the-web-application-hackers-handbook

Chapter 5 n Bypassing Client-Side Controls 153
Native Client Components
Some applications need to perform actions within the user’s computer that cannot
be conducted from inside a browser-based VM sandbox. In terms of client-side
security controls, here are some examples of this functionality:
n Verifying that a user has an up-to-date virus scanner
n Verifying that proxy settings and other corporate configuration are in force
n Integrating with a smartcard reader
Typically, these kinds of actions require the use of native code components,
which integrate local application functionality with web application functionality.
Native client components are often delivered via ActiveX controls. These are
custom browser extensions that run outside the browser sandbox.
Native client components may be significantly harder to decipher than other
browser extensions, because there is no equivalent to intermediate bytecode.
However, the principles of bypassing client-side controls still apply, even if this
requires a different toolset. Here are some examples of popular tools used for
this task:
n OllyDbg is a Windows debugger that can be used to step through native
executable code, set breakpoints, and apply patches to executables, either
on disk or at runtime.
n IDA Pro is a disassembler that can produce human-readable assembly
code from native executable code on a wide variety of platforms.
Although a full-blown description is outside the scope of this book, the following
are some useful resources if you want to know more about reverse
engineering of native code components and related topics:
n Reversing: Secrets of Reverse Engineering by Eldad Eilam
n Hacker Disassembling Uncovered by Kris Kaspersky
n The Art of Software Security Assessment by Mark Dowd, John McDonald,
and Justin Schuh
n Fuzzing for Software Security Testing and Quality Assurance (Artech House
Information Security and Privacy) by Ari Takanen, Jared DeMott, and
Charlie Miller
n The IDA Pro Book: The Unofficial Guide to the World’s Most Popular Disassembler
by Chris Eagle
n www.acm.uiuc.edu/sigmil/RevEng
n www.uninformed.org/?v=1&a=7