HTML5 Messaging (Post Message)
Melden
NSConclaveFolgen
14. May 2020•0 gefällt mir•859 Aufrufe
1 gefällt mir
Sei der Erste, dem dies gefällt
Mehr anzeigen
Aufrufe
Aufrufe insgesamt
0
Auf Slideshare
0
Aus Einbettungen
0
Anzahl der Einbettungen
0
Check these out next
HTML5 Messaging (Post Message)
14. May 2020•0 gefällt mir•859 Aufrufe
1 gefällt mir
Sei der Erste, dem dies gefällt
Mehr anzeigen
Aufrufe
Aufrufe insgesamt
0
Auf Slideshare
0
Aus Einbettungen
0
Anzahl der Einbettungen
0
Downloaden Sie, um offline zu lesen
Melden
Software
Learn the basic concept of HTTP Post Message and Attack Scenario by Parth Jankharia.
NSConclaveFolgen
Recomendados
Building your own web based AuthenticatorVarun konadagadapa
What Goes In Must Come Out: Egress-Assess and Data ExfiltrationCTruncer
Security in PHP Applications: An absolute must!Mark Niebergall
TSC Summit #4 - Howto get browser persitence and remote execution (JS)Mikal Villa
How to Build Your First Web App in GoAll Things Open
Going Beyond Cross Domain Boundaries (jQuery Bulgaria)Ivo Andreev
HTML5 Messaging (Post Message)
- HTML5 Messaging (postMessage) By - Parth Jhankharia Date - 14/5/2020
- ~$whoami ● Security Analyst ● Twitter @Aee_Parth
- postMessage-Overview ● Working ● Exploitation ● Remediation ● References
- postMessage Supported Browsers From:- https://caniuse.com/#search=postMessage
- postMessage? ● Controlled mechanism to circumvent SOP. ● Dispatches “Message Event”. ● Type (Always “message”). ● Data (User Supplied). ● Origin (Origin of the window calling). ● Source (window Calling).
- Same Origin Policy ● Port ● Protocol ● Host
- Same Origin Policy https://net-square.com/ https://net-square.com/whateva/
- Same Origin Policy https://net-square.com/ https://subdomain.netsquare.com/
- Same Origin Policy https://net-square.com/ https://net-square.com:1337/
- Same Origin Policy https://net-square.com/ http://net-square.com/
- postMessage? ● Syntax window.postMessage(message, targetOrigin [, ports]) ● Example window.postMessage(“msg-here”, “*”)
- postMessage Working Via:- https://medium.com/javascript-in-plain-english/javascript-and-window-postmessage-a60c8f6adea9
- postMessage Demo
- postMessage Attacks ● XSS ● Information leakage.
- postMessage Xss ● No origin validation on the target. ● Attacker crafts a malicious page having an xss payload ● Sending the payload from attacker’s domain. ● XSS’ed.
- postMessage Xss Via:- https://github.com/shurmajee/postmessage-vulnerability-demo
- postMessage Xss Demo
- So How Do We Fix It?
- So How Do We Fix It?
- So How Do We Fix It? ● You have to check the origin.
- So How Do We Fix It? ● You HAVE to check the origin.
- So How Do We Fix It? ● You HAVE to check the origin. ● CORRECTLY
- postMessage Origin Via:- https://github.com/shurmajee/postmessage-vulnerability-demo
- postMessage Origin Demo
- Incorrect Origin Checks
- Reference ● https://www.slideshare.net/LukasKlein1/attacking-and-defending-html5-p ostmessage-in-mobile-websites ● https://www.slideshare.net/mitchbox/ltiframe-communication-in-javascript ● https://github.com/shurmajee/postmessage-vulnerability-demo ● https://medium.com/javascript-in-plain-english/javascript-and-window-po stmessage-a60c8f6adea9 ● https://www.cs.utexas.edu/~shmat/shmat_ndss13postman.pdf
- Resources ● https://www.slideshare.net/danwrong/building-anywhere-for-txjs ● https://www.slideshare.net/tomasperezv/sandboxed-platform ● https://public-firing-range.appspot.com/dom/index.html ● https://www.slideshare.net/peterlubbers/html5-realtime-and-connectivity ● https://www.youtube.com/watch?v=FTeE3OrTNoA&t=862s
- More Resources
- Questions/Thoughts/Feedback?
- Thank You!