Web 2.0 Cross Site Scripting (XSS) Server & Client Side Attacks and Mitigation

On October 05,2009, In Technical Articles, By Vaibhav

ABSTRACT

Internet & Internet based web applications are becoming popular to perform various on-line tasks and so are web-based vulnerabilities. Web 2.0 is today’ new mantra and much of the new stuff coming up is based on recent advances in Web Technologies viz. XHTML, JavaScript, AJAX, SOAP, Web Services. All these technologies are fast becoming an integral part of new generation Web applications known as Web 2.0 applications. This evolution has led to new attack vectors coming into existence around these new technologies. To combat these new threats one needs to look at different strategies as well. In this paper we shall look at different approaches and tools to improve security at both, the server as well as browser ends. Web applications often make use of JavaScript code that is embedded into web pages to support dynamic client-side behavior. This script code is executed in the context of the user’s web browser. A Virtual Machine running within the browser limits the program to access only certain resources which are most associated with the domain. However if the user mistakenly downloads a compromised or malicious JavaScript code form another website then this code is granted full access to resources such as cookies. Such attacks are called cross-site scripting (XSS) attacks. [1]

This paper presents a brief explanation of various kinds of attacks like XML poisoning, RSS/ATOM Injection, SOAP Parameter Manipulation, XPATH injection and attacks exploiting "client-side" AJAX frameworks. This paper also suggests various ways to mitigate such attacks on Client & Server. Additionally this paper suggests secure coding practices and tips which help avoid majority of these attacks.

Click to read the rest of the post ...

 
0 Comments
Leave A Response

Send Email using Gmail SMTP

On September 27,2009, In .NET, By Vaibhav

In one of my Application called Exxecutive (secret !) I wanted to send email to my clients using my Gmail Account. I wanted to make sure Gmail keeps a copy of my sent emails. If I use SMTP provided by Microsoft IIS, Gmail doesn’t come in the picture. After doing some research I wrote a function that will use Gmail’s SMTP server and send email and also keep a copy in the send mail folder. This function uses .NET’s Mail Namespace.

It is important to note here that Gmail uses port 587 (a new preferred port for mail submission) and SSL

Here is the VB.net code:

    Function SendEmail(ByVal inTo As String, ByVal inSubject As String, ByVal inBody As String)
        Try
            Dim MySmtpClient As New System.Net.Mail.SmtpClient()
            Dim MyCredentials As New System.Net.NetworkCredential
 
            MyCredentials.UserName = "name@gmail.com"
            MyCredentials.Password = "***your password here****"
 
            MySmtpClient.Host = "smtp.gmail.com"
            MySmtpClient.Port = 587 ' 25
            MySmtpClient.Credentials = MyCredentials
            MySmtpClient.EnableSsl = True
            Dim ToMailAddress As New MailAddress(inTo)
            Dim FromMailAddress As New MailAddress(MyEmailAddress, MyEmailDisplayName)
            Dim MyMailMessage As New System.Net.Mail.MailMessage(FromMailAddress, ToMailAddress)
 
            MyMailMessage.Subject = inSubject
            MyMailMessage.Body = inBody
            MyMailMessage.IsBodyHtml = True
            MySmtpClient.Send(MyMailMessage)
            Return True
        Catch ex As Exception
            MsgBox(ex.ToString)
            Return False
        End Try
    End Function
 
1 Comments
Leave A Response

Move blog to subfolder or redirect old url to new url and still keep old url working to preserve search engine listing

On September 17,2009, In Technical Articles, By Vaibhav

I was planning to move my wordpress blog to a new subfolder instead of the current root folder. I had to go through a long process. I did some research and found a few wordpress plugins that will do the job for me but my situation was a little different. I wanted to move all wordpress php files to a subfolder like /blog and also the main blog permalinks.

I read on google webmasters tools website that if you put a permanent redirect (HTTP 301) for your old indexed URL the google bot will update its index with the new URL gradually. Since I just started writing blog I had only about 21 URLs indexed in google but I still dont want to lose those !

Click to read the rest of the post ...

 
0 Comments
Leave A Response

Convert HTML to well-formed XML document (Clean HTML) with SgmlReader or php_tidy

On September 16,2009, In .NET, PHP, By Vaibhav

A few years ago while working on a web-scraping tool in .NET I found an amazing library SgmlReader which made my life so easy to convert HTML documents to XHTML. With this I was able to run XPATH queries to extract whatever information I want from any dam website written in worst possible malformed HTML. Had it not been SgmlReader I would have had to write tedious parsing  code to extract the tokens from the HTML string.

With this simple code you cleanup the mess that most web-masters do !!

Here is the function for VB.NET. Please download SgmlReader from the link above.

    Public Function Html2Xml(ByVal txtHTMLString As String) As String
        Dim XHTML As New Sgml.SgmlReader
        Dim sw As StringWriter = New StringWriter()
        Dim w As XmlTextWriter = New XmlTextWriter(sw)
 
        XHTML.DocType = "HTML"
        XHTML.InputStream = New StringReader(txtHTMLString)
 
        While (Not XHTML.EOF)
            w.WriteNode(XHTML, True)
        End While
        w.Close()
 
        Return sw.ToString()
 
    End Function

 

Recently I encountered a similar need in PHP and I was desperately searching for SgmlReader equivalent and my search zeroed on php_tidy extension. Once you enable this extension you get all the functionality.

	$opts = array("clean" => true, "output-xml" => true);
	$xhtml = tidy_parse_file("http://www.example.com", $opts);
	echo $xhtml;

 

For more information about php_tidy goto http://us.php.net/tidy

 
1 Comments
Leave A Response

CURL Class with cookie support

On September 15,2009, In PHP, By Vaibhav

If found a really nice PHP class for CURL usage
Source: http://us2.php.net/manual/en/book.curl.php#90821

I have modified the code for my needs.

Example Usage:

$curl = new mycurl("http://www.example.com");
$curl->setPost($example_post_data);
$curl->createCurl('nul');
$content = $curl->content();
echo $content;

 

Here the code code for the curl class:

class mycurl {
	protected $_useragent = "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2";
	protected $_url;
	protected $_followlocation;
	protected $_timeout;
	protected $_maxRedirects;
	protected $_cookieFileLocation = './cookie.txt';
	protected $_post;
	protected $_postFields;
	protected $_referer ="http://www.google.com"; 

	protected $_session;
	protected $_webpage;
	protected $_includeHeader;
	protected $_noBody;
	protected $_status;
	protected $_binaryTransfer;
	public    $authentication = 0;
	public    $auth_name      = '';
	public    $auth_pass      = ''; 

     public function useAuth($use){
       $this->authentication = 0;
       if($use == true) $this->authentication = 1;
     } 

     public function setName($name){
       $this->auth_name = $name;
     }
     public function setPass($pass){
       $this->auth_pass = $pass;
     } 

     public function __construct($url,$followlocation = true,$timeOut = 30,$maxRedirecs = 4,$binaryTransfer = false,$includeHeader = false,$noBody = false)
     {
         $this->_url = $url;
         $this->_followlocation = $followlocation;
         $this->_timeout = $timeOut;
         $this->_maxRedirects = $maxRedirecs;
         $this->_noBody = $noBody;
         $this->_includeHeader = $includeHeader;
         $this->_binaryTransfer = $binaryTransfer; 

         $this->_cookieFileLocation = dirname(__FILE__).'/cookie.txt'; 

     } 

     public function setReferer($referer){
       $this->_referer = $referer;
     } 

     public function setCookiFileLocation($path)
     {
         $this->_cookieFileLocation = $path;
     } 

     public function setPost ($postFields)
     {
        $this->_post = true;
        $this->_postFields = $postFields;
     } 

     public function setUserAgent($userAgent)
     {
         $this->_useragent = $userAgent;
     } 

     public function createCurl($url = 'nul')
     {
        if($url != 'nul'){
          $this->_url = $url;
        } 

         $s = curl_init(); 

		curl_setopt($s,CURLOPT_URL,$this->_url);
		curl_setopt($s,CURLOPT_HTTPHEADER,array('Expect:'));
		curl_setopt($s,CURLOPT_TIMEOUT,$this->_timeout);
		curl_setopt($s,CURLOPT_MAXREDIRS,$this->_maxRedirects);
		curl_setopt($s,CURLOPT_RETURNTRANSFER,true);
		curl_setopt($s,CURLOPT_FOLLOWLOCATION,$this->_followlocation);
		curl_setopt($s,CURLOPT_COOKIEJAR,$this->_cookieFileLocation);
		curl_setopt($s,CURLOPT_COOKIEFILE,$this->_cookieFileLocation);
		$header[] = 'Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5';
		$header[] = 'Accept-Language: en-us,en;q=0.5';
		$header[] = 'Accept-Encoding: gzip,deflate';
		$header[] = 'Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7'; 

		$header[] = 'Keep-Alive: 300';
		$header[] = 'Connection: keep-alive'; 

         curl_setopt($s,CURLOPT_HTTPHEADER, $header); 

         if($this->authentication == 1){
           curl_setopt($s, CURLOPT_USERPWD, $this->auth_name.':'.$this->auth_pass);
         }
         if($this->_post)
         {
             curl_setopt($s,CURLOPT_POST,true);
             curl_setopt($s,CURLOPT_POSTFIELDS,$this->_postFields);
         } 

         if($this->_includeHeader)
         {
               curl_setopt($s,CURLOPT_HEADER,true);
         } 

         if($this->_noBody)
         {
             curl_setopt($s,CURLOPT_NOBODY,true);
         } 

         /*if($this->_binary)
         {
             curl_setopt($s,CURLOPT_BINARYTRANSFER,true);
         } */

         curl_setopt($s,CURLOPT_USERAGENT,$this->_useragent);
         curl_setopt($s,CURLOPT_REFERER,$this->_referer);
		 curl_setopt($s, CURLINFO_HEADER_OUT, true);

         $this->_webpage = curl_exec($s); 

		 var_dump(curl_getinfo($s,CURLINFO_HEADER_OUT));

         $this->_status = curl_getinfo($s,CURLINFO_HTTP_CODE);
         curl_close($s); 

     } 

	public function getHttpStatus()
	{
		return $this->_status;
	} 

	public function content()
	{
		return $this->_webpage;
	}
}
 
1 Comments
Leave A Response

Using CURL for ASPX with VIEWSTATE

On August 29,2009, In PHP, By Vaibhav

Last night I was trying to use curl for data mining in PHP. The website was built in ASPX and used Session. As we all know ASP.net has server side controls whose state is stored in the hidden __VIEWSTATE variable in the form, I had to send this VIEWSTATE variable as my post variable to get the desired response.

After trying for a few hours with no success I was wondering what was wrong. After some research I came across some article that suggested using LiveHttpHeaders plugin in Firefox to view what exact request is being sent. Then after looking at the Request Header I found that the VIEWSTATE needs to be URL encoded !! and there I got my desired response instantly.

To conclude if we send POST parameters with CURL make sure you encode them and send in the proper order.

Checkout my other post CURL Class that will help you write code to send requests to pages that need cookies.

Also checkout Convert HTML to well-formed XML document (Clean HTML) with SgmlReader or php_tidy post to get insight on how to extract information from HTML.

 
2 Comments
Leave A Response
Go To Top »