Skip to content

SoheilKhodayari/DOMClobbering

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

83 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

DOMC-BT

DOMC-BT

Website | Browser Testing | Wiki | Markups | Payload Generator

DOM Clobbering Browser Testing Framework

Build Status Node made-with-python Open Source?Yes!

A comprehensive framework for testing web browsers against DOM Clobbering. DOMC-BT exhaustively generates test cases of candidate DOM Clobbering markups and automatically tests them against web browsers.

DOMC-BT complements TheThing a static-dynamic security analysis tool for DOM clobbering based on JAW.

DOMC-BT has a website available at https://soheilkhodayari.github.io/DOMClobbering.

HTML Sanitizer Testing Pipeline: Please see the HTML-ST repository!

✨ What This Repository Includes?

πŸ’₯ What is DOM Clobbering?

DOM Clobbering is an attack technique where the attacker achieves arbitrary client-side code execution by injecting a non-script HTML markup into a vulnerable webpage and transform the initially secure markup into executable code.

DOM Clobbering originates from a naming collision between JavaScript variables and named HTML markups, where attackers confuse the web application by injecting HTML elements whose id or name attribute matches the name of security-sensitive variables, such as variables used for fetching remote content (e.g., script src).

For more information, See here.

πŸš€ Browser Testing

🏭 Building

You can build the tool by:

$ docker-compose build web
$ docker-compose build browserstack

πŸ”₯ Running Tests in Your Browser

Run the web application that serves the test DOM Clobbering webpages:

$ docker-compose up web

Now, you should be able to visit the list of tests on http://127.0.0.1:3000, and run any of them in your browser by clicking on the links.

Note: The test pages automatically redirect to the next test webpage, therefore clicking the first test is sufficinet to run all the test cases.

🎑 Running Tests via BrowserStack

You can use BrowserStack to run the DOM clobbering testsuite for many browsers simultaneously.

Step 1: specify the browser configurations you would like to test in a .json file. See here for more information about available list of browsers. You can find an example in browser_capabilities.json in the root project directory.

Step 2: Run the webapp hosting the test pages, and setup a proxy so that BrowserStack can access this webapp:

$ docker-compose up web
$ ./browserstack_proxy ACCOUNT_KEY

Note: In the above command, replace ACCOUNT_KEY with your BrowserStack access key.

Note: For setting up the proxy, you may need to download the appropriate BrowserStack binary and rename it to BrowserStackLocal. For more information, refer to the official BrowserStack local testing documentation.

Step 3: Run the automated docker service called browserstack to execute the tests:

$ docker-compose up browserstack

➰ DOM Clobbering Markups

The raw data of DOM Clobbering markups are available in the domc_markups folder in the root project directory for different mobile and desktop browsers and browser versions.

An interactive version of clobbering markups is available online here, which provides an online browser testing solution. For testing each markup in your browser, simply click on it.

Found a new clobbering markup not in the online list and that you would like to share? Then, open up a new PR here.

πŸ“š DOM Clobbering Wiki

This repository features one of the first online wikis for DOM Clobbering accessible at https://soheilkhodayari.github.io/DOMClobbering.

The markdown files of the wiki are available in the domc_wiki folder in the project root directory.

🏭 Local Build

This repository uses the Jekyll just-the-docs as a GitHub pages remote theme, with the configuration specified in _config.yaml:

remote_theme: just-the-docs/just-the-docs
color_scheme: "dark"

Docker: You can build and run this Wiki inside a Docker container with:

$ docker-compose build wiki
$ docker-compose up wiki

Host Machine: alternatively, you can build it inside your host machine with:

$ gem install just-the-docs
$ bundle exec jekyll serve

For more information, please refer to the official just-the-docs and Jekyll documentations.

πŸ’» Automatic Deployment

The repository uses Github Actions to automatically build and publish a static version of the DOM Clobbering Wiki with Jekyll once a commit is merged with the master branch (i.e., a Pull Request is accepted).

πŸ™‹ Questions

For any questions, suggestions, feedback or concerns, please raise an issue in the repository.

πŸŽƒ Contribution and Code Of Conduct

Bug reports and pull requests are more than welcomed on GitHub. For more information, please refer to contribution guidelines.

This project is intended to be a safe, welcoming space, and contributors are expected to adhere to the contributor code of conduct.

πŸ“ Academic Publication

The contents of this repository has been published as a part of a IEEE S&P'23 paper. If you use DOMC-BT for academic research, we encourage you to cite the following paper:

@inproceedings {SKhodayariSP23TheThing,
  author = {Soheil Khodayari and Giancarlo Pellegrino},
  title = {It's (DOM) Clobbering Time: Attack Techniques, Prevalence, and Defenses,
  booktitle = {To Appear at proceedings of the 44rd IEEE Symposium on Security and Privacy},
  year = {2023},
}

Browser Testing

We thank the BrowserStack Open-Source Program for supporting this project.