isecpartners.com
Burp Suite Web Proxy http://www.portswigger.net/suite/
Paros Proxy http://www.parosproxy.org/index.shtml
WebScarab http://www.owasp.org/index.php/
Category:OWASP_WebScarab_Project
This page intentionally left blank
55
CASE STUDY: BACKGROUND
Before we discuss the Samy worm, we provide a brief introduction to MySpace and the
hacker mentality.
MySpace (www.myspace.com) is arguably the most famous social networking site
on the Internet, with more than 150 million users. MySpace users can navigate through
other user??™s customized web pages. Customization ranges from standard areas describing
the user??™s interests: favorite music, their hero, their education, and so on. MySpace also
offers substantial cosmetic customization, such as allowing users to add their own
background image and change colors, while attempting to disallow JavaScript because
of the potential for abuse such as cross-site scripting (XSS).
The authors do not know Samy personally, but he has placed some very informative
commentary about himself at http://namb.la/. Apparently, Samy initially liked to log in
to MySpace to check out ???hot girls.??? After a little while he created his own page on
MySpace, but he was frustrated by MySpace??™s security-imposed limitations.
Pages:
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138