Cenzic 232 Patent
Paid Advertising
web application security lab

Port Scanning Gets Worse

Sorry I was MIA the last few days. Lots of stuff going on. It’s too long of a story to write into the blog post but I was visiting a friend and also doing some light business. While I was gone it looks like there was a bevy of posts about various technologies that help enable some of the port scanning issues that Jeremiah and I were facing when we first started working on the original JavaScript port scanner. Where to start?

Stefan Esser posted two blog posts the other day that are worth mentioning. The first was a way to portscan by injecting an arbitrary percent tag to avoid the 401 Basic Auth popup. That might not seem like a big deal but when the victim sees a popup they are a whole lot more likely to know their browser is doing something weird.

The second post was another way to bypass the 401 basic auth dialog but this time he actually shows how to brute force it without causing the popup in Firefox. This is way more powerful than the former technique because it allows you to actually try multiple usernames and passwords against the victim host using favicons (the little black box in the URL field that says “RS” on this very site is an example of one).

Lastly, Jeremiah mentioned something I came up with nearly a year ago On a way to bypass Firefox’s port restrictions on Windows using alternate protocols (namely ftp: instead of http:). “Anonymous” had a snarky comment on Jeremiah’s blog post about me not coming up with this first, and that it rather was probably thought of first by the person who built it, but I seriously doubt they had JavaScript port scanning in mind when they built it. Oh well, you can’t please every Anonymous poster out there. Jeremiah has been on a bit of a binge publishing some of his older previously unpublished hacks. I can’t to see what else he’s got up his sleeves.

So wow, a lot of good stuff coming out this week. I’m glad people are starting to think about this again. I can’t wait to see what happens next.

3 Responses to “Port Scanning Gets Worse”

  1. Jeremiah Says:

    > Jeremiah has been on a bit of a binge publishing some of his older previously unpublished hacks. I can’t to see what else he’s got up his sleeves.

    Me too :)

  2. RSnake Says:

    Any hints? :)

  3. ntp Says:

    i meant to mention on jeremiah’s blog (as anonymous snarky poster #2) that zalewski talked about using ftp:// instead of http:// in the browser to bypass windows firewall restrictions in the book “silence on the wire”. very cool stuff tho, guys