PARTS:
Part 6
Part 7
Part 8
Part 9
Part 10
Part 11
Part 12
Part 13
Part 14
Part 15
Part 16
Part 17
Part 18
Part 19
Part 20
Part 21
Part 22
WHAT'S HOT
Rich Cannings, Himanshu Dwivedi, Zane Lackey, and Alex Stamos
"Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions"
For example, Firefox limits
connectively to certain low-numbered ports. As such, reliable tools exist only for
performing ping scans and web server scans.
Multiple tools can be used to perform portscanning in JavaScript. SPI Dynamics
released a proof of concept tool that can be used to scan for and identify web servers. An
implementation that is capable of scanning multiple ports was released by Petko Petkov
and is available at www.gnucitizen.org/projects/javascript-port-scanner/portscanner.js.
Unlike attacks with other tools, this attack can be performed even if the victim has
disabled JavaScript in her browser. Jeremiah Grossman published research that
demonstrated that by simply using the HTML and![]()
tags, a network could
be portscanned for web servers without the use of JavaScript. This attack is performed
by loading a Cascading Style Sheet (CSS) through the tag, which points to the IP
of the host that the attacker wishes to portscan. An![]()
tag is then pointed back to a
server that the attacker controls and passes the current time as an argument. If a machine
is not running a web server, the tag attempting to load a CSS from it will time
out.
Pages:
177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201
connectively to certain low-numbered ports. As such, reliable tools exist only for
performing ping scans and web server scans.
Multiple tools can be used to perform portscanning in JavaScript. SPI Dynamics
released a proof of concept tool that can be used to scan for and identify web servers. An
implementation that is capable of scanning multiple ports was released by Petko Petkov
and is available at www.gnucitizen.org/projects/javascript-port-scanner/portscanner.js.
Unlike attacks with other tools, this attack can be performed even if the victim has
disabled JavaScript in her browser. Jeremiah Grossman published research that
demonstrated that by simply using the HTML and
be portscanned for web servers without the use of JavaScript. This attack is performed
by loading a Cascading Style Sheet (CSS) through the tag, which points to the IP
of the host that the attacker wishes to portscan. An
server that the attacker controls and passes the current time as an argument. If a machine
is not running a web server, the tag attempting to load a CSS from it will time
out.
Pages:
177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201