{"id":413,"date":"2012-03-01T13:24:26","date_gmt":"2012-03-01T12:24:26","guid":{"rendered":"https:\/\/www.phillips321.co.uk\/?p=413"},"modified":"2016-06-22T14:20:32","modified_gmt":"2016-06-22T13:20:32","slug":"xss-browser-filters-disabling-it-for-app-testing","status":"publish","type":"post","link":"https:\/\/www.phillips321.co.uk\/2012\/03\/01\/xss-browser-filters-disabling-it-for-app-testing\/","title":{"rendered":"XSS browser filters, disabling it for app testing&#8230;"},"content":{"rendered":"<p>So you&#8217;ve got some XSS that you want to test but the browser you&#8217;ve been using for your app testing is protecting against the use of javascript in the address URL. The following URL:<\/p>\n<div class=\"codecolorer-container bash vibrant\" style=\"overflow:auto;white-space:nowrap;width:100%;\"><table cellspacing=\"0\" cellpadding=\"0\"><tbody><tr><td class=\"line-numbers\"><div>1<br \/><\/div><\/td><td><div class=\"bash codecolorer\">http:<span class=\"sy0\">\/\/<\/span>example.com<span class=\"sy0\">\/<\/span>index.asp?<span class=\"re2\">val<\/span>=<span class=\"sy0\">&lt;<\/span>script<span class=\"sy0\">&gt;<\/span>alert<span class=\"br0\">&#40;<\/span><span class=\"nu0\">1<\/span><span class=\"br0\">&#41;<\/span><span class=\"sy0\">&lt;\/<\/span>script<span class=\"sy0\">&gt;<\/span><\/div><\/td><\/tr><\/tbody><\/table><\/div>\n<p>Would end up getting sent to the server as:<\/p>\n<div class=\"codecolorer-container bash vibrant\" style=\"overflow:auto;white-space:nowrap;width:100%;\"><table cellspacing=\"0\" cellpadding=\"0\"><tbody><tr><td class=\"line-numbers\"><div>1<br \/><\/div><\/td><td><div class=\"bash codecolorer\">GET <span class=\"sy0\">\/<\/span>index.asp?<span class=\"re2\">val<\/span>=<span class=\"sy0\">%<\/span>3Cscript<span class=\"sy0\">%<\/span>3Ealert<span class=\"br0\">&#40;<\/span><span class=\"nu0\">1<\/span><span class=\"br0\">&#41;<\/span><span class=\"sy0\">%<\/span>3C<span class=\"sy0\">\/<\/span>script<span class=\"sy0\">%<\/span>3E HTTP<span class=\"sy0\">\/<\/span><span class=\"nu0\">1.1<\/span><\/div><\/td><\/tr><\/tbody><\/table><\/div>\n<p>In order to prevent this so we can test XSS flaws within applications we need to turn off the javascript filter in the client browser.<\/p>\n<p>There are a number of browsers and here&#8217;s the ways to do it in each of them.<\/p>\n<p><strong>IE<\/strong><br \/>\nClick Tools&#8211;>Internet Options and then navigate to the Security Tab.<br \/>\n<a href=\"http:\/\/www.phillips321.co.uk\/wp-content\/uploads\/2012\/03\/ie.1.png\"><img loading=\"lazy\" src=\"http:\/\/www.phillips321.co.uk\/wp-content\/uploads\/2012\/03\/ie.1-150x150.png\" alt=\"\" title=\"ie.1\" width=\"150\" height=\"150\" class=\"aligncenter size-thumbnail wp-image-427\" \/><\/a><a href=\"http:\/\/www.phillips321.co.uk\/wp-content\/uploads\/2012\/03\/ie.2.png\"><img loading=\"lazy\" src=\"http:\/\/www.phillips321.co.uk\/wp-content\/uploads\/2012\/03\/ie.2-150x150.png\" alt=\"\" title=\"ie.2\" width=\"150\" height=\"150\" class=\"aligncenter size-thumbnail wp-image-428\" \/><\/a><br \/>\nNow click Custom level and scroll towards the bottom where you will find that <em>Enable XSS filter<\/em> is currently on Enable. Set it to diabled. Click OK.<br \/>\n<a href=\"http:\/\/www.phillips321.co.uk\/wp-content\/uploads\/2012\/03\/ie.3.png\"><img loading=\"lazy\" src=\"http:\/\/www.phillips321.co.uk\/wp-content\/uploads\/2012\/03\/ie.3-150x150.png\" alt=\"\" title=\"ie.3\" width=\"150\" height=\"150\" class=\"aligncenter size-thumbnail wp-image-429\" \/><\/a><br \/>\nClick Yes to accept the warning followed by Apply and then finnaly OK.<br \/>\n<a href=\"http:\/\/www.phillips321.co.uk\/wp-content\/uploads\/2012\/03\/ie.4.png\"><img loading=\"lazy\" src=\"http:\/\/www.phillips321.co.uk\/wp-content\/uploads\/2012\/03\/ie.4-150x113.png\" alt=\"\" title=\"ie.4\" width=\"150\" height=\"113\" class=\"aligncenter size-thumbnail wp-image-430\" \/><\/a><\/p>\n<p><strong>Firefox<\/strong><br \/>\nFirefox configuration settings can be found by going to <em>about:config<\/em> in the URL address bar.<br \/>\n<a href=\"http:\/\/www.phillips321.co.uk\/wp-content\/uploads\/2012\/03\/ff.1.png\"><img loading=\"lazy\" src=\"http:\/\/www.phillips321.co.uk\/wp-content\/uploads\/2012\/03\/ff.1-150x150.png\" alt=\"\" title=\"ff.1\" width=\"150\" height=\"150\" class=\"aligncenter size-thumbnail wp-image-424\" \/><\/a><br \/>\nNow in the serach field type <em>urlbar.filter<\/em> and you&#8217;ll see that the value <em>browser.urlbar.filter.javascript<\/em> is set to true.<a href=\"http:\/\/www.phillips321.co.uk\/wp-content\/uploads\/2012\/03\/ff.2.png\"><img loading=\"lazy\" src=\"http:\/\/www.phillips321.co.uk\/wp-content\/uploads\/2012\/03\/ff.2-150x150.png\" alt=\"\" title=\"ff.2\" width=\"150\" height=\"150\" class=\"aligncenter size-thumbnail wp-image-425\" \/><\/a>Double click this value and it&#8217;s change the bollena to false. Your all set.<br \/>\n<a href=\"http:\/\/www.phillips321.co.uk\/wp-content\/uploads\/2012\/03\/ff.3.png\"><img loading=\"lazy\" src=\"http:\/\/www.phillips321.co.uk\/wp-content\/uploads\/2012\/03\/ff.3-150x150.png\" alt=\"\" title=\"ff.3\" width=\"150\" height=\"150\" class=\"aligncenter size-thumbnail wp-image-426\" \/><\/a><\/p>\n<p>Additionally for firefox:<br \/>\nsecurity.mixed_content.block_active_content<br \/>\nsecurity.mixed_content.block_display_content<br \/>\nnetwork.security.ports.banned.override<br \/>\nsecurity.disable_button.openCertManager<br \/>\nbrowser.urlbar.filter.javascript<br \/>\nurlbar.filter<br \/>\nbrowser.newtabpage.enabled<\/p>\n","protected":false},"excerpt":{"rendered":"<p>So you&#8217;ve got some XSS that you want to test but the browser you&#8217;ve been using for your app testing is protecting against the use of javascript in the address URL. The following URL: 1http:\/\/example.com\/index.asp?val=&lt;script&gt;alert&#40;1&#41;&lt;\/script&gt; Would end up getting sent to the server as: 1GET \/index.asp?val=%3Cscript%3Ealert&#40;1&#41;%3C\/script%3E HTTP\/1.1 In order to prevent this so we can [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[157,158,155,154,156,150,152,153,151],"_links":{"self":[{"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/posts\/413"}],"collection":[{"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/comments?post=413"}],"version-history":[{"count":17,"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/posts\/413\/revisions"}],"predecessor-version":[{"id":1307,"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/posts\/413\/revisions\/1307"}],"wp:attachment":[{"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/media?parent=413"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/categories?post=413"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.phillips321.co.uk\/wp-json\/wp\/v2\/tags?post=413"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}