Scanning with Flash ~ tutorial about web security computer networking

Selasa, 14 Agustus 2007

Scanning with Flash

Thanks to Rsnake I learned of a proof of concept for Flash scanning.

I had to enable Javascript and have Adobe Flash installed. I used Firefox within Ubuntu 6.10. In the traffic you can see my host sending the following after finishing the three way handshake.


09:31:34.348028 IP 192.168.2.8.44235 > 10.1.13.4.21:
 P 1:24(23) ack 1 win 1460 
 0x0000:  4500 004b 1f24 4000 4006 41d4 c0a8 0208  E..K.$@.@.A.....
 0x0010:  0a01 0d04 accb 0015 f31e fbd2 a8ce 608e  ..............`.
 0x0020:  8018 05b4 df9f 0000 0101 080a 0018 e4f5  ................
 0x0030:  ea84 369b 3c70 6f6c 6963 792d 6669 6c65  ..6. 0x0040:  2d72 6571 7565 7374 2f3e 00              -request/>.

More to come, I'm sure.

On a related note, read Same-Origin Policy Part 1: Why we’re stuck with things like XSS and XSRF/CSRF by Justin Schuh and XSRF^2 by Dan Kaminsky.

tutorial about web security computer networking

Selasa, 14 Agustus 2007

Scanning with Flash

0 komentar:

Posting Komentar

Label

Arsip Blog

Recent Posts