I’ve been slowly developing JSReg over the last few months and I’ve dropped lots of code and redone it many times. This latest version is a code rewriter and will sandbox most javascript properties and the goal is to produce a complete locked down version (which can be improved upon later).
So far it’s going well, [...]
This is my cup of tea, a whole new way to prevent XSS and related attacks. I’ve been looking at the specification and I like the core of the policy preventing external scripts, eval etc. But reading it I started to think of ways around it because it’s fun
Meta tag
The meta tag seems [...]
I found this while writing Astalanumerator. Safari allows you to overwrite top and parent with native code and maybe other stuff (I haven’t tried). This allows you to define something on domain A and call it on domain B using the top and parent. I’d email Apple about it but the last time I reported [...]
A quick update to Astalanumerator, it is now much better. No crashes and a completely new interface. I use a tree menu to traverse objects which can go on forever if you wish. It uses two display windows now, one displays the tree menu and the other displays extra details about the object when clicking.
In [...]
No new PHPIDS vectors for a while? So I thought I’d write a new one as I had 5 minutes spare while drinking my coffee. I used a new technique (as far as I’m aware) to make things easier A very old feature in IE is to allow events to be declared as vbscript [...]
I wanted to map all properties in javascript and inspect them regardless if they were objects or not. IE doesn’t support for(i in..) for native properties like constructor etc. So I decided to write a cross platform enumerator that could map everything. I decided to call it “Astalanumerator” as a silly reference to terminator combined [...]
I thought I’d post a quick tutorial on how Hackvertor can be used to decode obfuscated javascript. This is based on a real request on sla.ckers. I’ll walk you through the code and tidy it up and show you how to use the advanced tags to easily decode the encoded string.
Warning disclaimer
Do not try and [...]
It turns out I was right. Originally I thought the protocols reported by my javascript fuzzer were false positives but as like lots of my code it seems to know better than me I tested the context of the vectors in a normal HTML link which didn’t work correctly. But I was messing with [...]
I research a lot of Javascript as part of my job and I’ve been toying with the idea of a perfect native function overwrite. The idea is that you can still call the native function and have control over it but once it’s been defined it cannot be modified only destroyed.
My idea was to redefine [...]
I like this event, it’s pretty cool. The reason why it’s interesting from a XSS perspective is that it is executed automatically without user interaction. This is rare in the XSS playground, usually you have to use onerror, onload or onfocus events and they only work in certain circumstances.
I’d better mention that the event [...]