Conference:  Defcon 31

Authors: Dongsung “Donny” Kim IT-Security Expert, Security Office part of Truesec

2023-08-01

What can a website do? So many things these days. But, have you ever considered that it can port scan your LAN? It will fingerprint you with pinpoint precision and uncover hidden internal devices. Surely, a browser wouldn't allow that? With this presentation, I will introduce a short primer on timing-based, browser-based port scanning using Fetch. Based on this primer, I will discuss three techniques that can scan open ports on the localhost, a NAT router’s presence on the LAN, and open ports of the clients on the LAN. A demo of the proof of concept exploit will be provided, with closing remarks on possible mitigation strategies.