Full Disclosure mailing list archives
Re: Safari Address Spoofing (How We Got It)
From: David Leo <david.leo () deusen co uk>
Date: Tue, 02 Jun 2015 20:44:38 +0800
Great blog, Michal! If you change "http://1.2.3.4/" in your Safari code: some URL in the real world(for example, dailymail.co.uk). Your code won't work(page of target domain is simply loaded). The trick here is: "keep trying to load". Kind Regards, __________ BestSec http://www.deusen.co.uk/items/bestsec/ We like it. We read it. On 2015/5/31 23:09, Michal Zalewski wrote:
Well... http://lcamtuf.blogspot.com/2010/06/yeah-about-that-address-bar-thing.html On Thu, May 28, 2015 at 10:47 PM, David Leo <david.leo () deusen co uk> wrote:Proof of concept: http://www.deusen.co.uk/items/iwhere.9500182225526788/ It works on fully patched versions of iOS and OS X. How it works: Just keep trying to load the web page of target domain. How We Got It: Safari changes address bar to new URL, BEFORE new content is loaded. BestSec http://www.deusen.co.uk/items/bestsec/ We like it. We read it. Kind Regards, _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Re: Safari Address Spoofing (How We Got It) David Leo (Jun 02)
- Re: Safari Address Spoofing (How We Got It) Michal Zalewski (Jun 02)
- <Possible follow-ups>
- Re: Safari Address Spoofing (How We Got It) Jeffrey Walton (Jun 02)