Home arrow JavaScript arrow Programmatic GET Requests with JavaScript: Simple Way to Hack Your Site
JAVASCRIPT

Programmatic GET Requests with JavaScript: Simple Way to Hack Your Site


Trying to secure a website is a continual and frustrating process. Attacks, like Denial of Service, can come from many directions, especially when your web applications cannot reject external requests. Alegandro Gervasio shows us some valuable JavaScript in this article meant to help you secure your sites.

Author Info:
By: Alejandro Gervasio
Rating: 5 stars5 stars5 stars5 stars5 stars / 30
July 13, 2005
TABLE OF CONTENTS:
  1. · Programmatic GET Requests with JavaScript: Simple Way to Hack Your Site
  2. · A Quick Look At The XMLHttpRequest Object
  3. · When High Levels of Traffic Are Dangerous
  4. · Automated GET requests
  5. · Massive HTTP requests: Using a Timer

print this article
SEARCH DEVARTICLES

Programmatic GET Requests with JavaScript: Simple Way to Hack Your Site
(Page 1 of 5 )

Introduction

Recently, I had the opportunity to work on a medium-sized Web project, which involved the development of different modules that demanded a carefully planned mutual interaction. Some of these modules required access to protected sections of the website, through a centralized access control mechanism, so critical security issues had to be tested as thoroughly as possible.

In order to check some of the possible vulnerabilities and evaluate potential weak points within the program, a server-side application was used. It emulated automatic GET and POST requests for determining whether the website application was capable of rejecting external attacks, at least the ones aimed primarily at generating Denial of Service situations (DoS).

After performing the verification process and implementing accordingly some possible solutions within the program, such as noisy image generation and on-the-fly session encrypted data, a clear idea came up to mind about the topic. Certainly, we all have seen many unprotected websites being easily crashed by malicious programs installed on remote computers that launch massive requests to the targeted server, causing either severe slow downs or complete system hangs.

However, most of these programs are client applications running on non Web-based platforms. But now, the scenario is definitely a little different. As you probably know, many popular server-side languages make it quite easy to work with sockets, and this mere fact turns developing http-based hacking tools into a simple experience.

Focusing on client-side programming, the growing use of JavaScript as a fairly new tool to make http requests in the background without reloading a page, through the popular XMLHttpRequest object, has brought a new generation of Web-based hacking techniques that expand the vast plethora of existing tools, making it even easier for inexperienced attackers to execute malicious code on targeted websites.

As I said before, the idea that emerged from my previous experience was to write a simple JavaScript program. It would be aimed mainly at illustrating, in real conditions, how easily an unprotected website can be attacked by users with bad intentions through the generation of programmatic GET/POST requests. As a result, hopefully this tutorial will be helpful for those trying to build safer Web applications, and implement from the very beginning well-defined security strategies.

However, before I go deeper into the required explanations, a few things need to be clarified. First, this article is not intended to encourage the use of programs for hacking purposes, since it merely demonstrates that some websites may expose some vulnerabilities that need to be properly addressed. And second, the responsibility in the use of the source code is left completely in the hands of the reader.

Having said that, letís move on to making HTTP requests in the background.


blog comments powered by Disqus
JAVASCRIPT ARTICLES

- Project Nashorn to Make Java, JavaScript Wor...
- JavaScript Virus Attacks Tumblr Blogs
- Google Releases Stable Dart Version, JavaScr...
- Khan Academy Unveils New JavaScript Learning...
- Accessing Nitro? There`s an App for That
- JQuery 2.0 Leaving Older IE Versions Behind
- Fastest JavaScript Engine Might Surprise You
- Microsoft Adjusting Chakra for IE 10
- Brendan Eich: We Don`t Need Google Native Cl...
- An Overview of JavaScript Statements
- An Overview of JavaScript Operators
- Overview of JavaScript Variables
- More of the Top jQuery Social Plugins
- The Top jQuery Social Plugins
- More of the Top jQuery Slider Plugins

Watch our Tech Videos 
Dev Articles Forums 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
Contact Us 
Site Map 
Privacy Policy 
Support 

Developer Shed Affiliates

 




© 2003-2017 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap
Popular Web Development Topics
All Web Development Tutorials