Web application security - the fast guide 1.1 | Page 91

Chapter 5 - Attack Execution the client
P a g e | 91
5.5 intercepting messages from Flash, Java applet and
Silverlight
Flash or java applet Sends a request
Extract and
Decipher
message
Alter and
retransmit
message
capture and
Decipher
message
Send a privileged response
Figure 33: Intercepting messages from Flash, Java applet and Silverlight
Browser extension that technologies permit the execution of a code in a sandbox,
It was used originally to provide simple improving on the presentation of the
web application like creating animation or vivid contents , with much of
flexibility and power these technologies provide developers used it to create full
component and applications.
After all those components are used in the web pages and need to interact using
the web protocols so exchanged information are transmitted over Http and
usually in objects or complex structures.
Attacker can compromise the messages exchanged with those extensions and
refactor it.
Main target of the attack is to initiate attacks like SQL injection, buffer overflow
or manipulate parameters to have application related gain.
Attack requirement
 Extension interacts with server through Http
 No special encryption is used to preserve messages confidentiality.
Attack process
1. Capture the request initiated by the page using a proxy like Burp.
2. Depending on the type of extension use the right deciphering method
to unpack the message sent.
 Java applets use Java serialization which can be deciphered using a
plugin on Burp (JDSer).
 As for Flash it normally uses (AMF Action Message Format) which
is supported by default by Burp.
 Silver light uses (WFC windows communications foundation) and
SOAP (NBFS) message format that can be deciphered using a