Hacking browser components by Reverse Engineering is emerging as the best way of discovering potential vulnerability across web applications in era of Rich Internet Applications (RIA). RIA space is flooded with technologies like HTML 5, Flex/Flash, Silverlight, extended DOM and numerous third party libraries. Browsers are getting hacked and attacked almost every day by attacker, worms and malware with specific scope. We have seen exploitation of these technologies on popular site like facebook, twitter, yahoo, google to name a few.
The traditional boundaries of web applications are fading out and browsers are hosting substantial part of web application including data access, business logic, encryptions etc. along with presentation layer. It is making browser components a potential target for hackers. The danger of poorly written browser components is greater in today's world and successful exploitation can have significant impact on application.
Reverse Engineering can be applied to determine potential weakness by following well defined methodology. It contains reverse engineering the architecture of browser layer, fingerprinting components, discovery of cross domain interactions, debugging calls, DOM inspection, decompiling components, inter-platform communication, socket calls inspection and vulnerability tracing.
This paper will go over these steps in detail and help in identifying any weakness or vulnerability associated with browser component. Browsers are no longer a static content loader; it allows complicated operations in this era. Browsers can run powerful application using HTML 5 components like WebWorkers (threads), WebSockets and Sandboxed iframes. It can load Silverlight and flex content and allows application to emulate a rich desktop. We will be covering following attacks, threats and analysis techniques to dissect browser component using reverse engineering tools (author is releasing tools along with the paper).
We will be covering above attacks and their variants in detail along with some real life cases and demonstrations. It is also important to understand methods of discovering these types of vulnerabilities across application base. We will see some new scanning tools and approaches to identify some of these key issues.
Shreeraj Shah, B.E., MSCS, MBA, CSSLP is the founder of Blueinfy, a company that provides application security services. Prior to founding Blueinfy, he was founder and board member at Net Square. He also worked with Foundstone (McAfee), Chase Manhattan Bank and IBM in security space. He is also the author of popular books like Web 2.0 Security, Hacking Web Services and Web Hacking:Attacks and Defense. In addition, he has published several advisories, tools, and whitepapers, and has presented at numerous conferences including RSA, AusCERT, InfosecWorld (Misti), HackInTheBox, Blackhat, OSCON, Bellua, Syscan, ISACA etc. His articles are regularly published on Securityfocus, InformIT, DevX, O'reilly, HNS. His work has been quoted on BBC, Dark Reading, Bank Technology as an expert.