1
00:00:00,820 --> 00:00:05,500
‫So the HTML5 Web storage feature, it has two objects.

2
00:00:06,430 --> 00:00:10,930
‫These are local storage and sessions, storage objects.

3
00:00:13,010 --> 00:00:19,040
‫Now, this feature is supported in all major modern browsers like Firefox, Chrome and all the others.

4
00:00:20,020 --> 00:00:25,360
‫And be where we're going to exploit a local storage object.

5
00:00:27,050 --> 00:00:33,350
‫OK, so this feature, local storage, it lets Web applications store data locally on the user's browser.

6
00:00:34,730 --> 00:00:43,250
‫And then this data is in key value format, so you can think of it like cookies, but the data stored

7
00:00:43,250 --> 00:00:48,530
‫in the local storage isn't sent to the Web server as opposed, you know, like cookies.

8
00:00:49,430 --> 00:00:53,630
‫And that's what makes it faster and so much better than cookies.

9
00:00:55,680 --> 00:01:03,450
‫So many developers prefer to use a local or session storage to hold sensitive data about local storage

10
00:01:03,450 --> 00:01:05,610
‫is no more secure than cookies are.

11
00:01:07,090 --> 00:01:14,080
‫In fact, the data in local storage objects can be stored for weeks, even years, and also Web storage

12
00:01:14,080 --> 00:01:19,910
‫or what we're actually calling local storage, is origin specific.

13
00:01:20,650 --> 00:01:27,970
‫So all pages from one origin can store and access the same data.

14
00:01:30,010 --> 00:01:36,370
‫So go to Cali and open, be web, choose HTML five Web storage from the drop down menu.

15
00:01:37,840 --> 00:01:40,330
‫Hey, it's nothing but a simple page.

16
00:01:41,490 --> 00:01:45,360
‫And also, the page advises how to grab local storage data.

17
00:01:46,110 --> 00:01:49,020
‫OK, so now open the web developer tool.

18
00:01:50,210 --> 00:01:51,650
‫Go to the storage tab.

19
00:01:52,790 --> 00:01:58,700
‫Open local storage node, and here is the data in key value form.

20
00:02:00,700 --> 00:02:02,620
‫So this is our data in our browser.

21
00:02:03,850 --> 00:02:05,080
‫Where's the problem, you ask?

22
00:02:06,580 --> 00:02:09,430
‫Or is it just risky coding behavior?

23
00:02:10,870 --> 00:02:16,660
‫Well, it depends on your point of view, the data in local storage is stored in a computer.

24
00:02:17,470 --> 00:02:25,810
‫A local storage object stores the data with no expiration date, so the data will not be deleted when

25
00:02:25,810 --> 00:02:33,920
‫the browser is closed and it will be available the next week, day, year, whatever month doesn't matter.

26
00:02:35,050 --> 00:02:40,750
‫So somehow if someone were to gain access to the computer, they can easily extract this data, don't

27
00:02:40,750 --> 00:02:41,100
‫you think?

28
00:02:43,210 --> 00:02:45,850
‫And now another problem is an excess attack.

29
00:02:47,000 --> 00:02:52,790
‫So if the application has access as vulnerability, this data is also in danger.

30
00:02:54,790 --> 00:02:59,920
‫All right, so let's close up the developer tool and view the page source.

31
00:03:01,830 --> 00:03:11,310
‫Now, I'm going to zoom in for you, so looky here, there is the JavaScript code right here and this

32
00:03:11,340 --> 00:03:14,040
‫adds data to the local storage.

33
00:03:14,310 --> 00:03:15,660
‫So let's scroll down a little bit.

34
00:03:16,560 --> 00:03:18,510
‫Maybe we'll see something suspicious.

35
00:03:19,740 --> 00:03:21,480
‫No, I don't see anything.

36
00:03:22,680 --> 00:03:28,780
‫Anyway, to exploit and gather data from local storage, we will need an access vulnerability.

37
00:03:30,780 --> 00:03:31,810
‫And guess what?

38
00:03:32,400 --> 00:03:39,030
‫Thankfully, we have dozens of them, so go to excess as underscore, get that BHP.

39
00:03:40,740 --> 00:03:43,430
‫So this page is vulnerable to excess.

40
00:03:44,510 --> 00:03:51,680
‫And for a quick validation, that's just type your the famous payload script, alert document, cookie

41
00:03:51,680 --> 00:03:53,600
‫script and then go.

42
00:03:55,100 --> 00:03:56,410
‫Well, it really has, right?

43
00:03:57,960 --> 00:04:03,750
‫OK, so we can view the content of the local storage in an alert message.

44
00:04:05,050 --> 00:04:08,320
‫But, of course, I prefer to send it to our kooky Steeler application.

45
00:04:10,290 --> 00:04:12,870
‫So I'm going to use this payload.

46
00:04:13,750 --> 00:04:14,920
‫It's copy it.

47
00:04:18,420 --> 00:04:20,160
‫And over the web developer tool.

48
00:04:21,620 --> 00:04:23,960
‫And go to network tab.

49
00:04:25,450 --> 00:04:27,310
‫Now, paste it here and then go.

50
00:04:29,670 --> 00:04:34,470
‫All right, so here are the requests it sends the data to our STIHLER app.

51
00:04:35,350 --> 00:04:38,470
‫Now go to our Steeler app, refresh.

52
00:04:39,980 --> 00:04:41,390
‫And we have one session.

53
00:04:42,480 --> 00:04:44,370
‫OK, so log into the application.

54
00:04:45,560 --> 00:04:47,030
‫And look at the first line.

55
00:04:47,720 --> 00:04:57,020
‫It is not a recession, but it is the data in the local storage of the target by the boom.