Learn & practice AWS Hacking:<imgsrc="/.gitbook/assets/arte.png"alt=""data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<imgsrc="/.gitbook/assets/arte.png"alt=""data-size="line">\
Learn & practice GCP Hacking: <imgsrc="/.gitbook/assets/grte.png"alt=""data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
**Msaidizi wa huduma** ni script inayotumiwa na kivinjari chako kwa nyuma, tofauti na ukurasa wowote wa wavuti, ikiruhusu vipengele ambavyo havihitaji ukurasa wa wavuti au mwingiliano wa mtumiaji, hivyo kuboresha **uwezo wa usindikaji wa mbali na wa nyuma**. Taarifa za kina kuhusu wasaidizi wa huduma zinaweza kupatikana [hapa](https://developers.google.com/web/fundamentals/primers/service-workers). Kwa kutumia wasaidizi wa huduma ndani ya eneo la wavuti lenye udhaifu, washambuliaji wanaweza kupata udhibiti juu ya mwingiliano wa mwathirika na kurasa zote ndani ya eneo hilo.
Wasaidizi wa huduma waliopo wanaweza kuangaliwa katika sehemu ya **Wasaidizi wa Huduma** ya tab ya **Programu** katika **Zana za Wataalamu**. Njia nyingine ni kutembelea [chrome://serviceworker-internals](https://chromium.googlesource.com/chromium/src/+/main/docs/security/chrome%3A/serviceworker-internals) kwa mtazamo wa kina zaidi.
**Ruhusa za arifa za kusukuma** zinaathiri moja kwa moja uwezo wa **msaidizi wa huduma** kuwasiliana na seva bila mwingiliano wa moja kwa moja wa mtumiaji. Ikiwa ruhusa zimekataliwa, inapunguza uwezo wa msaidizi wa huduma kuleta tishio endelevu. Kinyume chake, kutoa ruhusa huongeza hatari za usalama kwa kuruhusu kupokea na kutekeleza matumizi mabaya yanayoweza kutokea.
* Njia ya **kupakia faili za JS zisizo na mpangilio** kwenye seva na **XSS ili kupakia msaidizi wa huduma** wa faili ya JS iliyopakiwa
* **Omba la JSONP lenye udhaifu** ambapo unaweza **kubadilisha matokeo (kwa msimbo wa JS usio na mpangilio)** na **XSS** ili **kupakia JSONP na mzigo** ambao uta **pata msaidizi wa huduma mbaya**.
Katika mfano ufuatao nitawasilisha msimbo wa **kujiandikisha msaidizi mpya wa huduma** ambao utasikiliza tukio la `fetch` na uta **tuma kwa seva ya washambuliaji kila URL iliyopatikana** (hii ni msimbo unahitaji **kupakia** kwenye **seva** au kupakia kupitia **jibu la JSONP lenye udhaifu**):
Na hii ndiyo code itakayoweza **kuandikisha mfanyakazi** (code ambayo unapaswa kuwa na uwezo wa kuitekeleza kwa kutumia **XSS**). Katika kesi hii, ombi la **GET** litatumwa kwa seva ya **washambuliaji****kuarifu** ikiwa **kuandikishwa** kwa mfanyakazi wa huduma kulifanikiwa au la:
There is a **C2** dedicated to the **exploitation of Service Workers** called [**Shadow Workers**](https://shadow-workers.github.io) that will be very useful to abuse these vulnerabilities.
The **24-hour cache directive** limits the life of a malicious or compromised **service worker (SW)** to at most 24 hours after an XSS vulnerability fix, assuming online client status. To minimize vulnerability, site operators can lower the SW script's Time-To-Live (TTL). Developers are also advised to create a [**service worker kill-switch**](https://stackoverflow.com/questions/33986976/how-can-i-remove-a-buggy-service-worker-or-implement-a-kill-switch/38980776#38980776) for rapid deactivation.
The function **`importScripts`** called from a Service Worker can **import a script from a different domain**. If this function is called using a **parameter that an attacker could** modify he would be able to **import a JS script from his domain** and get XSS.
Ikiwa URL/domain ambayo SW inatumia kuita **`importScripts`** iko **ndani ya kipengele cha HTML**, ni **uwezekano wa kuibadilisha kupitia DOM Clobbering** ili kufanya SW **ipakue script kutoka kwa domain yako mwenyewe**.
Jifunze & fanya mazoezi ya AWS Hacking:<imgsrc="/.gitbook/assets/arte.png"alt=""data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<imgsrc="/.gitbook/assets/arte.png"alt=""data-size="line">\
Jifunze & fanya mazoezi ya GCP Hacking: <imgsrc="/.gitbook/assets/grte.png"alt=""data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
* Angalia [**mpango wa usajili**](https://github.com/sponsors/carlospolop)!
* **Jiunge na** 💬 [**kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuatilie** kwenye **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu za hacking kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.
