Android Browser All Versions - Address Bar Spoofing Vulnerability


Introduction

Google security team themselves state that "We recognize that the address bar is the only reliable security indicator in modern browsers" and if the only reliable security indicator could be controlled by an attacker it could carry adverse affects, For instance potentially tricking users into supplying sensitive information to a malicious website due to the fact that it could easily lead the users to believe that they are visiting is legitimate website as the address bar points to the correct website.  

1 Comments

Sucuri WAF XSS Filter Bypass


Introduction

Sucuri Cloud Proxy is a very well known WAF capable of preventing DOS, SQL Injection, XSS and malware detection and prevention. It acts as a reverse proxy which means that all the traffic sent to an application behind Sucuri WAF would be first sent to Sucuri's network which (based upon it's signature database) would check if a particular request is legitimate or not, if it's legitimate it would let it reach the application otherwise it would blocked.

Due to the fact that Sucuri's Cloud proxy utilizes a Blacklist based protection to prevent application layer attacks, it caught my interest as it has been proven time after time that blacklist based protection is insufficient when attempting to block application layer attacks specifically Cross site scripting, as there are countless ways javaScript could be encoded/represented to bypass the protection and thereby it's very difficult to construct a filter that is capable of blocking all possible combinations while yielding minimum false positives. An example would be Mod Security, they have a Strong XSS filter, However it generates a lot of false positives and in most cases it blocks normal/harmless text.

0 Comments

How To Hack A Mobile Application? - Video Series




In today’s world, new mobile innovations have changed the way we bank, shop, play, and communicate. This increased demand for mobile innovation is placing pressure on organizations and developers to get applications to market, quickly.

Often times this focus on feature functionality rather than application security can result in an app becoming vulnerable to malicious attacks. This lack of mobile application protection provides mobile hackers an entirely new way to exploit applications. Among the most exploitable areas for hackers to target, is the binary code of the mobile application. Binary code is the code you download from a mobile app store and is what the machine reads to execute an application. There are a number of ways “black hats” seek to exploit binary-based vulnerabilities in order to compromise applications. 


0 Comments

CSP 2015 Capture The Flag Writeup



On 11th April Giuseppe Trotta and myself organized a CTF (Capture The Flag) competition for Cyber Secure Pakistan (A conference that combines all the stakeholders). The challenge was hosted on hack.me and contained 9 different challenges, some challenges itself contained sub-challenges. Overall, we received great feedback from vast majority of participants. No one was able to solve all the challenges within the given time frame, however a day or two we noticed that a team of "Sajjad" and "MakMan" was able to solve the challenge, and they were kind enough to do the writeup for the challenge, so over to Sajjad for the writeup.

2 Comments

Android Browser Kitkat Content Spoofing Vulnerability



The following is a low risk vulnerability that was found few months ago while testing the latest Android Stock browser on Android Kitkat.  The issue that was found is commonly referred as Content spoofing Vulnerability or dialog box spoofing vulnerability which could be used to fake an alert message on a legitimate website.

In other words, i could display an alert box (Of my choice) on the site of my choice. Whereas in chrome, Firefox and other browser the alert box appears on correct tab. 

Tags: 2 Comments

Android Browser Cross Scheme Data Exposure + Intent Scheme Attack



tl;dr This exploit is an issue present in Android browser < 4.4 and several other android browsers which allows an attacker to read sqlite cookie database file and hence exposing all cookies. Along with it we also talk about a Cross Scheme Data exposure attack in Android < 4.4.

Introduction

During my research on ASOP (Stock Browser) I found out that is is possible to open links to local files using file:// protocol by from a webpage by selecting "Open Link in New tab" from the context menu". This itself is does not represent a vulnerability unless there is a way to read local files and use be able to retrieve the files remotely. However, what caught my attention here is this by default is not permitted browsers such as Chrome, Firefox, Opera etc.

6 Comments

Blog Archive

 

Recent Comments

About

Rafay Baloch is an Independent security researcher, Internet marketer, Entrepreneur and a SEO consultant, He is the founder of RHA blog and multiple other blogs. Rafay got famous after finding a Remote Code Execution bug inside PayPal for which PayPal awarded him a sum of 10,000$ Read More..

Join In!

RHA © 2013. All Rights Reserved.