Offensive Firewall Exploitation: The Next Evolution of Hacking?

While working with a “partner” the other day helping to teach them how to track and  take down a notorious bigot/troll whom was wrecking havoc on hacking servers, I accidentally wound up compromising the identity of one of my Anonymous friends entirely by mistake. The experience got me thinking however, about a new hacking technique that I’ve never heard of before and wouldn’t necessarily be that hard to pull off. I am calling it “Offensive Firewall Exploitation,” an entirely new hacking theory utilizing legalized/trusted means for illegal practices.

The concept involves using existing security measures and custom edits to your websites defensive firewall to uncover information about a site’s unique visitor and exploit different channels after a direct connection is established with their device. Connections which could, in theory, be used to compromise or disable the devices of anyone who visits a particular website.

404 Error Logs As IP Loggers

I never really thought of it before last week, but if you are a website owner there is no longer any reason or need to secretly attach/embed an IP Logger program/file to a hyperlink. If you are a website owner and have set up your firewall to catch, record and log all 404 related errors, then all you need to do is create/send a false URL address with your domain name attached to it and just like that you will have a legal means of recording the IP Addresses of anyone who clicks on it. From there you can do a legal WHOIS or reverse DNS search to uncover more about the visitor.

For example:

The beautify of it is that a false URL address through your domain is a completely undetectable means of recording IP Addresses. I say this because if you ever do attach an IP Logger program or file to a given hyperlink, then most of the time an online link scan or anti-virus will be able to pick up on it and alert the users not to click on/open it. However, a false URL Address will bypass every program, security scanner and anti-virus test out there, making every false link appear trustworthy and non-malicious. Moreover, 404 error logs are incredibly easy to utilize/implement through your sites Firewall defenses.

Test Hyperlinks for Malicious Content, Malware or Programs:

Exploiting The TLS Handshake

Transport Layer Security (TLS) is the so called “next evolution” of Secured-Socket Layer (SSL) protection, establishing a direct connection (handshake) with each unique visitor that accesses a given site. As I have briefly explained in a separate article loosely related to this matter, think of TLS as a mini VPN connection made between a website and its visitor, securing whatever data is exchanged/transmitted across the internet while that person visits the website. Unlike your SSL, which protects any data physically entered onto a website, TLS on the other protects a visitors data as it is being sent across the internet whilst they are visiting/interacting with your site through their web browser.

TLS works by ‘reaching out’ to a visitors web browser each time they land on your site, establishing a so-called “handshake” with them. This handshake is used to create a secured connection or tunnel between the two parties, encrypting their internet data/activity as they interact with or browse your website. While TLS handshakes are on the ‘cutting edge’ of security in 2018, it also makes me question what else this direct connection could be used for in the future, or how it could theoretically be exploited.

Quite simply, TLS establishes a direct connection with a persons device – that’s literally its sole purpose and how it was designed. In theory, I propose a website owner or hacker could use this connection as a means to gain access to any/every given device that accesses a website. For example, a TLS connection encrypts/protects data from 3rd parties externally. Meaning anyone outside of that website and device. In this way TLS makes a “tunnel” for data to flow between the two parties; a website and its visitor. Using this same tunnel, I put forward that hackers could use it a a conduit to inject or transmit malicious code, script or other files/programs directly onto a visitors device. If not through the TLS handshake directly, than through a manipulated version of the handshake protocol mimicking its interactions.

Custom Firewall/CSS Edits To Manipulate Hardware

Reviewing and implementing new procedures/rules to my firewall, one of the most intriguing edits I’ve implemented is the blocking of my websites visitors from being able to select, copy and paste any content off my site. Meaning that it is impossible for someone to highlight/select text on my website in order to copy and paste it anywhere else online or onto their computer. I do this for three reasons. First is to safeguard/copy protect my content, the second is to increase traffic and lastly, to prevent outright plagiarism. But think about that concept for a moment. Just by simply editing my own firewall, I am actually able to control how your mouse – your computers own hardware – acts and behaves on my site. Essentially, just by enabling one firewall rule, I can prevent your mouse from being able to functioning correctly – entirely legally too.

With that established, if my defensive firewall can control a visitors mouse through the connection they make with my website, what else or what other hardware could I theoretically effect/control once a visitor accesses my website?

Adding things up, if I can grab someones unique IP Address through a fake URL address using a 404 error logs, and establish a direct connection to that persons computer through the shell work of TLS once they are on my site, then edit custom rules to my firewall to control their hardware, what are the possible/theoretical limits I could  implement to compromise or corrupt that persons computer/systems? I propose that, using existing security measures, it is entirely possible to gain complete remote access to or shut down major components of a visitors computer simply by owning a website and sending out one fake URL address – or any URL address for that matter. Theoretically one wouldn’t have to be the sites website owner directly, these procedures could be enacted on any website that has been taken over or hacked.

I am not trying to be a mad scientist here, but someone once described hacking as the art/means of making computers act and behave in new ways they were never designed to do. In this way I think it is entirely possible to turn the same defensive security measures one implements to defensively guard their site into offensive hacking machines/exploits.