Cenzic 232 Patent
Paid Advertising
web application security lab

PortScanning Without JavaScript Part 2

Well, just as I predicted the technique I talked about the other day to do CSS history hacking without JavaScript can be ported over to do port scanning as well in Firefox. Using forced browsing in Firefox you can open a series of iframes that will report back to the parent page in real time that the user has visited the page in question. If the page doesn’t exist Firefox marks it as not visited. Hong built a proof of concept that he talks about here.

Unlike Jeremiah’s technique this does not use a timing attack, however it is pretty limited since it is slow (due to the extremely long timeouts associated with servers that aren’t there) and the fact you can’t make decisions based on the results you get from the attack since the page isn’t dynamic. Very interesting stuff though. Nice job, Hong!

And before I forget Sid Stamm alerted me to another place on the web that mentioned using CSS as a history stealing attack as early as in 2002 (where was I)? Anyway, I just wanted to make right on that. Not that I stole the idea, but I certainly didn’t come up with it first.

One Response to “PortScanning Without JavaScript Part 2”

  1. MustLive Says:

    RSnake, history is going cyclically (in world’s history and in security field also). Someone developed CSS hack at 2002, you developed it at 2007. Maybe it is because at that time no much attention was given to this issue.

    Will see what will be at this time. I hope that there will be no new redeveloped CSS hack at 2012 :-).