Author Topic: Tests and other Media topics  (Read 247787 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31950
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31950
  • malware fighter
Re: Tests and other Media topics
« Reply #721 on: November 03, 2019, 01:35:09 PM »
How to check your website will live up to EU cookie regulations?
Disclaimer: The results presented might not be 100 % correct. This tool is meant to be used by site owners as a starting point for improvements, not as a rigorous analysis. 
https://www.cookiemetrix.com/  free analysis of just the homepage of the website,
for a full analysis create an account. (info credits go to Choi)

You could also compare it here with a privacy and security test: random example https://webcookies.org/cookies/media.reklamaizer.ru/2468946  (best checker i.m.h.o.)

Various checkers: https://www.cookiechecker.nl/  &   https://sitechecker.pro/cookie-checker/ 
Another Dutch one: https://www.browserchecker.nl/cookiewet

Interesting: http://www.whatarecookies.com/view.asp
Cleanse your cookies with Cookienator -> -https://cookienator.software.informer.com/2.6/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31950
  • malware fighter
Re: Tests and other Media topics
« Reply #722 on: November 07, 2019, 06:05:38 PM »
Watch that CMS that is nearing end of service time!

200.000 Magento-webshops without any patches next year for Magento version 1 - no more security updates to come.
So with that CMS urgent advice is to change to Magento 2 (but that upgrade is not an easy one, so start now).

Read: https://hostingtribunal.com/blog/magento-statistics/
and https://trends.builtwith.com/websitelist/Magento
and https://w3techs.com/technologies/details/cm-magento/all/all

If you want to avoid Magento webshops that did not perform the upgrade to version 2,
then one could find out the version (only when settings allow).
By putting /magento_version behind the domain address.
Example:
$ curl https://www.horecaxl.com/magento_version
Magento/2.1 (Community)  or scan at shodan.io for instance.

Another method is to scan with the tool available from here: https://whatcms.org/

polonus (volunteer 3rd party cold recon security website analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31950
  • malware fighter
Re: Tests and other Media topics
« Reply #723 on: November 08, 2019, 10:36:50 PM »
Here an example of a website still on Magento 1

Scanner of choice: https://www.magereport.com/scan/?s=https://www.shopdutyfree.com/

39 recommendations found through linting: https://webhint.io/scanner/13bf4595-6f35-4107-bdf3-807df5f7cdff
of which following are security related: https://webhint.io/scanner/13bf4595-6f35-4107-bdf3-807df5f7cdff#category-security

Security check for immediate threats: https://webscan.upguard.com/#/https://www.shopdutyfree.com/  (10 detected)
34 checks passed.

Site issue: https://sitecheck.sucuri.net/results/www.shopdutyfree.com

DOM-XSS flaws: Results from scanning URL: -https://www.shopdutyfree.com
Number of sources found: 28
Number of sinks found: 257

Results from scanning URL:
-https://www.shopdutyfree.com/static/version1572656038/_cache/merged/0e2010fc837637e2d987804478c1f47e.min.js
Number of sources found: 34
Number of sinks found: 14

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31950
  • malware fighter
Re: Tests and other Media topics
« Reply #724 on: November 11, 2019, 01:03:13 PM »
Linting is also a form of testing. So I tried to lint a static CMS Tilda built website, running on Qrator server here:
It resulted in 507 recommendations for the website: https://webhint.io/scanner/8be58bd9-04cb-4f5d-8903-1a4fd36aaf5b

DOM-XSS flaws: Results from scanning URL: -https://tilda.cc/ru/
Number of sources found: 7
Number of sinks found: 564
&
Results from scanning URL: -https://static.tildacdn.com/js/tilda-menusub-1.0.min.js
Number of sources found: 3
Number of sinks found: 7

Results from scanning URL: -https://use.typekit.net/gwk7uku.js  (external link)
Number of sources found: 5
Number of sinks found: 3

Another site built with Tilda: https://urlscan.io/result/f81ba6bd-10f2-426c-b2d7-06497c76bfae/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31950
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31950
  • malware fighter
Re: Tests and other Media topics
« Reply #726 on: November 13, 2019, 11:59:24 PM »
Working over header implementation and quieting other headers to get additional website security layers....

Security header scan: (random example): https://securityheaders.com/?q=http%3A%2F%2Fcraft2cart.com&followRedirects=on
Another one https://observatory.mozilla.org/analyze/craft2cart.com
where header scan is part of.
Then we can have results from the security scan on webhint:
where it is alo important for certain headers not to talk too loud, or rather not talk at all (PHP version for instance).
136 recommendations security wise: https://webhint.io/scanner/fd0e3451-9d4a-4908-b9e6-25a1ed3c0ec8#category-security
Then inside the browser there is Recx Security Analyser extension.
Re
Quote
HTTP/1.1 200 OK
Wed, 13 Nov 2019 22:35:33 GMT
Apache
PHP/5.6.40
Thu, 19 Nov 1981 08:52:00 GMT
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
no-cache
SAMEORIGIN
frontend=59c02d7a31291f121ab733e852b40f0a; expires=Wed, 13-Nov-2019 23:35:33 GMT; Max-Age=3600; path=/; domain=craft2cart dot com; HttpOnly
chunked
text/html; charset=UTF-8

We see the PHP version here: so we can look this up: https://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/version_id-298516/PHP-PHP-5.6.40.html
So then we will ask this question: https://stackoverflow.com/questions/5777792/what-does-it-mean-to-run-php-in-quiet-mode
 which will make it tad more difficult for either l33t attackers/and one-horse-trick script kiddies.

But we also have: https://dazzlepod.com/ip/?ip_address=http%3A%2F%2Fcraft2cart.com  (Netcraft risk score 1 red out of 10).

From Lansing where the site is hosted we can find:
https://www.shodan.io/host/208.79.234.118  together with possible vulnerabilities on that hoster.
Note: the device may not be impacted by all of these issues.
The vulnerabilities are implied based on the software and version.
This, when we combine it with this info here: https://toolbar.netcraft.com/site_report?url=host.purvainfosystems.info

Site was with malware during June this year: https://www.virustotal.com/gui/ip-address/208.79.234.118/relations

And we wil find the malware analysis on the malware researcher's resource site like maltiverse.
for craft2cart.com
created 5 months ago / modified 5 months ago
Bancolombia Personas phishing - Antiphishing.com.ar  av-element detected 

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31950
  • malware fighter
Re: Tests and other Media topics
« Reply #727 on: November 14, 2019, 06:35:04 PM »
To check settings for your website, use https://hstspreload.org/

See: https://www.globaldots.com/blog/8-http-security-headers-best-practices

HTTP headers an extension for your browser to check websites with.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31950
  • malware fighter
Re: Tests and other Media topics
« Reply #728 on: November 25, 2019, 12:55:04 AM »
SSL checker: https://certlogik.com/ssl-checker/
Also other tools at that site: crt alert and decoder.

Another site with this newer scanner: https://redkestrel.co.uk/products/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31950
  • malware fighter
Re: Tests and other Media topics
« Reply #729 on: November 27, 2019, 12:10:52 PM »
Read: https://sec-consult.com/en/blog/advisories/weak-encryption-cipher-and-hardcoded-cryptographic-keys-in-fortinet-products/

Want to test hard coded key XOR Cipher and the weakness grade resembling Ceasar or rather Vigenère,
test here: https://www.dcode.fr/xor-cipher    with many a tool to test encryption.

What did junky Pentesters find -
https://niiconsulting.com/checkmate/2018/05/reverse-engineering-for-beginners-xor-encryption-windows-x64/

Network Intelligence -  XOR is still used, mainly for obfuscation.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31950
  • malware fighter
Re: Tests and other Media topics
« Reply #730 on: December 02, 2019, 11:43:45 PM »
Too much about blacklists and blacklisting, now are you on this whitelist?

Check: https://www.dnswl.org/?page_id=72

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31950
  • malware fighter
Re: Tests and other Media topics
« Reply #731 on: December 03, 2019, 11:37:48 AM »
Using middleware inside browsers to speed up DNS-prefetching etc.
Read: https://github.com/helmetjs

DNS Prefetching is being used to resolve hosts faster and get a better load, however it could inside Google Chrome lead to averse effects. Making web pages load slower, not load at all, etc.

Read: https://www.mydigitallife.net/turn-off-dns-prefetching-in-google-chrome-to-fix-resolving-host-and-cannot-load-page-error/

DNS-prefetching can be turned off-on inside your browser privacy settings.

Test performance here: https://www.webpagetest.org/

Also see test tools here: https://geekflare.com/test-your-website-load-time/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31950
  • malware fighter
Re: Tests and other Media topics
« Reply #732 on: December 05, 2019, 01:04:11 PM »
Combing with DOM-XSS scanning for sinks and sources combining wit retirablejQuery library issues,
we have fine resources here: https://github.com/s0md3v/AwesomeXSS

Find them before they find you  ::)

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31950
  • malware fighter
Re: Tests and other Media topics
« Reply #733 on: December 05, 2019, 04:57:25 PM »
What also could bring a lot of insight on a particular website, is when you open it up inside the Developer's Console,
this could be done through at the same time giving in Ctrl+Shift+I
For this website -https://www.grenson.com
we could analyze:
Quote
 
preload.js:64 [Deprecation] Element.createShadowRoot is deprecated and will be removed in M73, around March 2019. Please use Element.attachShadow instead. See https://www.chromestatus.com/features/4507242028072960 for more details.
init @ preload.js:64
content-tss.js:2 content-tss.js loaded:  -https://www.grenson.com/us/'-alert()/
(unknown) hosted page injected
content-ads.js:2 content-ads.js loaded:  -https://www.grenson.com/us/'-alert()/
content.js:21 Uncaught TypeError: Illegal invocation: Function must be called on an object of type StorageArea
    at content.js:21
-www.google-analytics.com/analytics.js:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
-grens11111.pcapredict.com/js/sensor.js:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
(index):1 [DOM] Found 2 elements with non-unique id #email: (More info: -https://goo.gl/9p2vKq) <input type=​"text" name=​"login[username]​" placeholder=​"Email" value id=​"email" class=​"input-text required-entry validate-email" title=​"Email Address">​ <input type=​"text" name=​"login[username]​" placeholder=​"Email" value id=​"email" class=​"input-text required-entry validate-email" title=​"Email Address">​
(index):1 [DOM] Found 2 elements with non-unique id #login-form: (More info: -https://goo.gl/9p2vKq) <form action=​"-https:​/​/​www.grenson.com/​us/​customer/​account/​loginPost/​" method=​"post" id=​"login-form">​…​</form>​ <form action=​"-https:​/​/​www.grenson.com/​us/​customer/​account/​loginPost/​" method=​"post" id=​"login-form">​…​</form>​
(index):1 [DOM] Found 2 elements with non-unique id #pass: (More info: -https://goo.gl/9p2vKq) <input type=​"password" name=​"login[password]​" placeholder=​"Password" class=​"input-text required-entry validate-password" id=​"pass" title=​"Password">​ <input type=​"password" name=​"login[password]​" placeholder=​"Password" class=​"input-text required-entry validate-password" id=​"pass" title=​"Password">​
(index):1 [DOM] Found 4 elements with non-unique id #search: (More info: -https://goo.gl/9p2vKq) <input id=​"search" type=​"text" name=​"q" class=​"input-text" maxlength=​"255" autocomplete=​"off">​ <input id=​"search" type=​"text" name=​"q" class=​"input-text" maxlength=​"255" autocomplete=​"off">​ <input id=​"search" type=​"text" name=​"q" class=​"input-text" maxlength=​"255" autocomplete=​"off">​ <input id=​"search" type=​"text" name=​"q" class=​"input-text" maxlength=​"255" autocomplete=​"off">​
(index):1 [DOM] Found 3 elements with non-unique id #search_mini_form: (More info: https://goo.gl/9p2vKq) <form id=​"search_mini_form" action=​"-https:​/​/​www.grenson.com/​us/​catalogsearch/​result/​" method=​"get">​…​</form>​ <form id=​"search_mini_form" action=​"-https:​/​/​www.grenson.com/​us/​catalogsearch/​result/​" method=​"get">​…​</form>​ <form id=​"search_mini_form" action=​"-https:​/​/​www.grenson.com/​us/​catalogsearch/​result/​" method=​"get">​…​</form>​
(index):1 [DOM] Found 2 elements with non-unique id #send2: (More info: -https://goo.gl/9p2vKq) <button type=​"submit" class=​"button left" title=​"Login" name=​"send" id=​"send2">​…​</button>​ <button type=​"submit" class=​"button left" title=​"Login" name=​"send" id=​"send2">​…​</button>​
(index):1 Unchecked runtime.lastError: Could not establish connection. Receiving end does not exist.
preload.js:64 [Deprecation] Element.createShadowRoot is deprecated and will be removed in M73, around March 2019. Please use Element.attachShadow instead. See -https://www.chromestatus.com/features/4507242028072960 for more details.
init @ preload.js:64
preload.js:64 [Deprecation] Element.createShadowRoot is deprecated and will be removed in M73, around March 2019. Please use Element.attachShadow instead. See h-ttps://www.chromestatus.com/features/4507242028072960 for more details.
init @ preload.js:64
content-tss.js:2 content-tss.js loaded:  -https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lft7xkUAAAAAJC3_IM8O68WPOJHvttOTN-1dj74&co=aHR0cHM6Ly93d3cuZ3JlbnNvbi5jb206NDQz&hl=en&type=image&v=PRkVene3wKrZUWATSylf69ja&theme=light&size=normal&cb=4wm1rlpfzp0h
(unknown) hosted page injected
content-ads.js:2 content-ads.js loaded:  -https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lft7xkUAAAAAJC3_IM8O68WPOJHvttOTN-1dj74&co=aHR0cHM6Ly93d3cuZ3JlbnNvbi5jb206NDQz&hl=en&type=image&v=PRkVene3wKrZUWATSylf69ja&theme=light&size=normal&cb=4wm1rlpfzp0h
content.js:21 Uncaught TypeError: Illegal invocation: Function must be called on an object of type StorageArea
    at content.js:21
fingercounting.js:188 Uncaught DOMException: Failed to read the 'sessionStorage' property from 'Window': Access is denied for this document.
    at Counter.wrapMethod (chrome-extension://ommfjecdpepadiafbnidoiggfpbnkfbj/js/web_accessible/fingercounting.js:188:27)
    at new Counter (chrome-extension://ommfjecdpepadiafbnidoiggfpbnkfbj/js/web_accessible/fingercounting.js:160:12)
    at chrome-extension://ommfjecdpepadiafbnidoiggfpbnkfbj/js/web_accessible/fingercounting.js:250:19
    at chrome-extension://ommfjecdpepadiafbnidoiggfpbnkfbj/js/web_accessible/fingercounting.js:255:3
(unknown) caught WebWorker
content-tss.js:2 content-tss.js loaded:  about:blank
(unknown) hosted page injected
content-ads.js:2 content-ads.js loaded:  about:blank
content-tss.js:2 content-tss.js loaded:  about:blank
(unknown) hosted page injected
content-ads.js:2 content-ads.js loaded:  about:blank
content-tss.js:2 content-tss.js loaded:  -https://www.google.com/recaptcha/api2/bframe?hl=en&v=PRkVene3wKrZUWATSylf69ja&k=6Lft7xkUAAAAAJC3_IM8O68WPOJHvttOTN-1dj74&cb=amz0tege1pe4
VM29:5 hosted page injected
content-ads.js:2 content-ads.js loaded:  -https://www.google.com/recaptcha/api2/bframe?hl=en&v=PRkVene3wKrZUWATSylf69ja&k=6Lft7xkUAAAAAJC3_IM8O68WPOJHvttOTN-1dj74&cb=amz0tege1pe4
content.js:21 Uncaught TypeError: Illegal invocation: Function must be called on an object of type StorageArea
    at content.js:21
fingercounting.js:188 Uncaught DOMException: Failed to read the 'sessionStorage' property from 'Window': Access is denied for this document.
    at Counter.wrapMethod (chrome-extension://ommfjecdpepadiafbnidoiggfpbnkfbj/js/web_accessible/fingercounting.js:188:27)
    at new Counter (chrome-extension://ommfjecdpepadiafbnidoiggfpbnkfbj/js/web_accessible/fingercounting.js:160:12)
    at chrome-extension://ommfjecdpepadiafbnidoiggfpbnkfbj/js/web_accessible/fingercounting.js:250:19
    at chrome-extension://ommfjecdpepadiafbnidoiggfpbnkfbj/js/web_accessible/fingercounting.js:255:3
-> -https://www.grenson.com/ and -alert()/# returns a "You could go to previous page... etc.

Enjoy, good hunt

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
« Last Edit: December 05, 2019, 04:59:47 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31950
  • malware fighter
Re: Tests and other Media topics
« Reply #734 on: December 06, 2019, 12:51:23 PM »
With Retire.JS as an extension in the browser and retire insecurity today online scanner and also SNYK evaluation (see webhint scanner)
one can establish retirable jQuery libraries, with DOM-XSS scanners possible sources (input that can be eventually controlled) en sources (methods towards such a goal that can be (ab)used.

Also look here at these resources: https://domstorm.skepticfx.com/modules?id=529bbe6e125fac0000000003

Find these flaws, before they find you, see my test results:
https://domstorm.skepticfx.com/modules?id=529bbe6e125fac0000000003
You can for instance use the user script as User Script (ENUM_FUNCTION) inside Tamper Monkey extension, just an idea.

Test an example of DOM-based XSS here open up inbrowser: https://brutelogic.com.br/tests/sinks.html?name=%3Cimg+src+onerror=alert(3)%3E  Read: https://brutelogic.com.br/blog/dom-based-xss-the-3-sinks/
This is
Quote
Object.create (eval at exec_fn (sinks.html?name=<img+src+onerror=alert(3)>:1),

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
« Last Edit: December 07, 2019, 12:12:20 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!