Browser Exploits
Browser Exploits¶
Domain name issues¶
https://tkte.ch/articles/2024/03/15/parsing-urls-in-python.html
Reverse Tabnabbing¶
https://www.comparitech.com/blog/information-security/reverse-tabnabbing/
ClickJacking¶
Using Hidden UI elements above to trick a user into clicking on a button or link on another page when they were intending to click on the top level page.
This can be prevented by using
- Content Security Policy: frame-ancestors/frame-src/child-src
- X-Frame-Options
Certificates¶
https://github.blog/2023-08-17-mtls-when-certificate-authentication-is-done-wrong/
Extensions¶
https://book.hacktricks.xyz/pentesting-web/browser-extension-pentesting-methodology