Skip to content

Browser Exploits

Browser Exploits

Domain name issues

https://tkte.ch/articles/2024/03/15/parsing-urls-in-python.html

Reverse Tabnabbing

https://www.comparitech.com/blog/information-security/reverse-tabnabbing/

ClickJacking

Using Hidden UI elements above to trick a user into clicking on a button or link on another page when they were intending to click on the top level page.

This can be prevented by using
- Content Security Policy: frame-ancestors/frame-src/child-src
- X-Frame-Options

Certificates

https://github.blog/2023-08-17-mtls-when-certificate-authentication-is-done-wrong/

Extensions

https://book.hacktricks.xyz/pentesting-web/browser-extension-pentesting-methodology