Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-23 13:13:41 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/pentesting-web/xss-cross-site-scripting/dom-invader.md

114 lines
8.1 KiB
Markdown
Raw Normal View History

Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-03-17 16:40:53 +00:00
# DOM Indringer
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
<details>
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-03-17 16:40:53 +00:00
<summary><strong>Leer AWS-hacking vanaf nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
Ander maniere om HackTricks te ondersteun:
arte
2024-01-01 17:15:42 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-03-17 16:40:53 +00:00
* As jy jou **maatskappy geadverteer wil sien in HackTricks** of **HackTricks in PDF wil aflaai** Kontroleer die [**INSKRYWINGSPLANNE**](https://github.com/sponsors/carlospolop)!
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
* Kry die [**amptelike PEASS & HackTricks swag**](https://peass.creator-spring.com)
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-03-17 16:40:53 +00:00
* Ontdek [**Die PEASS Familie**](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Deel jou haktruuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github-opslag.
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
</details>
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-03-17 16:40:53 +00:00
## DOM Indringer
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-03-17 16:40:53 +00:00
DOM Indringer is 'n blaaierhulpmiddel wat in Burp se ingeboude blaaier geïnstalleer is. Dit help met die **opsporing van DOM XSS- kwesbaarhede** deur verskeie bronne en sappe te gebruik, insluitend webboodskappe en prototipevervuiling. Die hulpmiddel is vooraf geïnstalleer as 'n uitbreiding.
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-03-17 16:40:53 +00:00
DOM Indringer integreer 'n lêer binne die blaaier se DevTools-paneel wat die volgende moontlik maak:
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-03-17 16:40:53 +00:00
1. **Identifikasie van beheerbare sappe** op 'n webbladsy vir DOM XSS-toetsing, wat konteks- en sanitiseringsbesonderhede verskaf.
2. **Log, redigeer, en herstuur webboodskappe** wat gestuur word via die `postMessage()`-metode vir DOM XSS-toetsing. DOM Indringer kan ook kwesbaarhede outomaties opspoor deur spesiaal ontwerpte webboodskappe.
3. Opsoek na **kliëntkant prototipevervuilingsbronne** en skandering van beheerbare toestelle wat na risikosappe gestuur word.
4. Identifisering van **DOM-oorvul-kwesbaarhede**.
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-03-17 16:40:53 +00:00
### Skakel dit aan
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-03-17 16:40:53 +00:00
Gaan na die **Burp-uitbreiding** in die ingeboude blaaier van Burp en skakel dit aan:
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
GITBOOK-4035: change request with no subject merged in GitBook
2023-08-16 04:32:29 +00:00
<figure><img src="../../.gitbook/assets/image (4) (1) (1) (2).png" alt=""><figcaption></figcaption></figure>
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-03-17 16:40:53 +00:00
Vernuwe die bladsy en in die **Dev Tools** sal jy die **DOM Indringer-lêer vind:**
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-03-17 16:40:53 +00:00
<figure><img src="../../.gitbook/assets/image (3) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-03-17 16:40:53 +00:00
### Spuit 'n Kanarie in
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-03-17 16:40:53 +00:00
In die vorige beeld kan jy 'n **willekeurige groep karakters sien, dit is die Kanarie**. Jy moet dit nou begin **inspuit** in verskillende dele van die web (parameters, vorms, url...) en elke keer daarop klik. DOM Indringer sal nagaan of die **kanarie in enige interessante sappe geëindig het** wat benut kan word.
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-03-17 16:40:53 +00:00
Verder sal die opsies **Inject URL-parameters** en Inject vorms outomaties 'n **nuwe lêer oopmaak** deur die **kanarie** in elke **URL**-parameter en **vorm** wat dit vind, in te spuit.
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-03-17 16:40:53 +00:00
### Spuit 'n leë Kanarie in
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-03-17 16:40:53 +00:00
As jy net potensiële sappe wil vind wat die bladsy mag hê, selfs al is hulle nie benutbaar nie, kan jy soek na 'n leë kanarie.
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-03-17 16:40:53 +00:00
### Postboodskappe
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-03-17 16:40:53 +00:00
DOM Indringer maak dit moontlik om vir DOM XSS te toets deur webboodskappe te gebruik met kenmerke soos:
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-03-17 16:40:53 +00:00
1. **Log webboodskappe** wat gestuur word via `postMessage()`, soortgelyk aan Burp Proxy se HTTP-versoek-/antwoordgeskiedenislogging.
2. **Wysiging** en **heruitreiking** van webboodskappe om handmatig vir DOM XSS te toets, soortgelyk aan Burp Repeater se funksie.
3. **Outomatiese wysiging** en stuur van webboodskappe vir die ondersoek van DOM XSS.
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
#### Boodskapbesonderhede
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-03-17 16:40:53 +00:00
Gedetailleerde inligting oor elke boodskap kan besigtig word deur daarop te klik, wat insluit of die kliëntkant-JavaScript die `oorsprong`, `data`, of `bron`-eienskappe van die boodskap benader.
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-03-17 16:40:53 +00:00
* **`oorsprong`** : As die **oorspronginligting van die boodskap nie nagegaan word nie**, kan jy kruisoorsprongboodskappe na die gebeurtenishanterer **vanaf 'n willekeurige eksterne domein** stuur. Maar as dit nagegaan word, kan dit steeds onveilig wees.
* **`data`**: Hierdie is waar die lading gestuur word. As hierdie data nie gebruik word nie, is die sap nutteloos.
* **`bron`**: Evalueer of die bron-eienskap, gewoonlik na 'n iframe verwys, gevalideer word in plaas van die oorsprong. Selfs al is dit nagegaan, verseker dit nie dat die validering nie omseil kan word nie.
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
#### Antwoord op 'n boodskap
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-03-17 16:40:53 +00:00
1. Klik op enige boodskap vanuit die **Boodskappe**-sig om die boodskapbesonderhede-venster oop te maak.
2. Redigeer die **Data**-veld soos benodig.
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
3. Klik op **Stuur**.
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
### Prototipevervuiling
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-03-17 16:40:53 +00:00
DOM Indringer kan ook soek na **Prototipevervuilingskwesbaarhede**. Eerstens moet jy dit inskakel:
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
GITBOOK-4061: change request with no subject merged in GitBook
2023-08-31 15:11:42 +00:00
<figure><img src="../../.gitbook/assets/image (5) (1) (1) (3).png" alt=""><figcaption></figcaption></figure>
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-03-17 16:40:53 +00:00
Dan sal dit **soek na bronne** wat jou in staat stel om arbitrêre eienskappe by die **`Object.prototype`** toe te voeg.
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-03-17 16:40:53 +00:00
As iets gevind word, sal 'n **Toets**-knoppie verskyn om die gevonde bron te **toets**. Klik daarop, 'n nuwe lêer sal oopmaak, skep 'n voorwerp in die konsole en kyk of die `toets-eienskap` bestaan:
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
```javascript
let b = {}
b.testproperty
```
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-03-17 16:40:53 +00:00
Once you found a source you can **scan for a gadget**:
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-03-17 16:40:53 +00:00
1. 'n Nuwe lappie word oopgemaak deur DOM Invader wanneer die **Scan vir gadgets** knoppie, wat langs enige geïdentifiseerde prototipevervuilingsbron in die **DOM**-sig, geklik word. Die skandering vir geskikte gadgets begin dan.
2. Intussen moet die **DOM Invader**-lappie in dieselfde lappie oopgemaak word in die DevTools-paneel. Nadat die skandering voltooi is, word enige sappe wat toeganklik is via die geïdentifiseerde gadgets in die **DOM**-sig vertoon. Byvoorbeeld, 'n gadget-eienskap genaamd `html` wat na die `innerHTML`-sink gestuur word, word in die voorbeeld hieronder getoon.
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-03-17 16:40:53 +00:00
## DOM clobbering
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-03-17 16:40:53 +00:00
In die vorige beeld is dit moontlik om te sien dat die DOM clobbering-skandering aangeskakel kan word. Wanneer dit gedoen is, **sal DOM Invader begin soek na DOM clobbering-gebreke**.
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
## Verwysings
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
* [https://portswigger.net/burp/documentation/desktop/tools/dom-invader](https://portswigger.net/burp/documentation/desktop/tools/dom-invader)
* [https://portswigger.net/burp/documentation/desktop/tools/dom-invader/enabling](https://portswigger.net/burp/documentation/desktop/tools/dom-invader/enabling)
* [https://portswigger.net/burp/documentation/desktop/tools/dom-invader/dom-xss](https://portswigger.net/burp/documentation/desktop/tools/dom-invader/dom-xss)
* [https://portswigger.net/burp/documentation/desktop/tools/dom-invader/web-messages](https://portswigger.net/burp/documentation/desktop/tools/dom-invader/web-messages)
* [https://portswigger.net/burp/documentation/desktop/tools/dom-invader/prototype-pollution](https://portswigger.net/burp/documentation/desktop/tools/dom-invader/prototype-pollution)
* [https://portswigger.net/burp/documentation/desktop/tools/dom-invader/dom-clobbering](https://portswigger.net/burp/documentation/desktop/tools/dom-invader/dom-clobbering)
<details>
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-03-17 16:40:53 +00:00
<summary><strong>Leer AWS-hacking vanaf nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
Translated to Afrikaans
2024-02-11 02:07:06 +00:00
Ander maniere om HackTricks te ondersteun:
arte
2024-01-01 17:15:42 +00:00
Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat
2024-03-17 16:40:53 +00:00
* As jy wil sien dat jou **maatskappy geadverteer word in HackTricks** of **HackTricks aflaai in PDF-formaat** Kontroleer die [**INSKRYWINGSPLANNE**](https://github.com/sponsors/carlospolop)!
* Kry die [**amptelike PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Ontdek [**Die PEASS-familie**](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [**NFT's**](https://opensea.io/collection/the-peass-family)
* **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Deel jou haktruuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github-opslag.
GITBOOK-3915: change request with no subject merged in GitBook
2023-05-12 14:33:51 +00:00
</details>
Reference in a new issue Copy permalink