I’ve updated the source and it now includes friendly variable/function creation so they are easier to read than pure random data. Thanks to Agente Naranja for the suggestion! I’ve fixed plenty of bugs and included many customisation options, each site using should change the configuration of the CAPTCHA to make it easy or harder to [...]
The Spanner
Security —
Category Archives: Security
Codetcha
I’ve sat on the concept for a long time and it has had many names but I’ve got a bit of free time now so I decided to create a proof of concept. It isn’t perfect yet and there may be false positives due to a few bugs but if you read my blog you [...]
Hidden javascript properties
Javascript contains hidden properties in many objects, I first discovered this when DoctorDan from the slackers forum demonstrated a technique to get the text from a regular expression object without specifying the source property. Later I found a post by John Resig about weird IE behavior again with -1 properties.
So I decided to experiment [...]
Polymorphic javascript
Finding a pattern in malicious javascript is difficult, it’s possible to selectively change the source code yet still execute the same payload. There are many ways to morph Javascript and I shall go through a few of the possibilities and provide examples through Hackvertor (which now supports code morphing).
In order for a pattern to [...]
Firefox javascript sandboxing
As a technical challenge and maybe in future to allow Hackvertor to execute javascript code from the user. I decided to create a javascript sandbox.
It works by first running the code through a new Function constructor and tosource, the reason for this is that Firefox actually converts the code supplied e.g. ‘te\st’ becomes ‘test’ [...]
Hackvertlets
I thought about adding basic bookmarklets to Hackvertor but then I had an idea..wouldn’t it be cool if you could create your own This simple yet powerful feature will allow you to perform a Hackvertor conversion on any text from any web page. This means you can convert a selection of text to hex [...]
Hackvertor fixes
Simplicity is always the best policy
I’ve finally and completely (I hope) fixed nested tags. This was an absolute nightmare to solve because the engine kept matching the wrong sets of tags. For example if you placed the following tags in Hackvertor:-
<hex_ent><hex_ent>test</hex_ent></hex_ent>
Hackvertor wouldn’t know which one it should convert first, the way to actually solve the [...]
Total Recall No Javascript
My friend Ronald has a excellent post where he uses XML to gather entities from the various extensions to check if they are installed. Awesome stuff! The problem though is that it requires Javascript to be successful. I wanted a way to check any extension even if they had Javascript disabled or noscript installed. The [...]
CSRF chat
You may think adding tokens to your forms will completely protect you from CSRF, you’d be wrong. I’ve shown in previous blog entries how you can use CSS overlays to bypass tokens. I decided to create a real world example which uses these techniques to create something cool. The world’s first CSRF chat! I got [...]
Moz-binding XSS fun
CSS supports hex encoding within styles as well html entities, but did you know you could combine them both? I didn’t. To construct an attack similar to the one displayed below you first need to convert your CSS property to hex, so -moz-binding becomes: \2d\6d\6f\7a\2d\62\69\6e\64\69\6e\67, notice there is no “x” prefix or double zeros like [...]