tags:

views:

119

answers:

3
+4  Q: 

External JavaScript Injection

Hi All,

I am wanting to find out whether or not it is possible to inject JavaScript into the .NET WebBrowser control from outside the running application?

Thanks

STW

Clarification: I am wanting to know if someone can get hold of the internal process of the wrapped components and manually insert what they like into the "browser" portion of the application.

+3  A: 

It is no different for WebBrowser from Internet Explorer. Once an app can obtain the window handle for WB, it can use LresultFromObject() to get access to the Accessibility interface, the one used by screen readers. I've seen this used to get an IHmtlDocument2 interface pointer, providing access to the DOM. Of course, once an app gains enough privilege to do this, there will be many other ways to accomplish the same. Focus on securing IE first, WebBrowser will follow suit since it is simply IE without the frame window.

Hans Passant  2010-02-08 13:20:44
A: 

Can you clarify what is the attack vector that you are worried about?

'Who' are you worried that can inject data into the .NET WebBrowser object: a) the user running the application? b) a piece of software running on the same box under the same user identity c) somebody sniffing the html traffic (between user and webserver) and (maybe) modifying it d) another website that is opened on a different tab?

You basically need to do a Threat Model exercise of your use case and share with us the results (here is some info on Threat Modeling: http://en.wikipedia.org/wiki/Threat_model)

Dinis Cruz  2010-02-08 23:58:30
A: 

If when you ask on your clarification "... I am wanting to know if someone can get hold of the internal process of the wrapped components and manually insert what they like into the "browser" portion of the application...." you mean '...another process running on your computer as the same user (lets say for example a malicious copy of WinZip)...' then YES it will be possible.

In windows there is NO separation between processes that belong to the same user, so if you have an application XYZ that contains an WebBrowser control, then another app (the malicious WinZip app) will be able to hook into that process and manipulate the contents of what you see on that WebBrowser.

(note that Vista/Windows 7 have added UAC (User Access Control) which I believe doesn't prevent this from happening)

Dinis Cruz  2010-02-11 01:48:21
did I get this right? Any process started with my user can manipulate any other process started with my user and therefor change or take data from it?
TheChange  2010-02-26 08:11:34
yes that is correct (I think there are some caveats that require some workarounds if UAC is used (note that Microsoft has confirmed that UAC is not a security isolation technology))
Dinis Cruz  2010-02-26 17:48:52

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?