editor HTML + JavaScript Browser renders HTML Web 2.0 Sexy HTML v5.0 Asynchronous](https://reader033.vdocuments.site/reader033/viewer/2022042812/5fafdaee88f158025828ac07/html5/thumbnails/15.jpg)
Game #3
• Find a database access point
• “Open it up”
• Identify DBConn str (+3) • Connect to DB (+10)
May 26, 10
![Page 16: Dr. Evil’s Guide to Web 2 - THOTCON · Crotchety Old Web HTML v1.0 Synchronous “web pages” Simple txt editor HTML + JavaScript Browser renders HTML Web 2.0 Sexy HTML v5.0 Asynchronous](https://reader033.vdocuments.site/reader033/viewer/2022042812/5fafdaee88f158025828ac07/html5/thumbnails/16.jpg)
How did you do that!?
• wget (win32)
May 26, 10