Blog

Persistence Through Service Workers—Part 2: C2 Setup and Use

In Part 1 of this 2-part blog, we provided an overview of service workers and created an appropriate target application to exploit using Shadow Workers. In this blog post we’ll build our C2 server in Digital Ocean and use Shadow Workers to exploit the target application. It is highly recommended to read Part 1 prior...

Persistence Through Service Workers—Part 1: Introduction and Target Application Setup

During a recent discussion about achieving persistence on a web server, someone suggested that I explore using browser service workers. As I began reading about what service workers do, the possibilities for Red Team applications seemed intriguing. But first, I had to find out…what exactly is a service worker? In their efforts to make web...

Simple Data Exfiltration Through XSS

During a recent engagement, I found a cross-site scripting (XSS) vulnerability in a legal document management application and created a quick and dirty document exfiltration payload. Unfortunately, this discovery and coding happened on the final day of the engagement (*cough* reporting bonus hacking day), and I didn’t have a chance to actually put the exfiltrated...

Setting the ‘Referer’ Header Using JavaScript

Or, “I’m Sorry, You Said You’re from Where Again?” In a prior webinar on creating weaponized Cross-Site Scripting (XSS) payloads, I mentioned that XSS payloads (written in JavaScript) could not change the HTTP Referer header. Malicious requests made through an XSS payload will often have an unexpected Referer header that does not generally make sense...

PentesterLab Pro Giveaway

We are excited to announce that we will be giving away 200 one-month subscriptions to PentesterLab Pro. During these challenging times, we hope that you will be able to use this learning resource to improve your web application testing skills. PentesterLab Pro is a leading industry tool designed to make learning web hacking easier. Using hands-on...

Tricks for Weaponizing XSS

In this blog post, we will look at some simple JavaScript tricks for creating weaponized cross-site scripting (XSS) payloads. If less reading more videoing is your thing, watch this topic in webinar form here: https://www.trustedsec.com/events/webinar-popping-shells-instead-of-alert-boxes-weaponizing-xss-for-fun-and-profit/ Often, penetration testers use a simple alert(1) payload to demonstrate successful JavaScript execution when we identify an XSS vulnerability. While...