{"id":496,"date":"2015-08-17T00:06:24","date_gmt":"2015-08-16T21:06:24","guid":{"rendered":"https:\/\/furkansandal.com\/xenotix-xss-exploit-framework-ile-xss-tespiti\/"},"modified":"2015-08-17T00:06:24","modified_gmt":"2015-08-16T21:06:24","slug":"xenotix-xss-exploit-framework-ile-xss-tespiti","status":"publish","type":"post","link":"https:\/\/furkansandal.com\/xenotix-xss-exploit-framework-ile-xss-tespiti\/","title":{"rendered":"Xenotix XSS Exploit Framework ile XSS Tespiti"},"content":{"rendered":"<div id=\"post-body-1164867962801796572\" itemprop=\"articleBody\" readability=\"131.587443946\">\n<h4>\n<div class=\"separator\" style=\"clear: both; text-align: center;\">\n<img loading=\"lazy\" decoding=\"async\" border=\"0\" src=\"https:\/\/i0.wp.com\/3.bp.blogspot.com\/-gH2Wh6-PrNQ\/U6mC2Nra99I\/AAAAAAAAA3I\/bLiWkcOHiZ4\/s1600\/cross-site-scripting-xss.png?resize=200%2C122\" height=\"122\" width=\"200\" data-recalc-dims=\"1\" \/><\/div>\n<p>XSS (Cross-site Scripting) Zafiyeti Nedir?<\/h4>\n<p>Kaba yorum ile; web uygulamas\u0131nda a\u00e7\u0131\u011f\u0131n meydana geldi\u011fi input\/inject point (veri giri\u015fi) alan\u0131na g\u00f6nderilen k\u00f6t\u00fc niyetli javascript kodlar\u0131n\u0131n, kullan\u0131c\u0131n\u0131n web taray\u0131c\u0131s\u0131nda \u00e7al\u0131\u015ft\u0131r\u0131ld\u0131\u011f\u0131 bir sald\u0131r\u0131 t\u00fcr\u00fcd\u00fcr. Yani Client-Side (kullan\u0131c\u0131 tarafl\u0131) bir sald\u0131r\u0131d\u0131r.<br \/>\nURL adreslerindeki query stringler ve form alanlar\u0131nda s\u0131kl\u0131kla g\u00f6r\u00fcl\u00fcr.<br \/>\nPhishing sald\u0131r\u0131lar\u0131na zemin olu\u015fturur.<br \/>\nGenellikle POST ve GET metotlar\u0131n\u0131n kullan\u0131ld\u0131\u011f\u0131 alanlarda olur.<\/p>\n<p><b>\u00c7e\u015fitleri:<\/b><br \/>Reflected (Yans\u0131yan), Stored (Depolanan) ve Dom-based olarak \u00fc\u00e7 \u00e7e\u015fittir.<\/p>\n<p><b>Reflected XSS<\/b><\/p>\n<div class=\"separator\" style=\"clear: both; text-align: center;\">\n<img loading=\"lazy\" decoding=\"async\" border=\"0\" src=\"https:\/\/i0.wp.com\/4.bp.blogspot.com\/-zwSU9fOD-28\/U6gbZYx9-KI\/AAAAAAAAA14\/Bs6IGqgeYZU\/s1600\/reflected-xss-diyagram.png?resize=640%2C334\" height=\"334\" width=\"640\" data-recalc-dims=\"1\" \/><\/div>\n<p><b>Stored XSS<\/b><\/p>\n<div class=\"separator\" style=\"clear: both; text-align: center;\">\n<img loading=\"lazy\" decoding=\"async\" border=\"0\" src=\"https:\/\/i0.wp.com\/1.bp.blogspot.com\/-HQE6U1YtyT4\/U6gbZYBN80I\/AAAAAAAAA2E\/BklOC308Phg\/s1600\/stored-xss-diyagram.png?resize=640%2C402\" height=\"402\" width=\"640\" data-recalc-dims=\"1\" \/><\/div>\n<p><b>Etkileri:<\/b><br \/>\nYaz\u0131l\u0131m betiklerinin kullan\u0131c\u0131 taraf\u0131nda \u00e7al\u0131\u015ft\u0131r\u0131lmas\u0131 sonucunda kullan\u0131c\u0131n\u0131n oturum bilgileri \u00e7al\u0131nabilir, web taray\u0131c\u0131s\u0131 (browser) ele ge\u00e7irilebilir veya bilgisayar\u0131na zararl\u0131 kodlar enjekte edilebilir ve bilgisayar y\u00f6netimi ele ge\u00e7irilebilir&#8230;<\/p>\n<h4><span class=\"ez-toc-section\" id=\"XSS_Zafiyeti_Nasil_Olusur\"><\/span>\nXSS Zafiyeti Nas\u0131l Olu\u015fur?<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>Temel olarak web uygulamada kullan\u0131c\u0131n\u0131n veri giri\u015fi yapt\u0131\u011f\u0131 alanlarda meta-karakterlerin filtrelenmemesinden kaynaklanmaktd\u0131r.<\/p>\n<h4><span class=\"ez-toc-section\" id=\"XSS_Zafiyetine_Nasil_Onlem_Alinabilir\"><\/span>\nXSS Zafiyetine Nas\u0131l \u00d6nlem Al\u0131nabilir?<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<ul>\n<li>Web uygulamas\u0131nda kullan\u0131c\u0131n\u0131n veri giri\u015fine izin verilen alanlarda filtreleme yaparak bu a\u00e7\u0131klar\u0131 kapatabilirsiniz. Veri giri\u015finin filtrelenmesi kadar veri \u00e7\u0131k\u0131\u015f\u0131n\u0131n da incelenmesi web uygulamalar\u0131n\u0131n g\u00fcvenli\u011fini artt\u0131racakt\u0131r.A\u015fa\u011f\u0131da belirtilen meta-karakterlerin filtrelenmesi web uygulamalar\u0131n XSS sald\u0131r\u0131lar\u0131na kar\u015f\u0131 g\u00fcvenli\u011fini sa\u011flayacakt\u0131r:<\/li>\n<\/ul>\n<p>\n[<b><span style=\"color: red;\">&#8216;<\/span><\/b>],[<b><span style=\"color: red;\">&lt;<\/span><\/b>],[<span style=\"color: red;\"><b>&gt;<\/b><\/span>],[<span style=\"color: red;\"><b>;<\/b><\/span>],[<span style=\"color: red;\"><b>\/<\/b><\/span>],[<span style=\"color: red;\"><b>?<\/b><\/span>],[<span style=\"color: red;\"><b>=<\/b><\/span>],[<span style=\"color: red;\"><b>&amp;<\/b><\/span>],[<span style=\"color: red;\"><b>#<\/b><\/span>],[<span style=\"color: red;\"><b>%<\/b><\/span>],[<span style=\"color: red;\"><b><\/b><\/span>],[<span style=\"color: red;\"><b><\/b><\/span>],[<span style=\"color: red;\"><b>|<\/b><\/span>],[<span style=\"color: red;\"><b>@<\/b><\/span>],[<span style=\"color: red;\"><b><\/b><\/span>],[<span style=\"color: red;\"><b>&#8220;<\/b><\/span>]<\/p>\n<ul>\n<li>\u00c7erezlerin g\u00fcvenli hale getirilmesi web uygulamalar\u0131n\u0131n g\u00fcvenli\u011fini artt\u0131rmak ad\u0131na yap\u0131labilecek en \u00f6nemli i\u015flemlerdendir. \u00c7erezler i\u00e7inde kullan\u0131c\u0131 ad\u0131, \u015fifre ve oturum durumunun saklanmas\u0131ndan ka\u00e7\u0131n\u0131lmal\u0131d\u0131r. E\u011fer tutulmas\u0131 gerekiyorsa \u015fifreli olarak tutulmas\u0131 tercih edilmelidir.<\/li>\n<\/ul>\n<ul>\n<li>Donan\u0131msal\/Yaz\u0131l\u0131msal Web Application Firewall (WAF) ile web uygulamas\u0131nda varolan bir zafiyetin sald\u0131rgan taraf\u0131ndan ke\u015ffedilme a\u015famas\u0131n\u0131 zorla\u015ft\u0131r\u0131p, loglay\u0131p, bloklayabilirsiniz.<\/li>\n<\/ul>\n<ul>\n<li>Belirli periyotlarda i\u00e7eriden ve d\u0131\u015far\u0131dan web uygulama g\u00fcvenlik testleri (penetrasyon testi) yapt\u0131rarak g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131n ke\u015ffi ve \u00f6nlem al\u0131nmas\u0131 sisteminizi daha g\u00fcvenli k\u0131lacakt\u0131r.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Xenotix_XSS_Exploit_Framework_ile_Web_Uygulamada_XSS_Tespiti\"><\/span>\nXenotix XSS Exploit Framework ile Web Uygulamada XSS Tespiti<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><b>Xenotix XSS Exploit Framework Nedir? Ne i\u015f yapar bu alet?<\/b><br \/>\nWeb uygulamalar\u0131nda \u00e7e\u015fitli y\u00f6ntemlerle XSS zafiyetinin ke\u015ffi ve sonras\u0131nda bulunan zafiyeti s\u00f6m\u00fcrebilmek i\u00e7in b\u00fcnyesinde bir\u00e7ok exploiting ara\u00e7lar\u0131 bulunmaktad\u0131r.<\/p>\n<p><b>Ama\u00e7:<\/b><br \/>Hedef web uygulamas\u0131n\u0131n veri giri\u015fi yap\u0131labilen bir alan\u0131n\u0131 (inject point) g\u00f6ze kestirip o alana yakla\u015f\u0131k 1600 k\u00fcs\u00fcr XSS payload\u0131n\u0131 otomatik test eden Xenotix program\u0131n\u0131 kullanarak XSS tespit etmek.<\/p>\n<p><b>Xenotix XSS Exploit Framework \u0130ndir\/Download<\/b><\/p>\n<p><b>Kullan\u0131m\u0131:<\/b><br \/>Program\u0131 indirip \u00e7al\u0131\u015ft\u0131rd\u0131\u011f\u0131m\u0131zda hemen <i>Settings<\/i> men\u00fcs\u00fc alt\u0131ndan <i>Configure Server<\/i> se\u00e7ene\u011fine girip \u00e7\u0131kan pencereden Xenotix&#8217;in XSS exploiting i\u00e7in kulland\u0131\u011f\u0131 <i>QuickPHP Web Server<\/i> servisin ba\u015flamas\u0131 i\u00e7in <i>Start<\/i> butonuna bast\u0131\u011f\u0131m\u0131zda art\u0131k program i\u015f yapmaya haz\u0131r hale gelecektir.<\/p>\n<div class=\"separator\" style=\"clear: both; text-align: center;\">\n<img loading=\"lazy\" decoding=\"async\" border=\"0\" src=\"https:\/\/i0.wp.com\/1.bp.blogspot.com\/-vVjVKlSTZhc\/U6l7LbMdt9I\/AAAAAAAAA2Y\/qBylqAHOfk8\/s1600\/xenotix-xss-exploit-framework.png?resize=640%2C384\" height=\"384\" width=\"640\" data-recalc-dims=\"1\" \/><\/div>\n<p><i>Hide<\/i> butonuna basarak popup pencereyi kapatabilirsiniz.<\/p>\n<p><i>URL<\/i> k\u0131sm\u0131na hedef web uygulamas\u0131n\u0131n linki eklenip <i>Parameter<\/i> k\u0131sm\u0131na da XSS&#8217;e u\u011frayan parametreyi yaz\u0131yoruz:<\/p>\n<div class=\"separator\" style=\"clear: both; text-align: center;\">\n<img loading=\"lazy\" decoding=\"async\" border=\"0\" src=\"https:\/\/i0.wp.com\/4.bp.blogspot.com\/-8ooYlDz84hg\/U6l-PmZZj9I\/AAAAAAAAA2s\/p-ktxrZD_Mg\/s1600\/xenotix-xss-exploit-framework2.png?resize=640%2C384\" height=\"384\" width=\"640\" data-recalc-dims=\"1\" \/><\/div>\n<p>\nDaha sonra <i>Scanner<\/i> men\u00fcs\u00fcn\u00fcn alt\u0131ndan <i>GET Request Manuel Mode<\/i> se\u00e7ene\u011fini tercih edersek bir\u00a0XSS\u00a0payload\u00a0sayac\u0131yla kar\u015f\u0131la\u015faca\u011f\u0131z ve <i>Next Payload<\/i> dedik\u00e7e s\u0131rayla kodlar\u0131 parametre sonras\u0131na ekleyip \u00fc\u00e7 farkl\u0131 web taray\u0131c\u0131 \u00fczerinde sonucu g\u00f6sterecektir. E\u011fer <i>GET Request Auto Mode<\/i> se\u00e7ene\u011fini tercih edersek de saya\u00e7la u\u011fra\u015fmayaca\u011f\u0131z, Xenotix kendisi s\u0131rayla\u00a0XSS\u00a0payloadlar\u0131n\u0131 deneyecektir, bize sadece\u00a0ekrandan takip etmek d\u00fc\u015fecektir:<\/p>\n<div class=\"separator\" style=\"clear: both; text-align: center;\">\n<img loading=\"lazy\" decoding=\"async\" border=\"0\" src=\"https:\/\/i0.wp.com\/1.bp.blogspot.com\/-ej8CWlhSfkk\/U6l_gg_ZVMI\/AAAAAAAAA28\/3U8AGmzJCHw\/s1600\/xenotix-xss-exploit-framework4.png?resize=640%2C334\" height=\"334\" width=\"640\" data-recalc-dims=\"1\" \/><\/div>\n<p>\nG\u00f6r\u00fcld\u00fc\u011f\u00fc gibi ben manuel modu se\u00e7tim ve next diyerek 19. payloadda XSS&#8217;i yakalad\u0131m. \u00dc\u00e7 farkl\u0131 web taray\u0131c\u0131s\u0131nda da ba\u015far\u0131l\u0131 bir \u015fekilde \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131 g\u00f6rd\u00fcm.<br \/>\nPayload b\u00f6l\u00fcm\u00fcnden hedef parametreye hangi\u00a0XSS\u00a0paylod\u0131n\u0131n kullan\u0131ld\u0131\u011f\u0131n\u0131 g\u00f6rebiliriz.<\/p>\n<p><i>NOT: Bir sonraki Xenotix makalemde, ke\u015ffedilen XSS zafiyeti sonras\u0131 program\u0131n exploiting \u00f6zelliklerinden bahsedece\u011fim.<\/i>\n<\/p>\n<\/div>\n<p>\n<a href=\"https:\/\/furkansandal.com\">Furkan SANDAL<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>XSS (Cross-site Scripting) Zafiyeti Nedir? Kaba yorum ile; web uygulamas\u0131nda a\u00e7\u0131\u011f\u0131n meydana geldi\u011fi input\/inject point (veri giri\u015fi) alan\u0131na g\u00f6nderilen k\u00f6t\u00fc&#8230;<\/p>\n","protected":false},"author":1,"featured_media":477,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","footnotes":""},"categories":[6,1,9,10,7,4],"tags":[78,76,88,89,26,83,81,79,82,77,80,84,85,87,86],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/furkansandal.com\/wp-content\/uploads\/2015\/08\/tekno.jpg?fit=480%2C343&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6BM7I-80","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts\/496"}],"collection":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/comments?post=496"}],"version-history":[{"count":0,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts\/496\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/media\/477"}],"wp:attachment":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/media?parent=496"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/categories?post=496"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/tags?post=496"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}