Upgrade to Pro — share decks privately, control downloads, hide ads and more …

2000day in Safari

Bo0oM
May 21, 2019
2
2.1k

2000day in Safari

Bo0oM

May 21, 2019
Tweet

More Decks by Bo0oM

See All by Bo0oM
Защита от вредоносной автоматизации сегодня
bo0om
0
500
Defending against automatization using nginx
bo0om
0
770
Antibot pitch deck
bo0om
0
110
31337
bo0om
0
130
Your back is white
bo0om
0
300
FTP2RCE
bo0om
1
7.2k
Interpret it!
bo0om
0
1.1k
At Home Among Strangers
bo0om
1
3.7k
Partyhack 3.0 - Telegram bugbounty writeup
bo0om
0
4k

Featured

See All Featured
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
17
2.3k
jQuery: Nuts, Bolts and Bling
dougneiner
61
7.5k
Speed Design
sergeychernyshev
25
670
Reflections from 52 weeks, 52 projects
jeffersonlam
347
20k
Put a Button on it: Removing Barriers to Going Fast.
kastner
59
3.6k
A designer walks into a library…
pauljervisheath
204
24k
How to train your dragon (web standard)
notwaldorf
88
5.7k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
191
16k
What's in a price? How to price your products and services
michaelherold
243
12k
The MySQL Ecosystem @ GitHub 2015
samlambert
250
12k
Build your cross-platform service in a week with App Engine
jlugia
229
18k
GraphQLとの向き合い方2022年版
quramy
44
13k

Transcript

  1. 2000-day in Safari Anton Lopanitsyn @i_bo0om

  2. phdays.com #PHDays XSS https://portswigger.net/web-security/cross-site-scripting

  3. phdays.com #PHDays UXSS https://evil.com https://victim.com

  4. phdays.com #PHDays Save as webpage, complete

  5. phdays.com #PHDays chrome://flags

  6. phdays.com #PHDays MHTML

  7. phdays.com #PHDays MHTML

  8. phdays.com #PHDays

  9. phdays.com #PHDays Safari save as webarchive

  10. phdays.com #PHDays Signed webarchive

  11. phdays.com #PHDays Plaintext webarchive

  12. phdays.com #PHDays Plaintext webarchive <script> … </script>

  13. phdays.com #PHDays Plaintext webarchive

  14. phdays.com #PHDays

  15. phdays.com #PHDays https://blog.rapid7.com/2013/04/25/abusing-safaris-webarchive-file-format/

  16. phdays.com #PHDays

  17. phdays.com #PHDays

  18. phdays.com #PHDays

  19. phdays.com #PHDays

  20. phdays.com #PHDays

  21. phdays.com #PHDays xhtml

  22. phdays.com #PHDays xhtml

  23. phdays.com #PHDays file:///Users/bo0om/Library/Containers/com.apple.mail/Data/Library/Mail%20 Downloads/2F4D2013-CCBF-4341-B05E-CEB4B76F30CE/Document.xhtm file:///Users/bo0om/Downloads/33h0ygug3ulny0gvwhh3d.webarchive

  24. phdays.com #PHDays

  25. phdays.com #PHDays file:///Users/bo0om/Library/Containers/com.apple.mail/Data/Downloads/x.webarchive file:///Users/bo0om/Library/Containers/com.apple.mail/Downloads/x.webarchive file:///Users/bo0om/Library/Containers/Downloads/x.webarchive file:///Users/bo0om/Library/Downloads/x.webarchive file:///Users/bo0om/Downloads/x.webarchive

  26. phdays.com #PHDays DEMO https://github.com/Bo0oM/Safari2000day)

  27. Thank you!