Cross-Site trace (XST) Cross-Site tracking ***

Source: Internet
Author: User
Tags http authentication

  • Cross-Site trace (XST) Cross-Site tracking ***
      • vulnerability description
        XST *** is a method for collecting user information using server debugging trace ***, because the TRACE method causes the server to return the content sent by the client as is (cookie, HTTP authentication information, etc)
        *** embed malicious code into a Web file on a controlled host. When a visitor browses, the malicious code is executed in the browser, then, the visitor's cookie, HTTP basic verification, and NTLM authentication information will be sent to the controlled host, and the trace request will be sent to the target host, resulting in cookie spoofing or man-in-the-middle ***.
      • conditions to be met when XST is launched
        1. "The server being *** allowed the trace/track method (for example, http://www.example.com this site being *** allowed to use the TRACE method)
        2. *** creates an HTML page on your website, which contains attractive content (images, text titles, etc ), click on the content
        will trigger a malicious JavaScript code, the main role of this Code:
        (1) send requests to the http://www.example.com site in the trace method, the "users who are ** users" happen to be users of this site, and
        Once logged on to the site (meaning it will carry cookie and HTTP authentication information to request the http://www.example.com ),
        (2) then the server receives the original returned request content (cookie + HTTP authentication information, etc.)
        (3) then, save the personal information received by the *** user to your website (by requesting save. PHP saves the data.)
        (4) you can use this information to disguise yourself, impersonate "be *** user" to log on to access the content above the http://www.example.com
        Note: The above is to be "manually triggered by *** user, of course, it can also be triggered automatically (that is, malicious JavaScript code is automatically executed when the user enters the page)
      • comparison between XST and XSS
        comparison between XST and XSS:
        similarities: both of them are highly fraudulent and can cause harm to affected hosts, in addition, this type of *** is multi-platform and multi-technology. We can also use the active control, Flash, Java, and so on for XST and XSS ***.
        advantages: normal HTTP verification and NTLM verification can be bypassed
  • HTTPOnly cookie and cross-site tracking
    * ** A payload of the XSS vulnerability is to use embedded Javascript to access the document. Cookie attribute and intercept the session token of the victim. HTTPOnly cookie is a defense mechanism supported by some browsers. Many applications use it to prevent the execution of this *** payload.
    When a cookie is marked in this way, the browser that supports it will prevent client JavaScript from directly accessing the cookie. Although the browser still submits this cookie in the request's HTTP message header, it does not appear in the string returned by document. Cookie. Therefore, using HTTPOnly cookies can prevent *** users from using XSS to perform session hijacking ***.
    • TRACE Method Introduction:
      The trace method is a protocol debugging method defined by HTTP (Hypertext Transfer) protocol, this method allows the server to return the content of any client request (the proxy server information in the middle of the route may be appended). Because this method returns any data submitted by the client as is, cross-site scripting (XSS) ***. This *** method is also called cross-site tracking *** (XST)
      • The trace method implements cross-site
        ?Confirm that the target site supports the TRACE method:

        ?Capture packets and modify HTTP request content
        Modify the HTTP Request Method to trace and modify the HTTP request header information.

        ?Cross-Site prompt dialog box appears in the browser

        Complete

    Cross-Site trace (XST) Cross-Site tracking ***

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.