Soumettre la recherche
Mettre en ligne
HTML5 Messaging (Post Message)
•
1 j'aime
•
871 vues
NSConclave
Suivre
Learn the basic concept of HTTP Post Message and Attack Scenario by Parth Jankharia.
Lire moins
Lire la suite
Logiciels
Signaler
Partager
Signaler
Partager
1 sur 30
Télécharger maintenant
Télécharger pour lire hors ligne
Recommandé
Building your own web based Authenticator
Building your own web based Authenticator
Varun konadagadapa
What Goes In Must Come Out: Egress-Assess and Data Exfiltration
What Goes In Must Come Out: Egress-Assess and Data Exfiltration
CTruncer
Security in PHP Applications: An absolute must!
Security in PHP Applications: An absolute must!
Mark Niebergall
TSC Summit #4 - Howto get browser persitence and remote execution (JS)
TSC Summit #4 - Howto get browser persitence and remote execution (JS)
Mikal Villa
How to Build Your First Web App in Go
How to Build Your First Web App in Go
All Things Open
Going Beyond Cross Domain Boundaries (jQuery Bulgaria)
Going Beyond Cross Domain Boundaries (jQuery Bulgaria)
Ivo Andreev
Nodejs and WebSockets
Nodejs and WebSockets
Gonzalo Ayuso
Connecting to Web Services on Android
Connecting to Web Services on Android
sullis
Contenu connexe
Similaire à HTML5 Messaging (Post Message)
Javascript cross domain communication
Javascript cross domain communication
ChenKuo Chen
HTML5/JavaScript Communication APIs - DPC 2014
HTML5/JavaScript Communication APIs - DPC 2014
Christian Wenz
Everybody loves html5,h4ck3rs too
Everybody loves html5,h4ck3rs too
Nahidul Kibria
Securing TodoMVC Using the Web Cryptography API
Securing TodoMVC Using the Web Cryptography API
Kevin Hakanson
HTTP cookie hijacking in the wild: security and privacy implications
HTTP cookie hijacking in the wild: security and privacy implications
Priyanka Aash
Bsides final
Bsides final
Collyn Hartley
Web Services and Android - OSSPAC 2009
Web Services and Android - OSSPAC 2009
sullis
Real-Time Web applications with WebSockets
Real-Time Web applications with WebSockets
Stanislav Zozulia
New web attacks-nethemba
New web attacks-nethemba
OWASP (Open Web Application Security Project)
OAuth FTW
OAuth FTW
Chris Messina
How OAuth and portable data can revolutionize your web app - Chris Messina
How OAuth and portable data can revolutionize your web app - Chris Messina
Carsonified Team
Webscraping with asyncio
Webscraping with asyncio
Jose Manuel Ortega Candel
Introduction To ICT Security Audit OWASP Day Malaysia 2011
Introduction To ICT Security Audit OWASP Day Malaysia 2011
Linuxmalaysia Malaysia
PHP BASIC PRESENTATION
PHP BASIC PRESENTATION
krutitrivedi
Using Groovy to empower WebRTC Network Systems
Using Groovy to empower WebRTC Network Systems
antonry
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
brent bucci
02 banking trojans-thomassiebert
02 banking trojans-thomassiebert
geeksec80
CodeIgniter i18n Security Flaw
CodeIgniter i18n Security Flaw
Abbas Naderi
Krzysztof Kotowicz - Hacking HTML5
Krzysztof Kotowicz - Hacking HTML5
DefconRussia
Real time web (Orbited) at BCNE3
Real time web (Orbited) at BCNE3
Alex Kavanagh
Similaire à HTML5 Messaging (Post Message)
(20)
Javascript cross domain communication
Javascript cross domain communication
HTML5/JavaScript Communication APIs - DPC 2014
HTML5/JavaScript Communication APIs - DPC 2014
Everybody loves html5,h4ck3rs too
Everybody loves html5,h4ck3rs too
Securing TodoMVC Using the Web Cryptography API
Securing TodoMVC Using the Web Cryptography API
HTTP cookie hijacking in the wild: security and privacy implications
HTTP cookie hijacking in the wild: security and privacy implications
Bsides final
Bsides final
Web Services and Android - OSSPAC 2009
Web Services and Android - OSSPAC 2009
Real-Time Web applications with WebSockets
Real-Time Web applications with WebSockets
New web attacks-nethemba
New web attacks-nethemba
OAuth FTW
OAuth FTW
How OAuth and portable data can revolutionize your web app - Chris Messina
How OAuth and portable data can revolutionize your web app - Chris Messina
Webscraping with asyncio
Webscraping with asyncio
Introduction To ICT Security Audit OWASP Day Malaysia 2011
Introduction To ICT Security Audit OWASP Day Malaysia 2011
PHP BASIC PRESENTATION
PHP BASIC PRESENTATION
Using Groovy to empower WebRTC Network Systems
Using Groovy to empower WebRTC Network Systems
V2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
02 banking trojans-thomassiebert
02 banking trojans-thomassiebert
CodeIgniter i18n Security Flaw
CodeIgniter i18n Security Flaw
Krzysztof Kotowicz - Hacking HTML5
Krzysztof Kotowicz - Hacking HTML5
Real time web (Orbited) at BCNE3
Real time web (Orbited) at BCNE3
Plus de NSConclave
RED-TEAM_Conclave
RED-TEAM_Conclave
NSConclave
Create a Custom Plugin in Burp Suite using the Extension
Create a Custom Plugin in Burp Suite using the Extension
NSConclave
IOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's Approach
NSConclave
Debugging Android Native Library
Debugging Android Native Library
NSConclave
Burp Suite Extension Development
Burp Suite Extension Development
NSConclave
Log Analysis
Log Analysis
NSConclave
Regular Expression Injection
Regular Expression Injection
NSConclave
Node.js Deserialization
Node.js Deserialization
NSConclave
RIA Cross Domain Policy
RIA Cross Domain Policy
NSConclave
LDAP Injection
LDAP Injection
NSConclave
Python Deserialization Attacks
Python Deserialization Attacks
NSConclave
Sandboxing
Sandboxing
NSConclave
NoSql Injection
NoSql Injection
NSConclave
Thick Client Testing Advanced
Thick Client Testing Advanced
NSConclave
Thick Client Testing Basics
Thick Client Testing Basics
NSConclave
Markdown
Markdown
NSConclave
Docker 101
Docker 101
NSConclave
Security Architecture Consulting - Hiren Shah
Security Architecture Consulting - Hiren Shah
NSConclave
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan Braganza
NSConclave
Lets get started with car hacking - Ankit Joshi
Lets get started with car hacking - Ankit Joshi
NSConclave
Plus de NSConclave
(20)
RED-TEAM_Conclave
RED-TEAM_Conclave
Create a Custom Plugin in Burp Suite using the Extension
Create a Custom Plugin in Burp Suite using the Extension
IOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's Approach
Debugging Android Native Library
Debugging Android Native Library
Burp Suite Extension Development
Burp Suite Extension Development
Log Analysis
Log Analysis
Regular Expression Injection
Regular Expression Injection
Node.js Deserialization
Node.js Deserialization
RIA Cross Domain Policy
RIA Cross Domain Policy
LDAP Injection
LDAP Injection
Python Deserialization Attacks
Python Deserialization Attacks
Sandboxing
Sandboxing
NoSql Injection
NoSql Injection
Thick Client Testing Advanced
Thick Client Testing Advanced
Thick Client Testing Basics
Thick Client Testing Basics
Markdown
Markdown
Docker 101
Docker 101
Security Architecture Consulting - Hiren Shah
Security Architecture Consulting - Hiren Shah
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan Braganza
Lets get started with car hacking - Ankit Joshi
Lets get started with car hacking - Ankit Joshi
Dernier
Large Scale Architecture -- The Unreasonable Effectiveness of Simplicity
Large Scale Architecture -- The Unreasonable Effectiveness of Simplicity
Randy Shoup
VuNet software organisation powerpoint deck
VuNet software organisation powerpoint deck
Naval Singh
Building Generative AI-infused apps: what's possible and how to start
Building Generative AI-infused apps: what's possible and how to start
Maxim Salnikov
User Experience Designer | Kaylee Miller Resume
User Experience Designer | Kaylee Miller Resume
Kaylee Miller
Unlocking the Power of IoT: A comprehensive approach to real-time insights
Unlocking the Power of IoT: A comprehensive approach to real-time insights
confluent
MUT4SLX: Extensions for Mutation Testing of Stateflow Models
MUT4SLX: Extensions for Mutation Testing of Stateflow Models
University of Antwerp
8 key point on optimizing web hosting services in your business.pdf
8 key point on optimizing web hosting services in your business.pdf
OffsiteNOC
Unlocking AI:Navigating Open Source vs. Commercial Frontiers
Unlocking AI:Navigating Open Source vs. Commercial Frontiers
Raphaël Semeteys
20140812 - OBD2 Solution
20140812 - OBD2 Solution
Jamie (Taka) Wang
Einstein Copilot Conversational AI for your CRM.pdf
Einstein Copilot Conversational AI for your CRM.pdf
CloudMetic
BATbern52 Swisscom's Journey into Data Mesh
BATbern52 Swisscom's Journey into Data Mesh
BATbern
Steps to Successfully Hire Ionic Developers
Steps to Successfully Hire Ionic Developers
michealwillson701
If your code could speak, what would it tell you? Let GitHub Copilot Chat hel...
If your code could speak, what would it tell you? Let GitHub Copilot Chat hel...
Maxim Salnikov
Technical improvements. Reasons. Methods. Estimations. CJ
Technical improvements. Reasons. Methods. Estimations. CJ
polinaucc
openEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scale
Shane Coughlan
MinionLabs_Mr. Gokul Srinivas_Young Entrepreneur
MinionLabs_Mr. Gokul Srinivas_Young Entrepreneur
Priyadarshini T
renewable energy renewable energy renewable energy renewable energy
renewable energy renewable energy renewable energy renewable energy
jeyasrig
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
BarakaMuyengi
Splashtop Enterprise Brochure - Remote Computer Access and Remote Support Sof...
Splashtop Enterprise Brochure - Remote Computer Access and Remote Support Sof...
Splashtop Inc
03.2024_North America VMUG Optimizing RevOps using the power of ChatGPT in Ma...
03.2024_North America VMUG Optimizing RevOps using the power of ChatGPT in Ma...
jackiepotts6
Dernier
(20)
Large Scale Architecture -- The Unreasonable Effectiveness of Simplicity
Large Scale Architecture -- The Unreasonable Effectiveness of Simplicity
VuNet software organisation powerpoint deck
VuNet software organisation powerpoint deck
Building Generative AI-infused apps: what's possible and how to start
Building Generative AI-infused apps: what's possible and how to start
User Experience Designer | Kaylee Miller Resume
User Experience Designer | Kaylee Miller Resume
Unlocking the Power of IoT: A comprehensive approach to real-time insights
Unlocking the Power of IoT: A comprehensive approach to real-time insights
MUT4SLX: Extensions for Mutation Testing of Stateflow Models
MUT4SLX: Extensions for Mutation Testing of Stateflow Models
8 key point on optimizing web hosting services in your business.pdf
8 key point on optimizing web hosting services in your business.pdf
Unlocking AI:Navigating Open Source vs. Commercial Frontiers
Unlocking AI:Navigating Open Source vs. Commercial Frontiers
20140812 - OBD2 Solution
20140812 - OBD2 Solution
Einstein Copilot Conversational AI for your CRM.pdf
Einstein Copilot Conversational AI for your CRM.pdf
BATbern52 Swisscom's Journey into Data Mesh
BATbern52 Swisscom's Journey into Data Mesh
Steps to Successfully Hire Ionic Developers
Steps to Successfully Hire Ionic Developers
If your code could speak, what would it tell you? Let GitHub Copilot Chat hel...
If your code could speak, what would it tell you? Let GitHub Copilot Chat hel...
Technical improvements. Reasons. Methods. Estimations. CJ
Technical improvements. Reasons. Methods. Estimations. CJ
openEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scale
MinionLabs_Mr. Gokul Srinivas_Young Entrepreneur
MinionLabs_Mr. Gokul Srinivas_Young Entrepreneur
renewable energy renewable energy renewable energy renewable energy
renewable energy renewable energy renewable energy renewable energy
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
Splashtop Enterprise Brochure - Remote Computer Access and Remote Support Sof...
Splashtop Enterprise Brochure - Remote Computer Access and Remote Support Sof...
03.2024_North America VMUG Optimizing RevOps using the power of ChatGPT in Ma...
03.2024_North America VMUG Optimizing RevOps using the power of ChatGPT in Ma...
HTML5 Messaging (Post Message)
1.
HTML5 Messaging (postMessage) By -
Parth Jhankharia Date - 14/5/2020
2.
~$whoami ● Security Analyst ●
Twitter @Aee_Parth
3.
postMessage-Overview ● Working ● Exploitation ●
Remediation ● References
4.
postMessage Supported Browsers From:-
https://caniuse.com/#search=postMessage
5.
postMessage? ● Controlled mechanism
to circumvent SOP. ● Dispatches “Message Event”. ● Type (Always “message”). ● Data (User Supplied). ● Origin (Origin of the window calling). ● Source (window Calling).
6.
Same Origin Policy ●
Port ● Protocol ● Host
7.
Same Origin Policy https://net-square.com/ https://net-square.com/whateva/
8.
Same Origin Policy https://net-square.com/ https://subdomain.netsquare.com/
9.
Same Origin Policy https://net-square.com/ https://net-square.com:1337/
10.
Same Origin Policy https://net-square.com/ http://net-square.com/
11.
postMessage? ● Syntax window.postMessage(message, targetOrigin
[, ports]) ● Example window.postMessage(“msg-here”, “*”)
12.
postMessage Working Via:- https://medium.com/javascript-in-plain-english/javascript-and-window-postmessage-a60c8f6adea9
13.
postMessage Demo
14.
postMessage Attacks ● XSS ●
Information leakage.
15.
postMessage Xss ● No
origin validation on the target. ● Attacker crafts a malicious page having an xss payload ● Sending the payload from attacker’s domain. ● XSS’ed.
16.
postMessage Xss Via:- https://github.com/shurmajee/postmessage-vulnerability-demo
17.
postMessage Xss Demo
18.
So How Do
We Fix It?
19.
So How Do
We Fix It?
20.
So How Do
We Fix It? ● You have to check the origin.
21.
So How Do
We Fix It? ● You HAVE to check the origin.
22.
So How Do
We Fix It? ● You HAVE to check the origin. ● CORRECTLY
23.
postMessage Origin Via:- https://github.com/shurmajee/postmessage-vulnerability-demo
24.
postMessage Origin Demo
25.
Incorrect Origin Checks
26.
Reference ● https://www.slideshare.net/LukasKlein1/attacking-and-defending-html5-p ostmessage-in-mobile-websites ● https://www.slideshare.net/mitchbox/ltiframe-communication-in-javascript ●
https://github.com/shurmajee/postmessage-vulnerability-demo ● https://medium.com/javascript-in-plain-english/javascript-and-window-po stmessage-a60c8f6adea9 ● https://www.cs.utexas.edu/~shmat/shmat_ndss13postman.pdf
27.
Resources ● https://www.slideshare.net/danwrong/building-anywhere-for-txjs ● https://www.slideshare.net/tomasperezv/sandboxed-platform ●
https://public-firing-range.appspot.com/dom/index.html ● https://www.slideshare.net/peterlubbers/html5-realtime-and-connectivity ● https://www.youtube.com/watch?v=FTeE3OrTNoA&t=862s
28.
More Resources
29.
Questions/Thoughts/Feedback?
30.
Thank You!
Télécharger maintenant