It has been long since I have posted in medium. I have been with my masters in cyber security all these days. However, I managed to come up new series of application security skill enhancer. I would love to bring on secure code review and python security automation.
As part of this series, I am planning to perform secure code review for web application and identify the vulnerable code. Eventually, the vulnerability will be exploited using python automation.
I strongly hope the readers will make an initiative to learn python automation after reading the story.
Bodgeit:
Bodgeit is an open source vulnerable application developed in JAVA for education purposes. Bodgeit application has been taken for this learning as this is comparatively easy to start with. Below is the link for bodgeit github.
Kudos to Simon Bennetts and Björn Kimminich for their contribution to the community. Great work!!
Installation of bodgeit
The installation has been explained in detail in below blog post. There is no secret method that I can give for installation. Thus, I would like to give references which are already existing on internet. Since this blog focuses mostly on code review and python automation, all other supporting details will be given in terms of reference.
Kudos to Interference Security for their contribution to the community. Great work!!
Start the tomcat server
Let us see what attack is going to be performed and how it is automated via python scripting.
XSS attack in search page
This is a simple attack for any application security engineer. However, it is always the best practice to start with simple task and move on to hard tasks. So, it will be easy for new beginners.
We are going to discuss about xss attack which can occur in search page of the application. The attack has been explained in detail in below link. As I said earlier, this story is not focusing on identifying a vulnerability. Rather, It gives emphasis on how to perform secure code review and how to exploit the vulnerability using python automation.
Once you have gone through the page, I guess you will have fair idea on what the vulnerability is. Basically, the attacker can inject any XSS payload to perform the attack.
Let us jump into code review next as to what leads to this vulnerability.
“jadx-gui” tool can be used to decompile the war file and review the code in human readable format.
As we can see in the image, search.jsp file is looking for a query parameter “q” and if <script>alert(“xss”)</script> value is given in the search text then XSS alert pop up occurs.
Prevention step
There is no input sanitization in the code for preventing malicious code injection from the user.
Kudos to DZone for their lovely contribution!!
Python script
Python is simple and very effective at same time. It is always handy to have python knowledge in application security as lot of tasks require automation.
All the details explaining the usage of the code have been provided in the code inline as comments. Kindly go through for better understanding and let me know if you have any questions.
Python script output
As we can see above, there are 2 different types payloads fed to the script. The script behaves according to the payload and results differently. Finally, we are able to automate xss attack via python script.
Hope you like it.More posts to come in future!!!
If you like the content, please support and feel free to share.Happy Learning..