Bypassing SOP
view all blogs...

Justin Bess :: May 31, 2018

So, you need to bypass same origin policy…

Before we begin, if you find yourself asking what SOP (same origin policy) is, then this blog post is not for you. This blog post will cover some of the techniques that can be used to bypass the security standard, not what it is. Consider reading the following blog post where I explain the same origin policy, if you are unaware of SOP.

Server Settings

While, this isn’t necessarily bypassing SOP, I figured I would throw this in here, for some of those who have not looked closely enough into how CORS (cross origin resource sharing) operates. If you have escalated privileges on a system, or already have access to a system, that is running the server which hosts the code for the specific domain you are targeting, you can bypass the SOP by simply following standard CORS procedures. This is usually something done intentionally by developers who want to share access to their origin, but if someone with malicious intent gains control of the server, they could configure this standard as well.

CORS:

I will quote directly from wikipedia, as I believe it has a great definition of CORS

Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources (e.g. fonts) on a web page to be requested from another domain outside the domain from which the first resource was served. A web page may freely embed cross-origin images, stylesheets, scripts, iframes, and videos. Certain “cross-domain” requests, notably Ajax requests, are forbidden by default by the same-origin security policy.

CORS defines a way in which a browser and server can interact to determine whether or not it is safe to allow the cross-origin request. It allows for more freedom and functionality than purely same-origin requests, but is more secure than simply allowing all cross-origin requests.

To work with CORS, you need to send anAccess-Control-Allow-Originheader from the server to the client. The value of this header can be a specific domain, such asAccess-Control-Allow-Origin: https://myevilsite.com, or to simply allow all origins, you could use Access-Control-Allow-Origin: *If you intend on allowing multiple domains, but not all domains, I would advise a quick google search. Typically for this, you will have to do some server modification, adding server side code to manually handle origins, or modify a .htaccess file.

CORS Anywhere / Reverse Proxy

If the website you are trying to access is a public domain, accessible on the world wide web, then the CORS Anywhere approach may be a good fit for you to bypass the same origin policy of the domain.

You can find the CORS Anywhere documentation and source code on this Github repository. Essentially CORS Anywhere provides a proxy server for a client on it’s behalf. The proxy server will fetch the requested resource(s), and send that information back to the client with the appropriate CORS headers included. This allows for you to bypass the SOP, and the request can be fulfilled. There is a public facing application running CORS Anywhere, found on this Heroku deployment, listed on the Github.

Taken directly from the documentation, you should be able to use this exact approach, or a similar one in order to successfully bypass the SOP for a successful request

Chrome disable security

Admittedly, I have not ever used this approach, but I have found some trustworthy resources, explaining how this technique works. One of those things, is an internal wikipedia page provided by Amazon, however I will not cite anything specific from there, as it could breach my NDA contract.

I will link this Stack Overflow resource, which essentially demonstrates the same steps as I found on our internal wiki. The idea is to spawn a chromium instance with the following flags (if you can make those modifications on your system)

--disable-web-security --user-data-dir

Note that you can NOT have any other chrome instances running at the time of doing this, as the running version will overrule your desire to run the spawned instance without security. Whatever you do, never run this as a default setting on your browser. You should create a shortcut for this insecure instance, and use it only when you need to. If you set this for your default browser options, you run a great risk of pwning yourself by sheer stupidity. There are lots of malicious programs, which will prey on your poor choice to do such an ignorant thing. With that being said, when you run the insecure instance, only visit your trusted sites, and nothing further!

Browser Automation

So, I came across a rather niche problem, which took a lot of effort to finally come to a reasonable solution to bypass SOP. I needed to bypass SOP on an intranet domain, not publicly accessible. On top of this, the domain requires authentication from an SSO (single sign on) process. I did not have server access, and I had thrown all the other reasonable ways to bypass SOP at this domain to no avail. I was finally able to defeat this problem using browser automation.

The browser automation framework I used for this was Nightmare JS. You can essentially think of this framework and browser automation as a macro for your browser. The framework runs an electron instance, meaning you can pass in electron attributes to the window which spawn within Nightmare. This means passing in the option of show as false, such as: const nightmare = Nightmare({ show: false }) will render an invisible window, so the end user will not notice anything weird happening, while the data is fetched and scrapped. I’m choosing not to fully go in detail on how to use the framework, because that’s a whole other blog post in itself. However, use the following code snippet as a small example. The code would pull the entire DOM tree of some-protected-domain.com, and you could then parse the data as you need.

If you only want specific things, or need to perform actions on the client behalf, take a look at the Nightmare documentation, and perform those actions with the framework. Afterwards, you should render out only the data you need.

Additional Techniques not covered, for your google pleasures

Comments

      December 11, 2018


      SannyMok

      Nice posts! 🙂
      ___
      Sanny

      February 18, 2019


      tadalafil

      Personally I take a low dosage because of my height and my weight however some men who are bigger than me need a higher dosage of Cialis to get and to maintain an erection.

      February 21, 2019


      comprar levitra

      Se ha reportado muy rara vez una asociación temporal con el uso de inhibidores de la fosfodiesterasa-5, de neuropatía óptica isquémica no arterítica, que causa disminución de la visión permanente o transitoria. Cuando esto sucede, su cerebro se “entrena” para no solo esperar sino, en cierto modo, necesitar ese tipo de experiencia para lograr la excitación y el clímax. Comprar Levitra panama. En general, los especialistas en medicina familiar (médicos de cabecera especializados) son junto a los urólogos los cardiólogos y los psiquiatras son los más formados para la valoración, manejo y tratamiento de la disfunción eréctil.

      February 22, 2019


      comprar viagra

      Algunas de las causas médicas que a menudo están relacionadas con la disfunción eréctil incluyen afecciones como diabetes, hipertensión, colesterol alto, enfermedad coronaria, obesidad, trastornos hormonales, alcoholismo y síndrome metabólico. Estas prótesis pueden ser en forma de barras rígidas de silicona o dispositivos hidráulicos que se pueden inflar y desinflar. Donde comprar Viagra generico contrareembolso. La mayoría de los individuos afectados, han tenido las siguientes características: edad mayor de 50 años, diabetes, hipertensión arterial, enfermedad coronaria, dislipidemia o tabaquismo. A veces, el anillo de constricción y el dispositivo de vacío se combinan con el tratamiento farmacológico.

      February 22, 2019


      comprar levitra genérico

      La frecuencia de esta complicación es muy rara, considerando el gran número de usuarios (38 casos en aproximadamente 30 a 40 millones de usuarios) y puede estar asociada a factores predisponentes de ateroesclerosis. Entre los motivos por los que se produce este inconveniente en los hombres se pueden encontrar múltiples condicionantes: problemas de estrés, la toma de medicamentos, padecer alguna enfermedad o factores como la edad son algunas de las razones por las que puede darse este caso. https://comprarlevitra.com/

      February 23, 2019


      buycialis.online

      You’ll likely work with your therapist over several sessions, and your therapist will address things like major stress or anxiety factors, feelings around sex, or subconscious conflicts that could be affecting your sexual well-being. In some cases, medications used to treat other conditions may cause ED.

      February 23, 2019


      cialis online

      ED happens to most guys at some point in their life. Erectile dysfunction or disorder (ED) is the inability to develop and maintain an erection for satisfactory sexual intercourse or activity. When stimulated by the nerves, the spongy tissue arranges itself in such a way that more blood can be stored in the penis. https://cialis.fun/all-you-need-to-know-about-the-ultimate-ed-pill-cialis.html

      March 29, 2019


      viagra generico barata

      De los 64 participantes, 8 tenían trastornos depresivos comórbidos y 15 tenían trastornos de ansiedad. Jugos y batidos: Pueden realizarse de forma casera o comprarse los batidos, son todos de origen natural.

      May 13, 2019


      DE diagnostico

      De hecho, ambos trastornos a veces se potencian mutuamente y empeoran el uno al otro.

      May 16, 2019


      comprar cialis genérico

      Hombres con dificultades para alcanzar niveles de sueño profundo también pueden presentar este tipo de erección.

      May 16, 2019


      cialis genérico

      Nuestro pene, otra vez lo volvemos a ver en forma, responde a nuestras peticiones, nos saluda como en sus mejores tiempos, lo vemos con una erección duradera. https://comprarcialis.online/

      May 17, 2019


      comprar cialis online

      Las arterias tupidas también pueden causar problemas de erección en el hombre, debido al bloqueo de la sangre hace muy difícil bombear la sangre a todo el sistema. Comprar cialis genérico

      May 18, 2019


      Disfunción eréctil levitra

      Resulta fundamental descartar la depresión, que no siempre es aparente.

      May 19, 2019


      comprar levitra genérico

      Como puede imaginar, estos síntomas pueden dificultar el placer de casi todo, y mucho menos del sexo.

      May 23, 2019


      cialis

      Conversation in regard to male sexuality you will notice that a man is always respected because of the size of his penis.

      May 28, 2019


      cialis generico

      Hoy ha tocado clase de aprender sobre el cuerpo, y lo vamos a relacionar con el problema de erección. Comprar cialis genérico

      May 29, 2019


      farmacia

      En la valoración médica general se debe incluir una historia sobre ingesta de fármacos, alcohol, tabaquismo, diabetes, hipertensión y ateroesclerosis, una exploración de los genitales externos para descartar presencia de bandas fibrosas y una valoración de los signos de enfermedades vasculares, hormonales o neurológicas.

      June 22, 2019


      articulo principal

      Si padece de DE producto de la falta de sueño o algún problema psicológico lo mejor es acudir a un profesional para tratar la condición. Estos incluyen trastornos emocionales y físicos.