Me hacking an Axis Video Server
| Permalink | 
Saturday, July 29, 2006
Monday, July 03, 2006
Browser fuzzing
So, H.D. Moore (you know, from the Metasploit project) has been up to a lot of Web Browser Fuzzing lately. He is publishing a browser bug a day at: http://browserfun.blogspot.com. He has several tools for browser fuzzing including hamachi , CSS-Die, Dom-Hanoi. And then, long ago someone had invented Magle-me.
One of the problems with web browser fuzzing is that the scripts take so long to execute that the browser keeps prompting you asking if you want to continue the script. Luckily, in Mozilla Firefox, there is a way to disable this. just go to about:config. This will bring up all of the advanced configuration options for Mozilla Firefox. Setting dom.max_script_run_time to zero should make Firefox run smoothly without complaining.
Under Internet Explorer, you should be able to disable the script timeout by going to HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\Styles. (Create that if it doesn't exist.) Create a new DWORD value called "MaxScriptStatements" under this key and set the value to the desired number of script statements. By setting this number to an astronomically high number, you should be able to (mostly) avoid the annoyance of having to keep telling the script to continue all the time.
I haven't fully tested this yet. So, let me know if it works or not for you.
Oh, and this can have bad side effects for you if the javascript has an infinite loop in it, it will probably just lock up your web browser (at least with firefox). You could also considering setting the timeout to a really high value in Mozilla Firefix instead of zero, which is unlimited.
With other browsers, you are on your own.
One of the problems with web browser fuzzing is that the scripts take so long to execute that the browser keeps prompting you asking if you want to continue the script. Luckily, in Mozilla Firefox, there is a way to disable this. just go to about:config. This will bring up all of the advanced configuration options for Mozilla Firefox. Setting dom.max_script_run_time to zero should make Firefox run smoothly without complaining.
Under Internet Explorer, you should be able to disable the script timeout by going to HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\Styles. (Create that if it doesn't exist.) Create a new DWORD value called "MaxScriptStatements" under this key and set the value to the desired number of script statements. By setting this number to an astronomically high number, you should be able to (mostly) avoid the annoyance of having to keep telling the script to continue all the time.
I haven't fully tested this yet. So, let me know if it works or not for you.
Oh, and this can have bad side effects for you if the javascript has an infinite loop in it, it will probably just lock up your web browser (at least with firefox). You could also considering setting the timeout to a really high value in Mozilla Firefix instead of zero, which is unlimited.
With other browsers, you are on your own.
| Permalink |
About me
- I'm icarus
- From
Last posts
- Adding Text To Speech to the Translate Application...
- Windows UAC Privelege Escalation
- eEye's SysRQ2 tool
- Me hacking an Axis Video Server
- Browser fuzzing
- Black Hat
- Fun with WSH
- My first impressions of the new Backtrack
- Beta Version of the Final Release of Back Track no...
- The new Internet Explorer 0-day createTextRange on...