Jump to content
Sign in to follow this  
omerfareed_25

SAME ORIGIN?

Recommended Posts

omerfareed_25

what is same origin?

is it mean that Scripts (vb,js) can be executed from same domain name?

 

what about differenet sub domain but same domain?

 

please tell me in simple words with respect  to (js) for Cookie Stealing so i can understand it!

 

Thanks!

Share this post


Link to post
GiRa

To steal a cookie via JS you need:

 - httpOnly attribute (in the cookie) unset

 - your javascript must run in a page compliant to the domain attribute of the cookie

 - your javascript must run in a page compliant to the path attribute of the cookie

 

The domain could be specific, like www.domain.com, or not like .domain.com.

 

The same idea applies to the path, for example /working/path or simply /

 

 

The same origin policy is a browser thing, the idea of XSS, and thus cookie stealing, is about breaking it by running a script under the attacker control in a attacked domain page.

Share this post


Link to post
Guest Domenico
Hi omerfareed_25,
 
 
The Same Origin Policy determines which DOM properties can be get/set by a browser client side code (for example javascript) when it tries to access resources (images, frames, etc) belonging to different origins.
 
 
The origin is defined by the triplet: 
  • protocol
  • domain (it's better using the term 'hostname')
  • port 
 
These components can be easily retrieved by using a simple javascript console available on any browser (for example through the console interface of Firebug/Chrome). In this case you'd get the origin of the main document (what you load in the main tab of your browser). To know these components you should access the following DOM properties:
  • document.location.protocol
  • document.location.hostname
  • document.location.port
 
 
Examples of different origins:
 
http://www.coliseumlab.com
https://www.coliseumlab.com
http://a.coliseumlab.com
http://b.coliseumlab.com
http://coliseumlab.com
 
 
How the same origin policy affects the cookie stealing?
 
 
Let's show through a simple example:
 
Suppose you have a javascript file (code.js), included by a index.html page running on the origin http://www.coliseumlab.com . Suppose that file index.html includes an iframe (iframe.html) running on the origin http://www.elearnsecurity.com. So you have 2 documents:
 
The javascript code (on code.js) is run within the context of the origin http://www.coliseumlab.com, so it can access only DOM properties belonging to the origin http://www.coliseumlab.com. This javascript code cannot read properties of the iframe document because they are on different origins: http://www.coliseumlab.com against http://www.elearnsecurity.com.
 
 
So, even if a cookie is available and accessible (via javascript) to the document http://www.elearnsecurity.com/iframe.html, it would not be accessible by the javascript code because this last code is run within the context of the origin http://www.coliseumlab.com and it's forbidden from reading properties of other documents belonging to different origins.
 
 
This is the default behavior of the Same Origin Policy, excluding the exceptions and CORS.
 
 
The Same Origin Policy has been dealt deeply in the Introduction module of the WAPT course. We've also included a video lesson.
 

 

 

what is same origin?

is it mean that Scripts (vb,js) can be executed from same domain name?

 

what about differenet sub domain but same domain?

 

please tell me in simple words with respect  to (js) for Cookie Stealing so i can understand it!

 

Thanks!

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
×