Cross-Site trace (XST) Cross-Site tracking ***
- vulnerability description
XST *** is a method for collecting user information using server debugging trace ***, because the TRACE method causes the server to return the content sent by the client as is (cookie, HTTP authentication information, etc)
*** embed malicious code into a Web file on a controlled host. When a visitor browses, the malicious code is executed in the browser, then, the visitor's cookie, HTTP basic verification, and NTLM authentication information will be sent to the controlled host, and the trace request will be sent to the target host, resulting in cookie spoofing or man-in-the-middle ***.
- conditions to be met when XST is launched
1. "The server being *** allowed the trace/track method (for example, http://www.example.com this site being *** allowed to use the TRACE method)
2. *** creates an HTML page on your website, which contains attractive content (images, text titles, etc ), click on the content
will trigger a malicious JavaScript code, the main role of this Code:
(1) send requests to the http://www.example.com site in the trace method, the "users who are ** users" happen to be users of this site, and
Once logged on to the site (meaning it will carry cookie and HTTP authentication information to request the http://www.example.com ),
(2) then the server receives the original returned request content (cookie + HTTP authentication information, etc.)
(3) then, save the personal information received by the *** user to your website (by requesting save. PHP saves the data.)
(4) you can use this information to disguise yourself, impersonate "be *** user" to log on to access the content above the http://www.example.com
Note: The above is to be "manually triggered by *** user, of course, it can also be triggered automatically (that is, malicious JavaScript code is automatically executed when the user enters the page)
- comparison between XST and XSS
comparison between XST and XSS:
similarities: both of them are highly fraudulent and can cause harm to affected hosts, in addition, this type of *** is multi-platform and multi-technology. We can also use the active control, Flash, Java, and so on for XST and XSS ***.
advantages: normal HTTP verification and NTLM verification can be bypassed
HTTPOnly cookie and cross-site tracking
* ** A payload of the XSS vulnerability is to use embedded Javascript to access the document. Cookie attribute and intercept the session token of the victim. HTTPOnly cookie is a defense mechanism supported by some browsers. Many applications use it to prevent the execution of this *** payload.
When a cookie is marked in this way, the browser that supports it will prevent client JavaScript from directly accessing the cookie. Although the browser still submits this cookie in the request's HTTP message header, it does not appear in the string returned by document. Cookie. Therefore, using HTTPOnly cookies can prevent *** users from using XSS to perform session hijacking ***.
- TRACE Method Introduction:
The trace method is a protocol debugging method defined by HTTP (Hypertext Transfer) protocol, this method allows the server to return the content of any client request (the proxy server information in the middle of the route may be appended). Because this method returns any data submitted by the client as is, cross-site scripting (XSS) ***. This *** method is also called cross-site tracking *** (XST)
- The trace method implements cross-site
?Confirm that the target site supports the TRACE method:
?Capture packets and modify HTTP request content
Modify the HTTP Request Method to trace and modify the HTTP request header information.
?Cross-Site prompt dialog box appears in the browser
Complete
Cross-Site trace (XST) Cross-Site tracking ***
