웹성코드정든품바

www.CodeEngn.com2014 CodeEngn Conference 11

웹보이는 것 그 이상

누구나 쉽고 편리하게 그리고 재미있게

• 생각과 관심만 가지면 누구나 쉽게

• HTML 볼 줄 안다면 누구나 편리하게

• C언어 할 줄 안다면 누구나 재미있게

Operating System

Web Browser

NetworkRequest

Response

Thinking. . .Proxy ?

Proxy

Proxy

Proxy (https)

Thinking. . .

Operating System

Web Browser

NetworkRequest

Response

Thinking. . .

DebugActiveProcess

WaitForDebugEvent

ContinueDebugEvent

EXCEPTION_BREAKPOINT

EXCEPTION_DEBUG_EVENT

CREATE_PROCESS_DEBUG_EVENT

Thinking. . .

API Function

Return

Hook Routine

Return

WaitForDebugEvent

ContinueDebugEvent

EXCEPTION_BREAKPOINT

EXCEPTION_DEBUG_EVENT

CREATE_PROCESS_DEBUG_EVENT Install Hook Code (INT3)

Hook Routine

DebugActiveProcess

Thinking. . .

<html>. . .

<form ~<input type=“text ~ <input type=“password”~

. . .

Web Browser

<script>. . .

</script>

<html>. . .

</html>

Web Browser

<html>. . . <script ~ src=“~.js“>

. . .

Web Browser

Page Read

Script Read

Operating System

<html>. . .

<script ~ src=“jdpb.js”>. . .

Web Browserjdpb.js

function CodeEngn(){

alert(‘jdpb WORLD!’);}

jdpb.js

function CodeEngn(){

alert(‘ATTACKED…’);}

Hook

?

<html>. . .

<map ~<area onmousedown= ~. . .

. . .

KEYPAD HASH VALUE ++

1 2 3

4 5 6

7 8 9

0

1 2 3

4 0 6

9 5 8

7

<area onmousedown= ~. . .

Thank You

www.CodeEngn.com2014 CodeEngn Conference 11