Upgrade to Pro — share decks privately, control downloads, hide ads and more …

2000day in Safari

Bo0oM
May 21, 2019
2
2.2k

2000day in Safari

Bo0oM

May 21, 2019
Tweet

More Decks by Bo0oM

See All by Bo0oM
Защита от вредоносной автоматизации сегодня
bo0om
0
520
Defending against automatization using nginx
bo0om
0
790
Antibot pitch deck
bo0om
0
120
31337
bo0om
0
130
Your back is white
bo0om
0
310
FTP2RCE
bo0om
1
7.3k
Interpret it!
bo0om
0
1.1k
At Home Among Strangers
bo0om
1
3.8k
Partyhack 3.0 - Telegram bugbounty writeup
bo0om
0
4k

Featured

See All Featured
Into the Great Unknown - MozCon
thekraken
35
1.6k
Designing for Performance
lara
604
68k
Java REST API Framework Comparison - PWX 2021
mraible
28
8.4k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
29
1k
Documentation Writing (for coders)
carmenintech
67
4.6k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
12
950
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
59k
It's Worth the Effort
3n
184
28k
Making the Leap to Tech Lead
cromwellryan
133
9.1k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
666
120k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
10
1.3k
Producing Creativity
orderedlist
PRO
343
39k

Transcript

  1. 2000-day in Safari Anton Lopanitsyn @i_bo0om

  2. phdays.com #PHDays XSS https://portswigger.net/web-security/cross-site-scripting

  3. phdays.com #PHDays UXSS https://evil.com https://victim.com

  4. phdays.com #PHDays Save as webpage, complete

  5. phdays.com #PHDays chrome://flags

  6. phdays.com #PHDays MHTML

  7. phdays.com #PHDays MHTML

  8. phdays.com #PHDays

  9. phdays.com #PHDays Safari save as webarchive

  10. phdays.com #PHDays Signed webarchive

  11. phdays.com #PHDays Plaintext webarchive

  12. phdays.com #PHDays Plaintext webarchive <script> … </script>

  13. phdays.com #PHDays Plaintext webarchive

  14. phdays.com #PHDays

  15. phdays.com #PHDays https://blog.rapid7.com/2013/04/25/abusing-safaris-webarchive-file-format/

  16. phdays.com #PHDays

  17. phdays.com #PHDays

  18. phdays.com #PHDays

  19. phdays.com #PHDays

  20. phdays.com #PHDays

  21. phdays.com #PHDays xhtml

  22. phdays.com #PHDays xhtml

  23. phdays.com #PHDays file:///Users/bo0om/Library/Containers/com.apple.mail/Data/Library/Mail%20 Downloads/2F4D2013-CCBF-4341-B05E-CEB4B76F30CE/Document.xhtm file:///Users/bo0om/Downloads/33h0ygug3ulny0gvwhh3d.webarchive

  24. phdays.com #PHDays

  25. phdays.com #PHDays file:///Users/bo0om/Library/Containers/com.apple.mail/Data/Downloads/x.webarchive file:///Users/bo0om/Library/Containers/com.apple.mail/Downloads/x.webarchive file:///Users/bo0om/Library/Containers/Downloads/x.webarchive file:///Users/bo0om/Library/Downloads/x.webarchive file:///Users/bo0om/Downloads/x.webarchive

  26. phdays.com #PHDays DEMO https://github.com/Bo0oM/Safari2000day)

  27. Thank you!