omerfareed_25 5 Report post Posted February 8, 2014 what is same origin? is it mean that Scripts (vb,js) can be executed from same domain name? what about differenet sub domain but same domain? please tell me in simple words with respect to (js) for Cookie Stealing so i can understand it! Thanks! Share this post Link to post
GiRa 459 Report post Posted February 8, 2014 To steal a cookie via JS you need: - httpOnly attribute (in the cookie) unset - your javascript must run in a page compliant to the domain attribute of the cookie - your javascript must run in a page compliant to the path attribute of the cookie The domain could be specific, like www.domain.com, or not like .domain.com. The same idea applies to the path, for example /working/path or simply / The same origin policy is a browser thing, the idea of XSS, and thus cookie stealing, is about breaking it by running a script under the attacker control in a attacked domain page. Share this post Link to post
Guest Domenico Report post Posted February 9, 2014 Hi omerfareed_25, The Same Origin Policy determines which DOM properties can be get/set by a browser client side code (for example javascript) when it tries to access resources (images, frames, etc) belonging to different origins. The origin is defined by the triplet: protocol domain (it's better using the term 'hostname') port These components can be easily retrieved by using a simple javascript console available on any browser (for example through the console interface of Firebug/Chrome). In this case you'd get the origin of the main document (what you load in the main tab of your browser). To know these components you should access the following DOM properties: document.location.protocol document.location.hostname document.location.port Examples of different origins: http://www.coliseumlab.com https://www.coliseumlab.com http://a.coliseumlab.com http://b.coliseumlab.com http://coliseumlab.com How the same origin policy affects the cookie stealing? Let's show through a simple example: Suppose you have a javascript file (code.js), included by a index.html page running on the origin http://www.coliseumlab.com . Suppose that file index.html includes an iframe (iframe.html) running on the origin http://www.elearnsecurity.com. So you have 2 documents: The main document (index.html, on the origin http://www.coliseumlab.com - URL: http://www.coliseumlab.com/index.html) The iframe document (iframe.html, on the origin http://www.elearnsecurity.com - URL: http://www.elearnsecurity.com/iframe.html ) The javascript code (on code.js) is run within the context of the origin http://www.coliseumlab.com, so it can access only DOM properties belonging to the origin http://www.coliseumlab.com. This javascript code cannot read properties of the iframe document because they are on different origins: http://www.coliseumlab.com against http://www.elearnsecurity.com. So, even if a cookie is available and accessible (via javascript) to the document http://www.elearnsecurity.com/iframe.html, it would not be accessible by the javascript code because this last code is run within the context of the origin http://www.coliseumlab.com and it's forbidden from reading properties of other documents belonging to different origins. This is the default behavior of the Same Origin Policy, excluding the exceptions and CORS. The Same Origin Policy has been dealt deeply in the Introduction module of the WAPT course. We've also included a video lesson. what is same origin? is it mean that Scripts (vb,js) can be executed from same domain name? what about differenet sub domain but same domain? please tell me in simple words with respect to (js) for Cookie Stealing so i can understand it! Thanks! Share this post Link to post
