I’ve spent a bit of time experimenting with Javascript over the last few weeks and I thought I’d share some of the techniques used. First of all Javascript is weird, cool and surprising language, it is just simply not possible to learn everything it can do.
Most of these techniques were used whilst hacking/playing with [...]
The Spanner
javascript —
Category Archives: javascript
Javascript for hackers
Safari beta zero day
Apple annoy me or rather their security attitude annoys me. I told them about a vulnerability months ago, I persisted and told them again. I got a generic reply from them saying:-
——————————–
Hello,
Thank you for filing this issue via Apple’s bug reporting system. Apple takes every report of a potential security problem very seriously.
After examining your [...]
Random Javascript and PHP generation
This code was based on a CAPTCHA I wrote but it could be useful in other areas such as comment spam protection. The idea is that a few random code blocks are generated on the client and server side, so each language (PHP, Javascript) has the same code. For example:-
num = 1330;
for(i=0;i<2;i++) {
num += 25;
for(j=0;j<2;j++) [...]
Open source security tools
I have reached the required comment level for my JSFuzzer, if you weren’t aware of my experiment it was simply to have people comment on my post before I released the source code [1]. I know it might sound silly but in fact it enables the project to attract attention and also humans by their [...]
Firefox weird javascript execution
I’ve been reading sla.ckers quite a lot recently and I found a interesting topic on there were rsnake describes Firefox strange Javascript execution vectors which I wasn’t aware of. I thought I’d share them with everyone because I’m sure you’ll find them of interest.
1. First off there’s the double // which allows you to specify [...]
Open source as a reward for the JS Fuzzer
Did you like my JS Fuzzer? If you did, then leave a comment here and when the site reaches 30 unique comments for this post I shall release the source code. You can then run it for as long as you want on your own server.
Once the source code is released I shall be [...]
More Javascript fuzzing
I’ve rewrote my Javascript fuzzer to include more options, this one allows you to choose events, html attributes and various quote options. If you have any suggestions or attributes/events you would like me to include then please leave a comment. The fuzzer also now has the branding of my site that I recently redesigned.
Update…
I’ve updated [...]
IE7 javascript echo
This is a strange one, I’ve no clue why IE7 does this but it appears to execute and echo javascript using multiple :
Check it out:
Echo javascript
XSS and Fuzzing
I’ve been doing a bit of manual testing on a project that Mario & others are creating, I don’t usually do a lot of XSS cause I find it a bit boring doing the same stuff, so I decided to come up with some new vectors which I found cool. The only problem was creating [...]
Online Javascript LAN scanner
Background
I’ve really enjoyed making this tool, it started off as a port scanner then it evolved into a router scanner and now I’ve decided to accept any device on a LAN. The code now works on Firefox and IE7 (which was a pain), I haven’t managed to test it on any other browser so please [...]