Shulou(Shulou.com)05/31 Report--

This article mainly introduces what Posta is a tool, has a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, the following let the editor take you to understand it.

About Posta

Posta is a powerful cross-document information security search tool, most researchers can use Posta to study cross-document information communication, it allows us to track, detect and exploit postMessage vulnerabilities, but also can replay any messages between bound windows and browsers.

Tool requirements

Chrome Chrome / Chromium

Node.js (optional)

Tool installation development environment

We can run Posta in a full development environment in a dedicated browser (Chromium).

First, we need to run the following command to install Posta:

Git clone https://github.com/benso-io/postacd postanpm install

Next, start a dedicated Chromium session using the following command:

Node posta

Finally, click the Posta extension and navigate to the tool user UI interface.

The development mode includes a local Web server that hosts a small test site and exploit pages. When running in development mode, we can access the http://localhost:8080/exploit/ to access the exploit page.

Chrome extension

We can also run Posta as a Chrome / Chromium extension.

First, clone the project source code locally using the following command:

Git clone https://github.com/benso-io/posta.git

Next, visit chrome://extensions, where you need to make sure that the browser is in developer mode. Then click "Load upacked", select the chrome-extension directory in Posta, upload it to your browser, and finally load the extension.

After binding the extension to the browser, visit the website we need to test and click the Posta extension to navigate to the UI interface.

Tools use Tabs

Under Tabs, you can find our source address, which contains the corresponding iframe and communication session. We can select the specified frame and observe the postMessages associated with that frame:

Messages

In Messages, we can examine all postMessage traffic sent from the source address to iframes. We can select the communication session that needs in-depth analysis. The listener section will display the relevant code responsible for handling the communication. After clicking, you can also directly copy the code content:

Console

In the Console section, we can modify the original postMessage traffic and replay the message using the tampered content, which will be sent to iframe through the source address.

We can modify the content of postMessage to see if the target site will be affected by this attack. If successful, we can try to exploit the vulnerability from different sources, which can be done by clicking "Simulate exploit":

Exploit

Click the "host" button to navigate to the exploit window:

In the Exploit section, Posta will attempt and host a specific source as iframe to initialize postMessage communication. But if X-Frame-Options is enabled on the source site, we won't be able to carry out attacks most of the time.

Therefore, in order to exploit the vulnerability, we also need to initialize the window.open method to obtain the communication reference bound to the source address, which can be achieved by clicking "Open as tab" here.

Next, we can click the "Exploit" button and specify Payload to test cross-source communication:

Thank you for reading this article carefully. I hope the article "what tool Posta is" shared by the editor will be helpful to everyone. At the same time, I also hope you will support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.