Part 5 HTMLS Web Storage Demo
Video Activity
In this lesson, participants receive a demonstration of HTML5 Web Storage Manipulation specifically in regards to sensitive data exposure. Participants learn how to discover information stored on the client side of a web server and get to see how easy it is to manipulate this data. This can be done using FireBug, which is an add on to FireFox. By a...
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Description
In this lesson, participants receive a demonstration of HTML5 Web Storage Manipulation specifically in regards to sensitive data exposure. Participants learn how to discover information stored on the client side of a web server and get to see how easy it is to manipulate this data. This can be done using FireBug, which is an add on to FireFox. By appending malicious JavaScript, participants learn how to access information, this can also be done through a cross site scripting attack.
Video Transcription
00:04
Hello and welcome to the cyber Eri Secure coding course. My name is Sonny Wear and this is a loss Top 10 for 2013 a six sensitive data exposure demo
00:16
HTML five Web storage manipulation.
00:22
This is the demo for HD M 05 Web storage manipulation, particularly regards to sensitive data exposure.
00:31
Now we're gonna look at a couple of pages in Mattila. Data illustrate this. First, I'd like to go to the sensitive data exposure information disclosure a steam if I storage page
00:45
Now on this page, what's illustrated is
00:49
that there are two storage areas available in the browser in HD mo five
00:57
that are known as local storage and session storage. And
01:03
the purpose of this page is to not only make you aware of the information that they taken store, but also
01:11
to realize that because all of that information is stored on the client side
01:17
that it can be manipulated. So new key value pairs can be added,
01:23
information can be deleted. And, of course, the existing key values can be changed. And so we're gonna go through actually looking at some of those examples.
01:38
So what you're seeing here is
01:41
some of the variables that are being stored in the A team of five web storage. You can see CART session is actually in the session storage and the message of the day is something that is in the local storage. Now,
01:59
it's quite easy to find
02:01
these particular values inside of a page, particularly if you have firebug, which is an add on
02:09
to Firefox. So I'm gonna show you how to find those using firebug right now.
02:15
So once you have the firebug add on installed, you can just click the little firebug icon and the council will come up.
02:24
So what we'd like to do is actually search for local storage. So I'm gonna search for that in the style of box here,
02:35
local storage,
02:37
and I want to actually look inside of the Dom.
02:45
And here I can see the local storage.
02:47
I can also see
02:50
the key name and then the value that's been set by each of these.
02:55
I could do the same thing for the session. Storage
03:07
looks like there are five items there
03:09
and you can see the values. And here's where the sensitive data exposure comes into play. You can easily see there some sort of authentication token that the programmer has placed inside of
03:23
this little client side database
03:25
the A C mo five Web storage, and so that obviously could be targeted for information or for manipulation or for hijacking. So now that we've seen that, I'm gonna go ahead and close firebug
03:40
and we'll go to the next part of the demo, which is to actually display that same information. But do it using burb sweet.
03:51
So how we can do that is we're gonna go ahead and turn our interceptor on.
03:57
We're going to refresh our page.
04:00
We've captured the request.
04:03
Now, what I can do is I could actually upend my malicious JavaScript
04:11
to the end of the user agent header.
04:15
So I'm actually gonna pay some job script right here.
04:19
But before I do, I want to show you what it is that I'm actually going to be
04:26
manipulating. So
04:29
the first piece of Java script is just a way to view
04:35
what is contained in the a team of five Web storage areas.
04:41
So you can see in the script that by accessing window dot local storage or window dot session storage,
04:47
then we're gonna be able to see those key value pairs that we had seen displayed in the table on the Web page.
04:57
Then the next script that I'm Kincannon ating to follow
05:01
is actually a change in the value of one of those variables. So if you remember in local storage we had message of the day.
05:12
Well, I'm changing that value from go cats to instead be learned secure coding today.
05:18
And I do have to follow that up with a call to the unit script just the way that the page is built in order to see my change. Now, this is gonna be reflected back to me because I'm going to put it in an alert just so that to illustrate the point that
05:39
this is being executed.
05:40
But of course,
05:42
in in a really attack, you would not see the alert. You would just have this malicious JavaScript executed
05:49
somewhere in the browser, unbeknownst to the victim.
05:57
So go ahead and close that, and I'm gonna go ahead and attend my
06:02
malicious JavaScript.
06:05
I'm gonna forward that intern my interceptor off.
06:10
And then what happens is you can actually see all of those same values again.
06:16
So I've got my local session variable or the key rather
06:23
message of the day, and that's set to go cats.
06:27
Now
06:28
I'm gonna click, okay, and that should then execute manipulation script that's going to change that value.
06:38
And it certainly has. And so now you can see that message of the day says learn secure coding today.
06:46
Now there's another way that we could do this, and that is through a persistent cross site scripting attack
06:53
where we can actually have information divulged to us.
06:59
So if if I go to cross site scripting, persistent and to your blawg,
07:05
I can pretend that I'm putting in, ah, log entry here
07:15
and then go ahead and upend my malicious JavaScript. Now the difference here is that
07:23
this script is actually going to be inserted into a database, so
07:30
that's what makes it persistent. It's not so much the script as it is the way that it's going to be persisted inside of the database and then displayed back to the Web page. And then, of course,
07:46
a persistent or stored cross site scripting, attack or vulnerability,
07:51
then makes each person that browses to that page or clicks on that particular blawg to become a victim. So let's go ahead and save this.
08:03
Now we are reflecting it back just so that you can see something has happened.
08:13
And But if I were to
08:16
view the blog's,
08:24
you can see that once again
08:26
it pops up. So we know that the script is executing,
08:31
and that is because it's now persisted on the page itself.
Up Next
Instructed By
Similar Content
