DOM Hacking - Paper and Tools

DOM Hacking was presented at BlackHat and going to present at next HackInTheBox. Here is the paper and Tools (DOMScan and DOMTracer). It helps during scanning, assessments and pen-testing. Enjoy!

Paper on DOM Hacking

PDF document from here [BlackHat site]
Presentation slides from here [BlackHat site]

DOMScan (Beta)
DOMScan - Scanning and Analyzing DOM

DOMScan is utility to drive IE and capture real time DOM from the browser. It gives access to active DOM context along with JavaScripts. One can observe the DOM in detail using this utility. It has predefined rules to scan DOM. One can run the scan on existing DOM and fetch interesting entry points and calls. It allows tracing through JavaScript variables as well. Using this utility one can identify following vulnerabilities.

• DOM based XSS
• DOM based vulnerable calls
• Source of abuse and external content loading methods
• Possible DOM logic and business layer calls
• Same Origin Bypass calls and usage
• Mashup usage inside DOM
• Widget Architecture review using the tool


DOMTracer (Beta)
DOMTracer - Firefox Plugin (Trace DOM and JavaScript Calls)

The DOM as seen in all the aforementioned cases needs to be analyzed in many aspects. Run-time analysis of the DOM/JavaScript is vital and aids one to look at the calls made during the ‘dynamic DOM manipulation’. The DOMTracer is a Firefox Extension for this same purpose. It has been written using the standard method of writing extensions using the XUL platform and the JavaScript language in majority. This is in beta and we are working on new features.