0:00:26
what is going on guys welcome back to
0:00:28
another session on billbrake and fix
0:00:32
today the two of the raw coders
0:00:35
and one raw coder is back
0:00:39
welcome back okay once again
0:00:42
good to have you back as well always
0:00:47
fantastic fantastic all right
0:00:52
i just have to say that whenever i look
0:00:55
at your background is that kind of the
0:00:58
lightning stuff and everything is that
0:01:00
professionally done that i almost
0:01:03
think there's some kind of a picture
0:01:05
that you put on the background
0:01:08
no no it's just uh
0:01:10
um you know i was fortunate enough to
0:01:13
like i don't know when i used to stream
0:01:17
the light doesn't use to flicker
0:01:19
and now it flickers and it flickers like
0:01:21
the right amount so it looks good yeah
0:01:25
absolutely i couldn't agree more but i
0:01:28
think i could stop the flickering
0:01:30
if i reduce the frame rate
0:01:36
now i reckon probably
0:01:38
leave it in that way because it does add
0:01:43
professional touch
0:01:45
yeah yeah pretty much
0:01:56
first thing is first let's do the
0:01:58
knowledge you know the country and pay
0:02:00
our respects to their elders of the past
0:02:02
present and future
0:02:08
i begin today by acknowledging the
0:02:10
traditional custodians of the land on
0:02:12
which we gather today and pay my
0:02:14
respects to the elders past present and
0:02:17
future i extend their respect to
0:02:20
aboriginal and torres strait islander
0:02:26
that was smoothly done
0:02:35
just a bit of a context
0:02:37
do you know from the last stream what
0:02:41
um yesterday's stream or
0:02:43
day before um the day before yesterday
0:02:48
um i think we were just trying to start
0:02:54
but i i wasn't able to watch yesterday's
0:02:56
stream i think you were i read the title
0:02:59
it was about the xss um
0:03:02
tag thing right yes so
0:03:07
because the code wasn't uh
0:03:10
the code wasn't pushed
0:03:14
when we were working on it so yes today
0:03:18
what i basically did
0:03:27
rewrote the code based on the logic that
0:03:34
i already deployed it but
0:03:36
i didn't really know how to test so that
0:03:39
is what we're going to be
0:03:46
try to do the access attack ourselves
0:03:55
brilliant and exhausting is the
0:03:58
cross-site scripting attack
0:04:01
yeah right yeah okay so basically what
0:04:04
happens is that if
0:04:06
you if a user sends
0:04:13
tags which has some
0:04:17
in there then um it would do whatever
0:04:20
the user wants the
0:04:22
code to do for example play
0:04:30
yeah probably not that but yeah yeah
0:04:35
and then gekko is asking
0:04:38
uh are you back narcotic
0:04:41
oh yes i'm trying to do
0:04:43
like a trial sort of a thing um and see
0:04:47
uh with work and if i'm not too tired um
0:04:52
that's the intention
0:04:54
um so we'll probably decide on a
0:04:55
schedule next week
0:04:59
sounds good but yeah hopefully hopefully
0:05:01
it looks like the project is at the
0:05:03
end stages so that's encouraging
0:05:07
yeah so i'm basically thinking that
0:05:10
this this month we should be able to as
0:05:14
just go live as in in protesting
0:05:23
what's next which project is next
0:05:26
uh which project is next i've got a
0:05:30
project in my mind um i'll
0:05:36
i'll tell you guys
0:05:39
about about that when the time comes and
0:05:42
if i actually want to do that project
0:05:47
als so it depends if um
0:05:53
the guys as in kartik and
0:05:56
tori wanna join me as well because i
0:06:01
the projects are best done in good teams
0:06:14
so let's get into action so i'll share
0:06:19
and um i'll just close all my
0:06:21
notifications because i don't want any
0:06:24
thing to distract me call that is done
0:06:31
um okay i can't share my screen wow
0:06:37
no i cannot share i probably have to go
0:06:42
i didn't do some things in the system
0:06:45
and then and then come back okay okay
0:06:50
leave for now i'll try to get death
0:07:00
dev how's it going
0:07:05
hopefully you're still there
0:07:12
well it looks like
0:07:15
we do have someone on twitch and i think
0:07:18
you stream like you stream us at twitch
0:07:23
or maybe just trying to play with us
0:07:38
did you did you attend the death corps
0:07:59
i want to check out the
0:08:15
yes that's the one
0:08:18
some recorders github
0:08:32
oh probably not that one
0:08:53
scrambled enhancement
0:08:59
yeah probably not down as
0:09:06
well looks like santa's back
0:09:15
i also twisted my knee earlier on so
0:09:18
it's really good at the moment
0:09:20
what happened you okay
0:09:24
yeah i kind of fell in a really bad way
0:09:26
but um that knee injury that i've got is
0:09:32
long term but that actually just came
0:09:40
but anyway i think i should be good as
0:09:42
long as i'm sitting down
0:09:45
yeah and give it a good rest
0:09:49
all right cool so i'll share try and
0:09:51
share my screen now hopefully it works
0:09:53
here we go good work
0:09:57
all right cool so i will open
0:10:17
yep let's uh choose some
0:10:20
music oh you need to
0:10:24
do you want to have a pink pig
0:10:28
yes your back off ages
0:10:31
dear dreaming sound school has a let's
0:10:41
more for studying music
0:10:47
all right cool i'm gonna share my screen
0:10:56
that's actually a good choice
0:11:00
yeah it sounded cool daydreaming yeah
0:11:04
i said i do that every day so
0:11:29
all right cool so what we did was
0:11:35
so this is the change basically i made
0:11:38
yes just today but didn't get around to
0:11:42
testing it because
0:11:44
i had an important call at 10.
0:11:48
uh so if i go into the changes yeah
0:11:51
basically what i did was it requires
0:12:05
where did i make the change oh
0:12:08
sorry no it's um in
0:12:12
so basically all i did was i installed
0:12:21
right yeah right and then i
0:12:27
when we are sending through the
0:12:34
we are basically assuming that every
0:12:41
which requires sanitization
0:12:50
sanitizing the text in that
0:12:57
right and then saying that to message
0:13:00
and all the variables then
0:13:06
interesting okay right
0:13:10
have you got any questions
0:13:14
really done like this stuff so i'm just
0:13:16
trying to understand but yeah
0:13:21
what was happening
0:13:24
tell you a bit of a context
0:13:31
on screen um we were getting the
0:13:36
scripting attacks which was basically
0:13:40
people were inserting script ads in the
0:13:47
and which were basically being picked up
0:13:55
which made the program as in do what
0:13:59
they wanted to do so
0:14:05
they were cleaning
0:14:07
as long as they were connected to the
0:14:10
everything was coming through the
0:14:14
right okay so like that they could run
0:14:18
they could put it inside the inaudible
0:14:21
yeah yeah pretty much
0:14:24
and i guess from my understanding what
0:14:27
we're doing now and what this don't
0:14:30
purify essentially does
0:14:32
if i'm not wrong because it's just a
0:14:34
brand new concept for me as well
0:14:40
um as soon as we pass a text to this
0:14:45
sanitizer using dom purify it will turn
0:14:51
text into actual normal text so you
0:14:55
won't be in a html anymore
0:15:01
which means that it won't
0:15:04
do anything even if they enter this in
0:15:12
yeah but i don't know how much of it
0:15:14
would work to be honest
0:15:18
there's only one way to find out
0:15:20
exactly all right um this site should
0:15:26
that's up and i'll actually give you the
0:15:36
board so this would be the
0:15:45
so we will need to work on this one
0:15:48
this isn't coming up as object object i
0:15:50
would actually are all the functions
0:15:53
working though like
0:16:00
until we have oh um
0:16:04
probably i think what i must have done
0:16:08
when i deployed the sam template
0:16:14
endpoint changes but i forgot to update
0:16:17
the api endpoint in s3
0:16:27
yes we can do that but i'm just thinking
0:16:33
how could i not have realized that
0:16:37
uh honest mistake notes
0:16:39
i would have done that too
0:16:43
all right cool so let's open so the only
0:16:47
thing is that we would have to
0:16:51
keep s3 up-to-date as well with this
0:16:58
let's jump into that and see how do we
0:17:02
um this is that one
0:17:09
so what we need to do is basically
0:17:34
okay i'm gonna open it
0:17:36
oh no no no don't tell me that
0:17:42
i think i have that password let me help
0:17:55
uh how was it again
0:18:05
mfa extra securities
0:18:24
i'm playing in the work code wow
0:18:42
that come but it always does it
0:18:59
we wanted to get the api endpoint isn't
0:19:02
it yep that's three
0:19:23
it's the right one
0:19:28
yeah it must be the
0:19:36
websocket one okay how about if i
0:19:42
and then you can try to do the xss
0:19:46
through the websocket
0:19:49
all right so i'm not sure how to do it
0:19:52
or i don't know how you guys tested but
0:19:54
yeah be killed too
0:19:58
even i don't know how to do it because
0:20:01
yes today i was figuring that out but
0:20:21
introduction to exercise i don't need
0:20:24
any introduction come on
0:20:30
i'm on the same website
0:20:34
doesn't need to give any
0:20:38
yeah it does oh if you go down a little
0:20:46
method post for example
0:20:57
who did the initial exercise like was it
0:21:00
dory or something else
0:21:06
who did the first time is it
0:21:11
uh i don't want to name
0:21:21
um so but we didn't manage to
0:21:24
find out how it was done but then i
0:21:26
can't remember now
0:21:33
maybe you can try asking dory as well
0:21:35
maybe he might remember
0:21:37
oh hang on here we go
0:21:40
as we understand testimony
0:21:42
is the name indicated by the user
0:21:45
therefore this only
0:21:51
the demonstration code is vulnerable to
0:21:54
such an attack if the
0:21:59
okay how about if we just simply do this
0:22:03
and see if it picks up on
0:22:07
so if you want to do this as in
0:22:10
just do it alert on the note itself
0:22:18
uh do you mind telling me
0:22:21
my bad i told you for more about it
0:22:26
funny how i use private check because
0:22:29
this one on the screen anyway
0:22:38
ah here we go cool
0:22:45
the code didn't work
0:22:49
through the entry let me move to the
0:22:51
side first actually
0:22:55
can i mute this tag
0:22:59
how can i do it um it's like if you
0:23:05
oh okay i didn't know that yeah one
0:23:08
second it will be a big thing
0:23:17
i didn't get the noise now
0:23:22
right i'll just unmute it and see what
0:23:31
so it's not even being done on the note
0:23:39
that's really interesting
0:23:44
tori actually managed to
0:23:46
find out how it was done
0:23:48
i should have paid attention
0:23:56
um sources performance memory
0:24:02
network recording next performer request
0:24:18
so are you able to see my screen yeah
0:24:36
so this is broad test
0:24:46
request google analytics
0:24:50
request headers ah here we go
0:25:03
so you're sending a gif
0:25:08
but marker gifts don't have noise and
0:25:16
yeah that's actually true
0:25:27
once i can i'll get some water
0:25:51
so that didn't clearly work
0:26:12
trying to find out how it was done
0:26:19
fetch xsr passcode
0:26:22
html don't think so it's in now like
0:26:25
it's not happening now
0:26:34
but wouldn't there be a history
0:26:44
no that's not possible
0:26:46
it can't be this one
0:26:50
so there basically inserting it through
0:26:53
the websocket but not
0:27:03
but if you create a new one um would it
0:27:15
okay we can try that
0:27:51
it must be something here
0:28:14
this is really interesting
0:28:16
i have no idea what i'm doing at the
0:28:29
so first of all they're mine's inserting
0:28:34
browser um they are inserting in the in
0:28:36
the browser but not on the ui itself
0:28:45
that's exactly what i'm trying to find
0:28:56
but that wouldn't have an annoyance
0:29:01
wait tori knows how to replicate this
0:29:07
let's try googling it only
0:30:01
i'm not sure about uh
0:30:04
um i had i had a meeting though um early
0:30:06
morning i was actually planning to
0:30:08
attend it that's why i asked
0:30:10
um did did you attend the deaf nursing
0:30:20
else wrong yeah so i didn't really get a
0:30:23
chance to do it yeah right there
0:30:28
gekko says zen never goes but like
0:30:30
literally i haven't gone to one in like
0:30:34
well but you're not i really want to
0:30:39
yeah me too though yeah because
0:30:45
slack channel is spell and there's some
0:30:48
brilliant cool topics being discussed
0:30:57
really kind of intriguing
0:31:00
yeah so next time if you remember
0:31:03
just remind me or if i remember i'll
0:31:18
website visitor okay
0:31:21
just because of website having no
0:31:23
vulnerability and then it was scripts
0:31:30
injects the website with them and they
0:31:33
scoop the steals each mr session cookie
0:31:37
okay but how do we do that come on me
0:31:42
the prices say says the following
0:31:47
great prize for gravel i don't read my
0:31:55
okay from this point on every time the
0:31:58
page is exercise history
0:32:04
the html tag in the comments
0:32:10
in the comment below activated
0:32:14
which is hosted on an understand and has
0:32:17
the widget to steal this cookies
0:32:26
how is it being done
0:32:28
as in i know that when
0:32:31
we need to insert some kind of script
0:32:38
that's the main question now
0:32:43
also i just saw today's message by get
0:32:48
i think uh someone had a problem with
0:32:53
you can't mention that we should help
0:33:13
let's see if this works
0:33:19
unexpected token syntax
0:33:23
yeah that didn't work because it's not
0:33:26
checking the script tags
0:33:31
interesting it would have been
0:33:33
good if i paid a little bit more
0:33:35
attention than one toy
0:33:48
that's basically the same thing
0:34:04
um so it's going through the web socket
0:34:45
cactus says we need to do a showcase
0:34:54
only a couple of couple weeks left tick
0:35:01
we can maybe you could actually name
0:35:07
that'd be too as in too funny
0:35:11
like that would probably go with the
0:35:26
sorry as in how how would it go
0:35:33
just i didn't get it
0:35:34
calling us board coders
0:35:37
since like day one
0:35:40
kind of matches the whole uh
0:35:42
whole time we were streaming
0:35:53
actually that being
0:35:59
change the url to bubbles
0:36:09
there's been hair here
0:36:12
as much as we've been so he gets to
0:36:17
he can have that that privilege
0:36:20
you know what's funny i think we started
0:36:35
it's only been made during july what's
0:36:41
right approximately
0:36:43
i'm just trying to see like when is the
0:37:03
um i might actually been up since five
0:37:08
nearly my bedtime as well oh wow okay
0:37:12
okay never mind we started in july 14th
0:37:14
of july sorry my bad
0:37:17
wow so we're actually doing pretty good
0:37:20
it's not even been a year yet
0:37:23
yeah nine months it is great
0:37:33
how can we replicate the
0:37:45
i'm just trying to think now
0:37:49
how old would this be and
0:37:51
the problem that one there on that one
0:38:02
no problem fast 3g
0:38:24
there has to be a way
0:38:35
says just call it a day
0:38:38
i think that's a fair advice
0:38:42
the official way i would ask story tori
0:38:47
yeah that's what i was thinking and um i
0:38:51
think like that is right it has been a
0:38:54
long day for me and i'm sure it's been
0:39:00
basically on here we're pretty much
0:39:06
socializing at the moment yeah
0:39:09
now we can we can come back tomorrow um
0:39:11
hopefully tori's interviews are going
0:39:13
well though um he seems pretty
0:39:15
interesting excited so
0:39:24
good though as in um
0:39:26
once he come uh i can probably have a
0:39:30
session with him if
0:39:32
if he's really swamped with the
0:39:35
interviews i might just have a call with
0:39:38
him before the trip tomorrow
0:39:41
yep yeah yeah for sure
0:39:44
ask him if you can show it to me how he
0:39:48
yeah yeah i think that's a good idea
0:39:50
yeah um but yeah no that's cool i'll try
0:39:54
to join in tomorrow as well i'll
0:39:55
definitely let you know
0:39:57
um hopefully i can
0:40:00
yeah that being that being that'd be
0:40:08
social session and a bill of
0:40:11
progress we've managed to deploy the
0:40:16
yeah just have to figure out how to
0:40:18
replicate the cross-site scripting
0:40:22
and then to eventually solve it and if
0:40:25
you want to check out how do we do that
0:40:29
join us as same place same time and