Reverse Engineering Browser Components: Dissecting and Hacking Silverlight, HTML 5 and Flex presented at BlackhatUSA 2011

by Shreeraj Shah,


Summary : Hacking browser components by Reverse Engineering is emerging as the best way of discovering potential vulnerability across web applications in era of Rich Internet Applications (RIA). RIA space is flooded with technologies like HTML 5, Flex/Flash, Silverlight, extended DOM and numerous third party libraries. Browsers are getting hacked and attacked almost every day by attacker, worms and malware with specific scope. We have seen exploitation of these technologies on popular site like facebook, twitter, yahoo, google to name a few.
The traditional boundaries of web applications are fading out and browsers are hosting substantial part of web application including data access, business logic, encryptions etc. along with presentation layer. It is making browser components a potential target for hackers. The danger of poorly written browser components is greater in today's world and successful exploitation can have significant impact on application.
Reverse Engineering can be applied to determine potential weakness by following well defined methodology. It contains reverse engineering the architecture of browser layer, fingerprinting components, discovery of cross domain interactions, debugging calls, DOM inspection, decompiling components, inter-platform communication, socket calls inspection and vulnerability tracing.
This paper will go over these steps in detail and help in identifying any weakness or vulnerability associated with browser component. Browsers are no longer a static content loader; it allows complicated operations in this era. Browsers can run powerful application using HTML 5 components like WebWorkers (threads), WebSockets and Sandboxed iframes. It can load Silverlight and flex content and allows application to emulate a rich desktop. We will be covering following attacks, threats and analysis techniques to dissect browser component using reverse engineering tools (author is releasing tools along with the paper).
Malware and Worms leveraging XHR and WebSockets
Exploiting cool HTML 5 presentation features like CSS-opacity, Sandboxed iframes, Canvas etc. for potential abuses like ClickJacking and Spoofing
Reverse engineering Silverlight components to discover vulnerabilities and business logic secrets
Hacking and attacking flex/flash components via DOM
Protocol reverse engineering and injections AMF, WCF, JSON etc.
DOM injections and pollution to gain execution capabilities
Cross widgets and component hacking and architecture reverse engineering
HTML 5 usage and impact analysis (Tag and Attributes decomposition)
Decompilation and Static Code Analysis vectors for JavaScript/Flash/Silvelight
Abusing and exploiting storage and WebSQL based browser components
Attacking offline application mechanism
Quick analysis of WebWorkers and abuse scenario
SOP bypass and cross domain access and call reversing
We will be covering above attacks and their variants in detail along with some real life cases and demonstrations. It is also important to understand methods of discovering these types of vulnerabilities across application base. We will see some new scanning tools and approaches to identify some of these key issues.