Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
2000day in Safari
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Bo0oM
May 21, 2019
2.3k
2
Share
2000day in Safari
Bo0oM
May 21, 2019
More Decks by Bo0oM
See All by Bo0oM
Носок на сок
bo0om
0
1.9k
Выйди и зайди нормально
bo0om
0
100
Защита от вредоносной автоматизации сегодня
bo0om
0
650
Defending against automatization using nginx
bo0om
0
900
Antibot pitch deck
bo0om
0
180
31337
bo0om
0
230
Your back is white
bo0om
0
400
FTP2RCE
bo0om
1
7.7k
Interpret it!
bo0om
0
1.2k
Featured
See All Featured
Build The Right Thing And Hit Your Dates
maggiecrowley
39
3.1k
Leo the Paperboy
mayatellez
7
1.8k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
231
23k
A Modern Web Designer's Workflow
chriscoyier
698
190k
Become a Pro
speakerdeck
PRO
31
5.9k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
21
1.5k
[RailsConf 2023] Rails as a piece of cake
palkan
59
6.6k
Public Speaking Without Barfing On Your Shoes - THAT 2023
reverentgeek
1
390
Organizational Design Perspectives: An Ontology of Organizational Design Elements
kimpetersen
PRO
1
690
SERP Conf. Vienna - Web Accessibility: Optimizing for Inclusivity and SEO
sarafernandez
2
1.4k
Ecommerce SEO: The Keys for Success Now & Beyond - #SERPConf2024
aleyda
1
2k
コードの90%をAIが書く世界で何が待っているのか / What awaits us in a world where 90% of the code is written by AI
rkaga
61
44k
Transcript
2000-day in Safari Anton Lopanitsyn @i_bo0om
phdays.com #PHDays XSS https://portswigger.net/web-security/cross-site-scripting
phdays.com #PHDays UXSS https://evil.com https://victim.com
phdays.com #PHDays Save as webpage, complete
phdays.com #PHDays chrome://flags
phdays.com #PHDays MHTML
phdays.com #PHDays MHTML
phdays.com #PHDays
phdays.com #PHDays Safari save as webarchive
phdays.com #PHDays Signed webarchive
phdays.com #PHDays Plaintext webarchive
phdays.com #PHDays Plaintext webarchive <script> … </script>
phdays.com #PHDays Plaintext webarchive
phdays.com #PHDays
phdays.com #PHDays https://blog.rapid7.com/2013/04/25/abusing-safaris-webarchive-file-format/
phdays.com #PHDays
phdays.com #PHDays
phdays.com #PHDays
phdays.com #PHDays
phdays.com #PHDays
phdays.com #PHDays xhtml
phdays.com #PHDays xhtml
phdays.com #PHDays file:///Users/bo0om/Library/Containers/com.apple.mail/Data/Library/Mail%20 Downloads/2F4D2013-CCBF-4341-B05E-CEB4B76F30CE/Document.xhtm file:///Users/bo0om/Downloads/33h0ygug3ulny0gvwhh3d.webarchive
phdays.com #PHDays
phdays.com #PHDays file:///Users/bo0om/Library/Containers/com.apple.mail/Data/Downloads/x.webarchive file:///Users/bo0om/Library/Containers/com.apple.mail/Downloads/x.webarchive file:///Users/bo0om/Library/Containers/Downloads/x.webarchive file:///Users/bo0om/Library/Downloads/x.webarchive file:///Users/bo0om/Downloads/x.webarchive
phdays.com #PHDays DEMO https://github.com/Bo0oM/Safari2000day)
Thank you!
bo0om
maggiecrowley
mayatellez
danielanewman
chriscoyier
speakerdeck
sergeychernyshev
palkan
reverentgeek
kimpetersen
sarafernandez
aleyda
rkaga
