Web App Security Journ(ey)al

Internet Explorer 8 Ad Blocking

2009-02-05T08:23:00.000-08:00

I recently downloaded Internet Explorer 8 RC1 and was playing with the InPrivate Filtering feature. I think that this feature could be used as an Ad Blocker. I converted the adblock plus filters into xml format understood by IE and imported them in the InPrivate Filtering settings. Many websites worked fine while some (e.g. yahoo mail) appeared to be broken. I am sure that with a little tweaking

Can Browser's Password Manager Be Used As Sign In Seal?

2008-04-29T12:57:00.000-07:00

Almost every user uses browser's password manager these days. You visit a site, enter password and ask your browser to remember it. The password manager is supposed to fill out user name and the password automatically when you go to the site again.This can be used to avoid phishing attacks. The first time you visit any domain, make sure that you have typed in the url correctly in the address bar.

Web2Torrent : Let web pages host your files...

2008-03-08T17:53:00.000-08:00

This is for research and fun purpose only. Don't contaminate the web using this technique. Use the tool at your own risk.I just finished a POC implementation of what I call as Web2Torrent. It is not exactly a torrent as you will know after reading this post. It is just a funny way of storing your files on blogs, message forums, mailing lists etc. (Note: This is no rocket science)It consists of a

Software Lawyers and Standardized License Agreements?

2008-02-14T18:09:00.000-08:00

I posted following on my class blog. I think this should be interesting idea to consider.After reading this post, I thought that we should standardize privacy policies and license agreements. Let me explain what exactly I mean by that.In class Dr. Chen expressed the need of having information in a machine readable format. For this purpose we mainly use standards like FOAF, OWL etc. Companies are

Your 'Private' Videos on Orkut Are NOT Private!

2007-12-20T21:07:00.000-08:00

Hmmm.. After a long time I have found something interesting to write about.Orkut now has a feature that allows you to set your videos and photos as private so that only your friends can see your videos and photos. Well its not implemented that well it seems.Referer Header is at fault this time. Youtube videos have links section below each video which lists links referring to the current video. It

IE home page URL resulting in XSS?

2007-09-09T18:09:00.000-07:00

I am not able to phrase the title of this entry correctly, but this is what I have found....Copy the following link location and set it as your homepage in IE 7.COPY THIS LINKWhen you open a new window in IE, it echoes your home page url in the window which results into something similar to XSS.I am trying to find a way to exploit this (like automatically setting homepage and adding some

Is it that easy to write desktop worms?

2007-07-24T00:22:00.000-07:00

Some days ago, a friend of mine wanted few documents from me. So I plugged his pen-drive into the USB slot. As the next obvious step, I opened the drive. And strange things started happening on my computer.First of all, I saw an executable file with its icon similar to that of a normal directory. The name of which was MicrosoftPowerPoint.exe. Note that I noticed the extension because luckily I

IE - Guessing The Names Of The Fixed Drives On Your Computer

2007-07-05T10:34:00.000-07:00

DEMOWhile doing experiments with IE I observed another weird behavior. When I created an anchor tag with href="a:crap" like this, in the progress bar at the bottom IE showed "file:///a:crap". Now this is interesting. How could IE even try to guess the protocol unnecessarily?I went ahead with a new experiment: created iframes with src = a:crap. This time a 'page could not be displayed' error

SSL tunneling using CONNECT method and its security implications

2007-06-23T10:20:00.000-07:00

Most of you know how CONNECT method is used by the client and the proxy to successfully tunnel an HTTPS connection without the proxy seeing the data. If you don't, then here is a quick description.The client sends a CONNECT request to the proxy asking it to connect to the specified destination.e.g. [1]CONNECT mail.google.com:443 HTTP/1.0User-agent: xyzThe proxy then connects to the destination

Bypassing WAF with full-width Unicode encoding

2007-05-23T08:11:00.000-07:00

This issue is in the news for past few days. If anyone wants to try it yourself, here is how you do it.If you want to try it out on IIS (.NET 1.x), here are the steps,response encoding is to be set to ISO-8859-1 usingin the config file (C:\WINDOWS\Microsoft.NET\Framework\vxxx\CONFIG\web.config). (Thanks to my colleague for setting this up)Here is the aspx file you can use,/<

XSS in eXceSS

2007-05-14T04:37:00.000-07:00

XSS in eXceSS is a page that shows various areas of the HTML page where user input can get echoed back. It takes the input via various get parameters and leads to different areas in the HTML page. E.g. parameter freehtml=ATTACK_VECTOR will place the injection in to the HTML body. There are more than 25 such parameters which lead to different XSS areas.Please read the usage notes on the page.In

Onetime url implementation broken this time

2007-04-09T01:34:00.000-07:00

After writing this horrible post and taking it back, a fellow blogger (at least I consider him a fellow blogger) reminded me that everyone makes mistakes. This helped me continue my pursuit to break onetime url.I'm confident this time. This one does work. If it does not, allow me more time :)Key is to 'Watch' the 'Unwatch'! :)