Reverse Engineering Browser Components - Dissecting and Hacking Silverlight, HTML 5 and Flex

Hacking browser components by Reverse Engineering is emerging as the best way of discovering potential vulnerability across web applications in era of Rich Internet Applications (RIA). RIA space is flooded with technologies like HTML 5, Flex/Flash, Silverlight, extended DOM and numerous third party libraries. Browsers are getting hacked and attacked almost every day by attacker, worms and malware with specific scope. We have seen exploitation of these technologies on popular site like facebook, twitter, yahoo, google to name a few.

The traditional boundaries of web applications are fading out and browsers are hosting substantial part of web application including data access, business logic, encryptions etc. along with presentation layer. It is making browser components a potential target for hackers. The danger of poorly written browser components is greater in today's world and successful exploitation can have significant impact on application.

Reverse Engineering can be applied to determine potential weakness by following well defined methodology. It contains reverse engineering the architecture of browser layer, fingerprinting components, discovery of cross domain interactions, debugging calls, DOM inspection, decompiling components, inter-platform communication, socket calls inspection and vulnerability tracing.

This paper will go over these steps in detail and help in identifying any weakness or vulnerability associated with browser component. Browsers are no longer a static content loader; it allows complicated operations in this era. Browsers can run powerful application using HTML 5 components like WebWorkers (threads), WebSockets and Sandboxed iframes. It can load Silverlight and flex content and allows application to emulate a rich desktop. We will be covering following attacks, threats and analysis techniques to dissect browser component using reverse engineering tools (author is releasing tools along with the paper).

• Malware and Worms leveraging XHR and WebSockets
• Exploiting cool HTML 5 presentation features like CSS-opacity, Sandboxed iframes, Canvas etc. for potential abuses like ClickJacking and Spoofing
• Reverse engineering Silverlight components to discover vulnerabilities and business logic secrets
• Hacking and attacking flex/flash components via DOM
• Protocol reverse engineering and injections AMF, WCF, JSON etc.
• DOM injections and pollution to gain execution capabilities
• Cross widgets and component hacking and architecture reverse engineering
• HTML 5 usage and impact analysis (Tag and Attributes decomposition)
• Decompilation and Static Code Analysis vectors for JavaScript/Flash/Silvelight
• Abusing and exploiting storage and WebSQL based browser components
• Attacking offline application mechanism
• Quick analysis of WebWorkers and abuse scenario
• SOP bypass and cross domain access and call reversing

We will be covering above attacks and their variants in detail along with some real life cases and demonstrations. It is also important to understand methods of discovering these types of vulnerabilities across application base. We will see some new scanning tools and approaches to identify some of these key issues.