Cross Origin Resource Inclusion
Nov 07, 2014
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Asynchronous JavaScript and XML Web 2.0 Design Trends Same Origin Policy Cross-Origin Resource Sharing Exploitation Some Thoughts Solutions
HOW DO THEY WORK?
A simple way to refresh content dynamically Prevents having to refresh the entire page
Originally
AJAX used for continuously updating content only
Today
AJAX is used for EVERYTHING
AJAX is being used more Frameworks automatically use AJAX
Scripts are confined to their originating site XMLHttpRequest() follows SOP
Demonstration
HOW DO THEY WORK?
Allows XMLHttpRequest to make cross-origin requests
Checks the remote host to see if it allows cross-origin requests
http://www.w3.org/TR/cors/
Scripts are confined to their originating site XMLHttpRequest() follows SOP
Documents are confined to their originating site XMLHttpRequest() checks with the remote host
Document Object Children
site: safe.com <html>
<head>
<script src="http://malicious.com/">
</head>
</html>
Different Document Objects
Frames
Windows
Cookies
Demonstration
Cross-origin DOM objects are owned by different Document objects
Setting innerHTML changes the ownerDocument property of DOM objects
http://dev.w3.org/html5/spec/Overview.html#innerhtml
Cookies stolen in client-side because of injected resource
Cookies were never sent cross-origin by the browser
Functionality exists: Access-Control-Allow-Credentials
Static Analysis
grep XMLHttpRequest
Dynamic Analysis
Google Chrome Developer Tools breakpoint
Taint analysis
Make Cookies HttpOnly Set Access-Control-Allow-Origin to null
Access-Control-Allow-Origin null by default Only allow safe DOM objects on a cross-
origin request
http://isisblogs.poly.edu/?p=26
Related Documents
