Comments on: Javascript protocol fuzz results http://www.thespanner.co.uk/2008/06/30/javascript-protocol-fuzz-results/ A tool for designers dealing with programmers dealing with designers... Thu, 20 Nov 2008 22:26:55 +0000 http://wordpress.org/?v=2.6.2 By: Abeon Tech http://www.thespanner.co.uk/2008/06/30/javascript-protocol-fuzz-results/#comment-1334 Abeon Tech Thu, 16 Oct 2008 11:56:57 +0000 http://www.thespanner.co.uk/?p=215#comment-1334 Seems like they are opening more holes in each release...... Why don't some people ever learn :D Seems like they are opening more holes in each release……

Why don’t some people ever learn :D

]]> By: Gareth Heyes http://www.thespanner.co.uk/2008/06/30/javascript-protocol-fuzz-results/#comment-1315 Gareth Heyes Thu, 18 Sep 2008 08:23:04 +0000 http://www.thespanner.co.uk/?p=215#comment-1315 Opera now has more :D in the latest version:- http://www.thespanner.co.uk/2008/09/18/javascript-protocol-fuzzer-and-opera/ Opera now has more :D in the latest version:-
http://www.thespanner.co.uk/2008/09/18/javascript-protocol-fuzzer-and-opera/

]]> By: Gareth Heyes http://www.thespanner.co.uk/2008/06/30/javascript-protocol-fuzz-results/#comment-1314 Gareth Heyes Thu, 18 Sep 2008 07:48:06 +0000 http://www.thespanner.co.uk/?p=215#comment-1314 And as if by magic the fuzzer now contains charsets:- http://www.businessinfo.co.uk/labs/javascript_protocol_fuzzer/javascript_protocol_fuzzer.php?charset=UTF-8 And as if by magic the fuzzer now contains charsets:-

http://www.businessinfo.co.uk/labs/javascript_protocol_fuzzer/javascript_protocol_fuzzer.php?charset=UTF-8

]]> By: Gareth Heyes http://www.thespanner.co.uk/2008/06/30/javascript-protocol-fuzz-results/#comment-1313 Gareth Heyes Thu, 18 Sep 2008 07:26:03 +0000 http://www.thespanner.co.uk/?p=215#comment-1313 @Chris That's a good point I've not even tried fuzzing with different charsets, at the moment it isn't specified. I may include this option. Yeah seen your post about that, it's similar to the direction reversal chars mario found when implementing phpids. I've not tried the latest version of Opera they could have been fixed because it's been quite a while. @Chris

That’s a good point I’ve not even tried fuzzing with different charsets, at the moment it isn’t specified. I may include this option.

Yeah seen your post about that, it’s similar to the direction reversal chars mario found when implementing phpids.

I’ve not tried the latest version of Opera they could have been fixed because it’s been quite a while.

]]> By: Chris Weber http://www.thespanner.co.uk/2008/06/30/javascript-protocol-fuzz-results/#comment-1312 Chris Weber Thu, 18 Sep 2008 00:01:52 +0000 http://www.thespanner.co.uk/?p=215#comment-1312 Very interesting Gareth - the stuff in Firefox is the entire UTF-16 surrogate range U+DC00 to U+DFFF. Surrogates have no meaning in UTF-8 so this is weird - were you using a meta tag or HTTP header to set charset=utf-8 in your testing? The Opera stuff makes no sense at all to me :) Haha, wow, these code points don't have anything in common in terms of Unicode general categories or binary properties. Did you see my post about whitespace in Opera? http://lookout.net/2008/08/26/advisory-attack-of-the-mongolian-space-evaders-and-other-medieval-xss-vectors/ I haven't tried out your Opera links but plan to see if I can figure out what's going on there. Very interesting Gareth - the stuff in Firefox is the entire UTF-16 surrogate range U+DC00 to U+DFFF. Surrogates have no meaning in UTF-8 so this is weird - were you using a meta tag or HTTP header to set charset=utf-8 in your testing?

The Opera stuff makes no sense at all to me :) Haha, wow, these code points don’t have anything in common in terms of Unicode general categories or binary properties.

Did you see my post about whitespace in Opera?

http://lookout.net/2008/08/26/advisory-attack-of-the-mongolian-space-evaders-and-other-medieval-xss-vectors/

I haven’t tried out your Opera links but plan to see if I can figure out what’s going on there.

]]> By: Gareth Heyes http://www.thespanner.co.uk/2008/06/30/javascript-protocol-fuzz-results/#comment-1298 Gareth Heyes Sun, 07 Sep 2008 18:16:17 +0000 http://www.thespanner.co.uk/?p=215#comment-1298 Hey Chris awesome blog! I've bookmarked it :) I'm from the UK so getting to Redmond before Bluehat would be difficult however I might have time just before or after. Hey Chris awesome blog! I’ve bookmarked it :) I’m from the UK so getting to Redmond before Bluehat would be difficult however I might have time just before or after.

]]> By: Chris Weber http://www.thespanner.co.uk/2008/06/30/javascript-protocol-fuzz-results/#comment-1297 Chris Weber Sun, 07 Sep 2008 03:54:19 +0000 http://www.thespanner.co.uk/?p=215#comment-1297 Gareth, I think we've been doing some similar testing in this area, might be nice to chat sometime. I've got some other interesting results in all the browsers as well. Are you planning to be in Redmond sometime before Bluehat? Gareth, I think we’ve been doing some similar testing in this area, might be nice to chat sometime. I’ve got some other interesting results in all the browsers as well. Are you planning to be in Redmond sometime before Bluehat?

]]> By: Gareth Heyes http://www.thespanner.co.uk/2008/06/30/javascript-protocol-fuzz-results/#comment-1259 Gareth Heyes Wed, 02 Jul 2008 08:40:39 +0000 http://www.thespanner.co.uk/?p=215#comment-1259 @Mikael I see your point, you now should be able to download the file with wget without spoofing. @Mikael

I see your point, you now should be able to download the file with wget without spoofing.

]]> By: Mikael Gueck http://www.thespanner.co.uk/2008/06/30/javascript-protocol-fuzz-results/#comment-1258 Mikael Gueck Wed, 02 Jul 2008 03:29:51 +0000 http://www.thespanner.co.uk/?p=215#comment-1258 Certainly, but you have to spoof the referer as well. Certainly, but you have to spoof the referer as well.

]]> By: Gareth Heyes http://www.thespanner.co.uk/2008/06/30/javascript-protocol-fuzz-results/#comment-1257 Gareth Heyes Tue, 01 Jul 2008 09:07:54 +0000 http://www.thespanner.co.uk/?p=215#comment-1257 Easy spoof the user agent e.g. curl -A 'Internet Explorer' http://www.businessinfo.co.uk/labs/javascript_protocol_fuzzer/vectors.xml Easy spoof the user agent e.g.

curl -A ‘Internet Explorer’ http://www.businessinfo.co.uk/labs/javascript_protocol_fuzzer/vectors.xml

]]>