SlideShare a Scribd company logo

Introducing Msd

Aung Khant, profile picture
Aung Khant

The document introduces the Malware Script Detector (MSD), a Greasemonkey script and standalone JavaScript file that detects malicious JavaScript on web pages. MSD was designed to detect popular attack frameworks like XSS-Proxy and BeEF by checking for exploits like data URI handling, Java/file protocols, and Unicode/null-byte injections. It covers both the Greasemonkey and standalone versions, their objectives, versions, and deployment methods. Weaknesses are acknowledged around form data and full protection, but MSD provides detection of client-side attacks that may not be caught by server-side defenses.

Technology
1 of 23
Downloaded 50 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Introducing The Malware Script Detector (MSD) By d0ubl3_h3lix http ://yehg.net Tue Feb 19 2008
Agenda Counter Strategy Overview XSS Coverage Versioning Info Standalone MSD Detection Screenshots Why MSD? Weaknesses
Counter Strategy Using the Power of JavaScript, Malware Script Detector detects JavaScript Malwares which use the Power of JavaScript
Overview Run on Gecko browsers (Firefox, Flock, Netscape, …etc) GreaseMonkey addon needed Acted as Browser IDS Intended for Web Client Security Recommended for every web surfer Please don’t underestimate MSD by looking its simplest source code
Overview (Cont.) Coded mainly to detect today’s popular powerfully malicious JavaScript attack frameworks: XSS-Proxy, XSS-Shell, AttackAPI, BeEF Version 2 was enhanced to prevent most XSS threats and includes XSS Attack Blacklists based on Firefox XSS-Warning addon
XSS Coverage MSD was coded to detect the following XSS exploitation areas: data: protocol exploitation like - data:image/gif - data:text/javascript - data:text/html jar: protocol exploitation file: protocol exploitation by locally saved malicious web pages
XSS Coverage Other protocol exploitation such as vbscript:, livescript:, mocha:, ftp:, mocha:, telnet:, ftp:, res:, x-gadget(MS-Vista), call (VOIP), aim: …etc unicode injection utf-7,null-byte (\00), black slash injection (u\r\l), comments star slash injection (/* */),injection like \u00, \x00....etc
XSS Coverage MSD was thoroughly tested with: - RSnake’s XSS CheatSheet - XSS-ME Addon Attack List - Dabbledb.com’s Xssdb list - CAL9000 XSS List
Versioning Info GreaseMonkey Version Main Objective: Alert XSS Attacks to users Must be Installed by users Requires Gecko Browser + GreaseMonkey Addon Version 1 – Detect Malware Scripts Version 2 – Detect Malware Scripts + Prevailing XSS
Versioning Info Standalone Version Main Objective: Alert XSS Attacks to users & webmaster Must be Deployed by web developers Browser-Independent No Checking if users have GreaseMonkey version Version 1 – Detect Malware Scripts + Prevailing XSS
Standalone MSD Standalone version was created as single .js file for web developers To embed in their footer files To notify both visitors and webmasters of XSS injection attempts & attacks Browser-independent unlike GreaseMonkey Script version Intended for web application security as a portable lightweight solution
 
Detection Screenshots
Why MSD? XSS Payloads like http://victim/?q=“><script>eval(location.hash.substr(1))</script>#xxxxxxxxxxxxxxxxxxxxxxMaliciousxxxxxPayloadsxxxxxxxxxxxxxxxxxxxxMaliciousxxxxxPayloadsxxxxxxxMaliciousxxxxxPayloadsxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx…..etc
Why MSD? (Cont.) Never get DETECTED by Web Server-level Firewall/IDS/IPS Because the code is Totally Executed at Client’s Browser
Why MSD? (Cont.) Malicious sites intentionally embed malicious JavaScript attack frameworks Bad guys 0wn web server boxes, and secretly install those attack frameworks as web backdoors or trojans to abuse users
Why MSD? (Cont.) No ways to detect such Malware scripts unless we check HTML source codes Disabling JavaScript, Using NoScript/VMware, Always Checking source codes are not effective solutions for most cases According to above scenarios, MSD becomes a nice solution for us
Oh, But …
Weaknesses Doesn’t check POSTS/COOKIES variables No guarantee for full protection of XSS Many ways to bypass MSD XSS Filtering needs to be updated regularly where extensive filtering may cause false alerts and much annoyance to users
Where Can I get it ? Check Under Tools Section http://yehg.net/lab/#tools.greasemonkey If you wish to contribute, there is a smoketest page. Insert your own XSS payload to defeat MSD. Notify me of whenever new Attack frameworks are created
Special Thanks Goes to Mario, http://php-ids.org Secgeek, http://www.secgeek s .com Andres Riancho , http://w3af.sf.net For encouragements and suggestions
Reference XSS Attacks & Defenses by PDP, RSnake, Jeremiah, Aton Rager, Seth Fogie Syngress Publishing ISBN-13:987-1-59749-154-9
Thank you!

More Related Content

PPTX
Cross site scripting
ashutosh rai
 
PPTX
Cross-Site Scripting (XSS)
Daniel Tumser
 
PDF
XSS Injection Vulnerabilities
Mindfire Solutions
 
PPTX
Cross Site Scripting (XSS)
Barrel Software
 
PDF
Cross site scripting
n|u - The Open Security Community
 
PPT
Identifying Cross Site Scripting Vulnerabilities in Web Applications
Porfirio Tramontana
 
PPT
Cross site scripting (xss)
Manish Kumar
 
ODP
XSS
Hrishikesh Mishra
 
Cross site scripting
ashutosh rai
 
Cross-Site Scripting (XSS)
Daniel Tumser
 
XSS Injection Vulnerabilities
Mindfire Solutions
 
Cross Site Scripting (XSS)
Barrel Software
 
Cross site scripting
n|u - The Open Security Community
 
Identifying Cross Site Scripting Vulnerabilities in Web Applications
Porfirio Tramontana
 
Cross site scripting (xss)
Manish Kumar
 
XSS
Hrishikesh Mishra
 

What's hot (20)

PPTX
Cross Site Scripting(XSS)
Nabin Dutta
 
PPTX
Reflective and Stored XSS- Cross Site Scripting
InMobi Technology
 
PPT
Xss.e xopresentation from eXo SEA
Thuy_Dang
 
PDF
Cross site scripting (xss) attacks issues and defense - by sandeep kumbhar
Sandeep Kumbhar
 
PPTX
Cross site scripting
kinish kumar
 
PPTX
Xss what the heck-!
VodqaBLR
 
PPTX
XSS- an application security vulnerability
Soumyasanto Sen
 
PPT
Xss ppt
chanakyac1
 
PPTX
Cross Site Scripting
Ali Mattash
 
PDF
The Cross Site Scripting Guide
Daisuke_Dan
 
PPTX
STORED XSS IN DVWA
Rutvik patel
 
PPTX
Cross site scripting
Bilal Mazhar MS(IS)Cyber Security II Privacy Professional
 
PPTX
Cross site scripting (xss)
Ritesh Gupta
 
PPTX
Cross Site Scripting Defense Presentation
Ikhade Maro Igbape
 
PDF
XSS-Alert-Pentration testing tool
Arjun Jain
 
PDF
BROWSER UI SECURITY INDICATORS
The SSL Store™
 
PPTX
OWASP Khartoum - Top 10 A5 - 7th meeting - Cross Site Request Forgery
OWASP Khartoum
 
PDF
Cross site scripting attacks and defenses
Mohammed A. Imran
 
PPTX
Cross Site Scripting (XSS)
OWASP Khartoum
 
PPTX
CSRF
Dilan Warnakulasooriya
 
Cross Site Scripting(XSS)
Nabin Dutta
 
Reflective and Stored XSS- Cross Site Scripting
InMobi Technology
 
Xss.e xopresentation from eXo SEA
Thuy_Dang
 
Cross site scripting (xss) attacks issues and defense - by sandeep kumbhar
Sandeep Kumbhar
 
Cross site scripting
kinish kumar
 
Xss what the heck-!
VodqaBLR
 
XSS- an application security vulnerability
Soumyasanto Sen
 
Xss ppt
chanakyac1
 
Cross Site Scripting
Ali Mattash
 
The Cross Site Scripting Guide
Daisuke_Dan
 
STORED XSS IN DVWA
Rutvik patel
 
Cross site scripting
Bilal Mazhar MS(IS)Cyber Security II Privacy Professional
 
Cross site scripting (xss)
Ritesh Gupta
 
Cross Site Scripting Defense Presentation
Ikhade Maro Igbape
 
XSS-Alert-Pentration testing tool
Arjun Jain
 
BROWSER UI SECURITY INDICATORS
The SSL Store™
 
OWASP Khartoum - Top 10 A5 - 7th meeting - Cross Site Request Forgery
OWASP Khartoum
 
Cross site scripting attacks and defenses
Mohammed A. Imran
 
Cross Site Scripting (XSS)
OWASP Khartoum
 
CSRF
Dilan Warnakulasooriya
 
Ad

Viewers also liked (11)

PPS
What A Perfect Ethical Hacker!
Aung Khant
 
PDF
Security Design Patterns
Aung Khant
 
PPT
Web Security Patterns - Jazoon 2010 - Zurich
javagroup2006
 
PPT
Security patterns and model driven architecture
bdemchak
 
PDF
Patterns and Antipatterns in Enterprise Security
WSO2
 
PPT
3. security architecture and models
7wounders
 
PPSX
2 Security Architecture+Design
Alfred Ouyang
 
PDF
Enterprise Security Architecture
Priyanka Aash
 
PPTX
Security models for security architecture
Vladimir Jirasek
 
PPTX
Security architecture frameworks
John Arnold
 
PDF
Enterprise Security Architecture
Kris Kimmerle
 
What A Perfect Ethical Hacker!
Aung Khant
 
Security Design Patterns
Aung Khant
 
Web Security Patterns - Jazoon 2010 - Zurich
javagroup2006
 
Security patterns and model driven architecture
bdemchak
 
Patterns and Antipatterns in Enterprise Security
WSO2
 
3. security architecture and models
7wounders
 
2 Security Architecture+Design
Alfred Ouyang
 
Enterprise Security Architecture
Priyanka Aash
 
Security models for security architecture
Vladimir Jirasek
 
Security architecture frameworks
John Arnold
 
Enterprise Security Architecture
Kris Kimmerle
 
Ad

Similar to Introducing Msd (20)

PDF
Antiviruxss
Marcusgcm
 
PDF
Introduction to Cross Site Scripting ( XSS )
Irfad Imtiaz
 
PPTX
A Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptx
Gitam Gadtaula
 
PPTX
Cross Site Scripting ( XSS)
Amit Tyagi
 
DOCX
Cisco WebEx vulnerability: it’s a kind of magic
ITrust - Cybersecurity as a Service
 
PPT
4.Xss
phanleson
 
PDF
Complete xss walkthrough
Ahmed Elhady Mohamed
 
DOCX
Continuing in your role as a human service provider for your local.docx
richardnorman90310
 
PDF
React security vulnerabilities
AngelinaJasper
 
PPTX
Cross site scripting
HarishKumar1779
 
PDF
SeanRobertsThesis
Sean Roberts
 
PDF
ImageSubXSS: an image substitute technique to prevent Cross-Site Scripting at...
IJECEIAES
 
PPTX
Hack miami emiliocasbas
Emilio Casbas
 
PDF
Xss 101
n|u - The Open Security Community
 
PDF
Xss 101 by-sai-shanthan
Raghunath G
 
PPT
Layer 7 Technologies: Web Services Hacking And Hardening
CA API Management
 
PDF
XSS.pdf
Okan YILDIZ
 
PDF
XSS.pdf
Okan YILDIZ
 
PDF
I'm in ur browser, pwning your stuff - Attacking (with) Google Chrome Extensions
Krzysztof Kotowicz
 
PDF
Analysis of XSS attack Mitigation techniques based on Platforms and Browsers
cscpconf
 
Antiviruxss
Marcusgcm
 
Introduction to Cross Site Scripting ( XSS )
Irfad Imtiaz
 
A Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptx
Gitam Gadtaula
 
Cross Site Scripting ( XSS)
Amit Tyagi
 
Cisco WebEx vulnerability: it’s a kind of magic
ITrust - Cybersecurity as a Service
 
4.Xss
phanleson
 
Complete xss walkthrough
Ahmed Elhady Mohamed
 
Continuing in your role as a human service provider for your local.docx
richardnorman90310
 
React security vulnerabilities
AngelinaJasper
 
Cross site scripting
HarishKumar1779
 
SeanRobertsThesis
Sean Roberts
 
ImageSubXSS: an image substitute technique to prevent Cross-Site Scripting at...
IJECEIAES
 
Hack miami emiliocasbas
Emilio Casbas
 
Xss 101
n|u - The Open Security Community
 
Xss 101 by-sai-shanthan
Raghunath G
 
Layer 7 Technologies: Web Services Hacking And Hardening
CA API Management
 
XSS.pdf
Okan YILDIZ
 
XSS.pdf
Okan YILDIZ
 
I'm in ur browser, pwning your stuff - Attacking (with) Google Chrome Extensions
Krzysztof Kotowicz
 
Analysis of XSS attack Mitigation techniques based on Platforms and Browsers
cscpconf
 

More from Aung Khant (20)

PDF
Securing Php App
Aung Khant
 
PDF
Securing Web Server Ibm
Aung Khant
 
PDF
Security Code Review
Aung Khant
 
PDF
Security Engineering Executive
Aung Khant
 
PDF
Security Engineeringwith Patterns
Aung Khant
 
PDF
Security Web Servers
Aung Khant
 
PDF
Security Testing Web App
Aung Khant
 
PDF
Session Fixation
Aung Khant
 
PDF
Sql Injection Paper
Aung Khant
 
PPT
Sql Injection Adv Owasp
Aung Khant
 
PDF
Php Security Iissues
Aung Khant
 
PDF
Sql Injection White Paper
Aung Khant
 
PDF
S Shah Web20
Aung Khant
 
PDF
S Vector4 Web App Sec Management
Aung Khant
 
PDF
Php Security Value1
Aung Khant
 
PDF
Privilege Escalation
Aung Khant
 
PDF
Php Security Workshop
Aung Khant
 
PDF
Preventing Xs Sin Perl Apache
Aung Khant
 
PDF
Protecting Web App
Aung Khant
 
PDF
Protecting Web Based Applications
Aung Khant
 
Securing Php App
Aung Khant
 
Securing Web Server Ibm
Aung Khant
 
Security Code Review
Aung Khant
 
Security Engineering Executive
Aung Khant
 
Security Engineeringwith Patterns
Aung Khant
 
Security Web Servers
Aung Khant
 
Security Testing Web App
Aung Khant
 
Session Fixation
Aung Khant
 
Sql Injection Paper
Aung Khant
 
Sql Injection Adv Owasp
Aung Khant
 
Php Security Iissues
Aung Khant
 
Sql Injection White Paper
Aung Khant
 
S Shah Web20
Aung Khant
 
S Vector4 Web App Sec Management
Aung Khant
 
Php Security Value1
Aung Khant
 
Privilege Escalation
Aung Khant
 
Php Security Workshop
Aung Khant
 
Preventing Xs Sin Perl Apache
Aung Khant
 
Protecting Web App
Aung Khant
 
Protecting Web Based Applications
Aung Khant
 

Recently uploaded (20)

PDF
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
PDF
Mushroom cultivation and it's methods.pdf
mailmeonrishi
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PPTX
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
August Patch Tuesday
Ivanti
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPTX
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PPTX
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PPTX
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
Mushroom cultivation and it's methods.pdf
mailmeonrishi
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
August Patch Tuesday
Ivanti
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
A Presentation on Artificial Intelligence
memembruh336
 

Introducing Msd

  • 1. Introducing The Malware Script Detector (MSD) By d0ubl3_h3lix http ://yehg.net Tue Feb 19 2008
  • 2. Agenda Counter Strategy Overview XSS Coverage Versioning Info Standalone MSD Detection Screenshots Why MSD? Weaknesses
  • 3. Counter Strategy Using the Power of JavaScript, Malware Script Detector detects JavaScript Malwares which use the Power of JavaScript
  • 4. Overview Run on Gecko browsers (Firefox, Flock, Netscape, …etc) GreaseMonkey addon needed Acted as Browser IDS Intended for Web Client Security Recommended for every web surfer Please don’t underestimate MSD by looking its simplest source code
  • 5. Overview (Cont.) Coded mainly to detect today’s popular powerfully malicious JavaScript attack frameworks: XSS-Proxy, XSS-Shell, AttackAPI, BeEF Version 2 was enhanced to prevent most XSS threats and includes XSS Attack Blacklists based on Firefox XSS-Warning addon
  • 6. XSS Coverage MSD was coded to detect the following XSS exploitation areas: data: protocol exploitation like - data:image/gif - data:text/javascript - data:text/html jar: protocol exploitation file: protocol exploitation by locally saved malicious web pages
  • 7. XSS Coverage Other protocol exploitation such as vbscript:, livescript:, mocha:, ftp:, mocha:, telnet:, ftp:, res:, x-gadget(MS-Vista), call (VOIP), aim: …etc unicode injection utf-7,null-byte (\00), black slash injection (u\r\l), comments star slash injection (/* */),injection like \u00, \x00....etc
  • 8. XSS Coverage MSD was thoroughly tested with: - RSnake’s XSS CheatSheet - XSS-ME Addon Attack List - Dabbledb.com’s Xssdb list - CAL9000 XSS List
  • 9. Versioning Info GreaseMonkey Version Main Objective: Alert XSS Attacks to users Must be Installed by users Requires Gecko Browser + GreaseMonkey Addon Version 1 – Detect Malware Scripts Version 2 – Detect Malware Scripts + Prevailing XSS
  • 10. Versioning Info Standalone Version Main Objective: Alert XSS Attacks to users & webmaster Must be Deployed by web developers Browser-Independent No Checking if users have GreaseMonkey version Version 1 – Detect Malware Scripts + Prevailing XSS
  • 11. Standalone MSD Standalone version was created as single .js file for web developers To embed in their footer files To notify both visitors and webmasters of XSS injection attempts & attacks Browser-independent unlike GreaseMonkey Script version Intended for web application security as a portable lightweight solution
  • 12.  
  • 14. Why MSD? XSS Payloads like http://victim/?q=“><script>eval(location.hash.substr(1))</script>#xxxxxxxxxxxxxxxxxxxxxxMaliciousxxxxxPayloadsxxxxxxxxxxxxxxxxxxxxMaliciousxxxxxPayloadsxxxxxxxMaliciousxxxxxPayloadsxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx…..etc
  • 15. Why MSD? (Cont.) Never get DETECTED by Web Server-level Firewall/IDS/IPS Because the code is Totally Executed at Client’s Browser
  • 16. Why MSD? (Cont.) Malicious sites intentionally embed malicious JavaScript attack frameworks Bad guys 0wn web server boxes, and secretly install those attack frameworks as web backdoors or trojans to abuse users
  • 17. Why MSD? (Cont.) No ways to detect such Malware scripts unless we check HTML source codes Disabling JavaScript, Using NoScript/VMware, Always Checking source codes are not effective solutions for most cases According to above scenarios, MSD becomes a nice solution for us
  • 18. Oh, But …
  • 19. Weaknesses Doesn’t check POSTS/COOKIES variables No guarantee for full protection of XSS Many ways to bypass MSD XSS Filtering needs to be updated regularly where extensive filtering may cause false alerts and much annoyance to users
  • 20. Where Can I get it ? Check Under Tools Section http://yehg.net/lab/#tools.greasemonkey If you wish to contribute, there is a smoketest page. Insert your own XSS payload to defeat MSD. Notify me of whenever new Attack frameworks are created
  • 21. Special Thanks Goes to Mario, http://php-ids.org Secgeek, http://www.secgeek s .com Andres Riancho , http://w3af.sf.net For encouragements and suggestions
  • 22. Reference XSS Attacks & Defenses by PDP, RSnake, Jeremiah, Aton Rager, Seth Fogie Syngress Publishing ISBN-13:987-1-59749-154-9

Editor's Notes