fbpx

Computer Assignment | Homework Help Websites

Cross-site scripting (XSS) Attacks

Don't use plagiarized sources. Get Your Assignment on
Computer Assignment | Homework Help Websites
Just from $13/Page
Order Now

Cross-site scripting (XSS) is a type of vulnerability commonly found in web applications. This vulnerability makes it possible for attackers to inject malicious code (e.g. JavaScript programs) into victim’s web browser.

Using this malicious code, the attackers can steal the victim’s credentials, such as cookies. The access control policies (i.e., the same origin policy) employed by the browser to protect those credentials can be bypassed by exploiting the XSS vulnerability. Vulnerabilities of this kind can potentially lead to large-scale attacks.

To demonstrate what attackers can do by exploiting XSS vulnerabilities, we have set up a web application named Elgg in our pre-built Ubuntu VM image. Elgg is an open-source web application for social networking, and it has implemented a number of countermeasures to remedy the XSS threat. To demonstrate how XSS attacks work, we have commented out these countermeasures in Elgg in our installation, intentionally making Elgg vulnerable to XSS attacks. Without the countermeasures, users can post any arbitrary message, including JavaScript programs, to the user profiles. In this lab, students need to exploit this vulnerability to launch an XSS attack on the modified Elgg, in a way that is similar to what Samy Kamkar did to MySpace in 2005 through the notorious Samy worm. The ultimate goal of this attack is to spread an XSS worm among the users, such that whoever views an infected user profile will be infected, and whoever is infected will add you (i.e., the attacker) to his/her friend list.

 

Environment setup for the problem:

For this problem, we will assume that you have set up the Ubuntu virtual machine environment based on the instructions in the Syllabus under “Special Software Installation Requirements”.

We will need the following:

  • Firefox web browser
  • Apache web server
  • Elgg web application

For the Firefox browser, we need to use the LiveHTTPHeaders extension for Firefox to inspect the HTTP requests and responses (available under the “Tools” menu in Firefox). The pre-built Ubuntu VM image provided to you has already installed the Firefox web browser with the required extension.

The Apache web server is also included in the pre-built Ubuntu image. However, the web server is not started by default. You have to first start the web server using one of the following two commands:

% sudo apache2ctl start

or

% sudo service apache2 start

The Elgg web application is already set up in the pre-built Ubuntu VM image. We have also created several user accounts on the Elgg server and the credentials are given below (username, password):

admin, seedelgg

alice, seedalice

boby, seedboby

charlie, seedcharlie

samy, seedsamy

You can access the Elgg server using the following URL (the Apache server needs to be started first):

http://www.xsslabelgg.com

(this URL is only accessible from inside of the virtual machine, because we have modified the /etc/hosts file to map the domain name (www.xsslabelgg.com) to the virtual machine’s local IP address 127.0.0.1).

Once you log in as a user in Elgg, you can access your Profile and list of Friends by clicking on icons in the upper left part of the browser window.

Note: Some of the project tasks require some basic familiarity with JavaScript. Wherever necessary,

we provide a sample JavaScript program to help you get started.

 

Writing a Self-Propagating XSS Worm

To become a real worm, the malicious JavaScript program should be able to propagate itself. Namely, whenever some people view an infected profile, not only will their profiles be modified, the worm will also be propagated to their profiles, further affecting others who view these newly infected profiles. This way, the more people view the infected profiles, the faster the worm can propagate. This is exactly the same mechanism used by the Samy Worm: within just 20 hours of its October 4, 2005 release, over one million users were affected, making Samy one of the fastest spreading viruses of all time. The JavaScript code that can achieve this is called a self-propagating cross-site scripting worm. In this task, you need to implement such a worm, which infects the victim’s profile.

To achieve self-propagation, when the malicious JavaScript modifies the victim’s profile, it should copy itself to the victim’s profile. If the entire JavaScript program (i.e., the worm) is embedded in the infected profile, to propagate the worm to another profile, the worm code can use DOM APIs to retrieve a copy of itself from the web page. An example of using DOM APIs is given below. This code gets a copy of itself, and display it in an alert window:

 

<script id=worm>

var   strCode = document.getElementById(“worm”);

alert(strCode.innerHTML);

</script>

URL Encoding: All messages transmitted using HTTP over the Internet use URL Encoding, which converts all non-ASCII characters such as space to special code under the URL encoding scheme. In the worm code, messages sent to Elgg should be encoded using URL encoding. The escape function can be used to URL encode a string. An example of using the encode function is given below.

 

<script>

var   strSample = “Hello World”;

var   urlEncSample = escape(strSample);

alert(urlEncSample);

</script>

Under the URL encoding scheme, the “+” symbol is used to denote space. In JavaScript programs, “+” is used for both arithmetic operations and string concatenation operations. To avoid this ambiguity, you may use the concat function for string concatenation, and avoid using addition. For the worm code in the exercise, you don’t have to use additions. If you do have to add a number (e.g a+5), you can use subtraction (e.g a-(-5)).

 

Other notes:

  • To modify the victim’s      profile, the HTTP request sent by the worm should contain the following      information in the HTML body of the request (which is sent via the content variable):

&accesslevel%5Bdescription%5D=2

(in fact, using the LiveHTTPHeaders extension, you can see this is included in a regular edit profile request)

  • Be careful when dealing      with an infected profile. If a profile is already infected by the XSS      worm, you may want to leave them alone, instead of modifying them again.      If you are not careful, you may end up removing the XSS worm from the profile.

What you need to do: 

1. Based on the format of the POST request to change a user’s profile, write a JavaScript script that changes the “About me” field in the profile of any user (the victim) who views an infected profile. The “About me” field should contain the following text:

Samy is my HERO (added by <insert your team member name/s here>)

Save your JavaScript script in a file task5.txt.

2. Login as user Samy and inject in the “About me” field of Samy’s profile the script from file task5.txt. (Make sure to select “Remove editor” before editing this field, in order to disable any automatic formatting)

3. Logout and login as user Alice, and then view Samy’s profile by selecting user Samy from “More => Members” in the Elgg menu. At this point, the malicious Javascript script will be executed and Alice’s profile will be infected as well.

4. Logout and login as user Boby, and then view Alice’s profile by selecting user Alice from “More => Members” in the Elgg menu. At this point, the malicious Javascript script will be executed and Boby’s profile will be infected as well.

5. Include in your project document: 

a. a screen printout with Alice’s profile after viewing Samy’s profile.

b. a screen printout with Boby’s profile after viewing Alice’s profile.

c. A printout of your JavaScript file task5.txt.

Calculate the price
Make an order in advance and get the best price
Pages (550 words)
$0.00
*Price with a welcome 15% discount applied.
Pro tip: If you want to save more money and pay the lowest price, you need to set a more extended deadline.
We know how difficult it is to be a student these days. That's why our prices are one of the most affordable on the market, and there are no hidden fees.

Instead, we offer bonuses, discounts, and free services to make your experience outstanding.
How it works
Receive a 100% original paper that will pass Turnitin from a top essay writing service
step 1
Upload your instructions
Fill out the order form and provide paper details. You can even attach screenshots or add additional instructions later. If something is not clear or missing, the writer will contact you for clarification.
Pro service tips
How to get the most out of your experience with Homework Writing Services
One writer throughout the entire course
If you like the writer, you can hire them again. Just copy & paste their ID on the order form ("Preferred Writer's ID" field). This way, your vocabulary will be uniform, and the writer will be aware of your needs.
The same paper from different writers
You can order essay or any other work from two different writers to choose the best one or give another version to a friend. This can be done through the add-on "Same paper from another writer."
Copy of sources used by the writer
Our college essay writers work with ScienceDirect and other databases. They can send you articles or materials used in PDF or through screenshots. Just tick the "Copy of sources" field on the order form.
Testimonials
See why 20k+ students have chosen us as their sole writing assistance provider
Check out the latest reviews and opinions submitted by real customers worldwide and make an informed decision.
Art (Fine arts, Performing arts)
Great work, Thank you
Customer 462791, April 3rd, 2022
Education
Nice try.
Customer 452441, April 19th, 2022
Fitness
Well-researched content.
Customer 463473, October 25th, 2022
Military
Excellent work
Customer 456821, February 26th, 2022
Religious studies
Always proofread before submitting to identify minor errors.
Customer 460547, April 2nd, 2022
Business and administrative studies
Excellent analysis.
Customer 459667, April 2nd, 2022
ASCI 491: Operational Application in Aeronautics
Good focus.
Customer 457731, April 3rd, 2022
Healthcare & Medical
Great
Customer 463473, November 4th, 2022
Education
Impeccable, fast, and professional!
Customer 453707, January 22nd, 2020
Military
excellent work
Customer 456821, August 14th, 2022
Business and administrative studies
On point.
Customer 459947, April 15th, 2022
Business and administrative studies
Commendable.
Customer 453375, April 30th, 2022
11,595
Customer reviews in total
96%
Current satisfaction rate
3 pages
Average paper length
37%
Customers referred by a friend
OUR GIFT TO YOU
15% OFF your first order
Use a coupon FIRST15 and enjoy expert help with any task at the most affordable price.
Claim my 15% OFF Order in Chat