HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 35 guests online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Web Applicationsarrow Ethical Hacking steps against a Web Browswer
EH-Net
May 24, 2013, 08:16:37 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Ethical Hacking steps against a Web Browswer  (Read 5196 times)
0 Members and 1 Guest are viewing this topic.
kitchensync
Newbie
*
Offline Offline

Posts: 6


View Profile
« on: December 18, 2009, 02:14:40 PM »
I have a client who is using an opensource platform to create their own web browser. I am having a hard time figuring out the steps I need to take to hack this thing.

1. Go to sites that perform some security testing on the browswer. I found one out of Belgim http://bcheck.scanit.be/bcheck/ . They perform some high level testing over the net which is cool, but I would like something even more intense. Any suggestions?
2. In a sandbox environment, go to sites with known malware and see how hard it is to get some applets or activex bits installed. Anyone know if there is an up-to-date list of sites with known Malware?
3. General standards based testing sites such as acid3? Any ideas?

Thanks guys for any pointers.

S
Logged
Ketchup
Hero Member
*****
Offline Offline

Posts: 1021



View Profile
« Reply #1 on: December 19, 2009, 12:30:15 AM »
Well, if you have access to the source code, you could audit for the typical stuff, buffer overflows, format strings, etc.  If the browser handles plugins, like Acrobat and Shockwave, the same principles apply to testing those.  There is also cross-domain code handling, javascript, etc. 
Logged
~~~~~~~~~~~~~~
Ketchup
Kev
Sr. Member
****
Offline Offline

Posts: 428


View Profile
« Reply #2 on: December 19, 2009, 11:46:46 AM »
As Ketchup mentioned, you really need to get your hands on the browser and preferably the source code, though having the source code isn't always critical. Depending on the size of the program, we can sometimes produce some exploits just by fuzzing.  Going to an exploit site and just blindly blasting them at a program that was privately written is more than likely going to fail. In theory you could get lucky depending on how much code might have been "borrowed", but the odds are very much against it. 
Logged
kitchensync
Newbie
*
Offline Offline

Posts: 6


View Profile
« Reply #3 on: December 22, 2009, 01:13:09 PM »
Thanks for the responses. We will have access to the source code for sure... and I totally agree it is a great place to start, which we will.

I do think it is important to show the client how it reacts to some known browser vulnerabilities (webkit based). Any feedback on where a list like that exists? (been searching around and have found very little). Or if not the site, perhaps a location where some common js malware is found..

Thanks again for your responses.

Ks
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.062 seconds with 22 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Free Business and Tech Magazines and eBooks

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.