All Web servers, which support the trace function (HTTP 1,1), open the possibility for an CROSS Site Tracing attack (CST/XST). This attack is since at the beginning of 2003 well-known and is a special form of the CROSS Site Scripting. It can be prevented by deactivation of the trace support on sides of the Web server.

Detail

A HTTP trace Request corresponds to a GET Request, but the Web server throws the complete Request to the Client back (echo), thus also the provided Browser and Cookie data.

By Skripten one can send trace Requests and intercept also the returned Cookies. This Cookies can contain entrance data, which can be valuable for aggressors.

The sense of this proceeding is, with the help of the trace function of the Web server "“httpOnly"” - Cookie option to go around, with which Web applications want to often prevent that Skripte Cookies read.

Example:

1. A user is lured on a HTML side.
2. The side contains Javascript code, which sends a trace Request to a Website, from which the user a Cookie received.
3. The server sends the Request back including Cookie.
4. The script filters the Cookie and continues to send it to the aggressor.

Articles in category "CROSS Site Tracing"

We found here 31 articles.

Related Websites

We found here 3 related websites.

• C -S T (XST)
  


• C -S T (XST)
  


• US-CERT Vulnerability Note VU#867593
  This technique has been termed "Cross-Site Tracing," or XST, in a report published by WhiteHat Security. As noted in the report, the technique can be used ...