Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Jikto - The Javascript based bot - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Jikto - The Javascript based bot
Billy Hoffman, a security researcher at SPI Dynamics presented a new tool called Jikto at ShmooCon. The tool exploits Cross Site Scripting (XSS) vulnerabilities which tricks victim into running malicious code. The code is injected into the victim's browser where it runs silently. It either seeks more XSS vulnerable targets and reports back to the attacker or it can also report back to the bot controller and await further commands.

Since Javascript is OS independent, this tool will run well on browsers running on different OS platforms. With Cross Site Scripting flaws being one of the most common vulnerabilities reported these days, it is easy to understand the potential effects of a toolkit like this.

Although Billy did not release the tool to the public, the attack principles have been well understood amongst the security research community. Most researchers believe this proof of concept will very likely become real attacks shortly.

Links to the article here and here.

If you want to learn more about web attack techniques such as this, SANS offers Sec 519 - Web Application Security Workshop.I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS London July 2022


93 Posts
ISC Handler
Mar 28th 2007

Sign Up for Free or Log In to start participating in the conversation!