Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥

2000day in Safari

Avatar for Bo0oM Bo0oM
May 21, 2019
2
2.2k

2000day in Safari

Avatar for Bo0oM

Bo0oM

May 21, 2019
Tweet

More Decks by Bo0oM

See All by Bo0oM
Носок на сок
Avatar for Bo0oM bo0om
0
1.9k
Выйди и зайди нормально
Avatar for Bo0oM bo0om
0
87
Защита от вредоносной автоматизации сегодня
Avatar for Bo0oM bo0om
0
610
Defending against automatization using nginx
Avatar for Bo0oM bo0om
0
840
Antibot pitch deck
Avatar for Bo0oM bo0om
0
160
31337
Avatar for Bo0oM bo0om
0
200
Your back is white
Avatar for Bo0oM bo0om
0
370
FTP2RCE
Avatar for Bo0oM bo0om
1
7.6k
Interpret it!
Avatar for Bo0oM bo0om
0
1.2k

Featured

See All Featured
Site-Speed That Sticks
Avatar for Harry Roberts csswizardry
13
1k
The Cult of Friendly URLs
Avatar for Andy Hume andyhume
79
6.7k
Documentation Writing (for coders)
Avatar for Carmen Chung carmenintech
76
5.2k
A Modern Web Designer's Workflow
Avatar for Chris Coyier chriscoyier
698
190k
Art, The Web, and Tiny UX
Avatar for Lynn Fisher lynnandtonic
304
21k
How to Ace a Technical Interview
Avatar for Jacob Kaplan-Moss jacobian
281
24k
A Tale of Four Properties
Avatar for Chris Coyier chriscoyier
162
23k
The Web Performance Landscape in 2024 [PerfNow 2024]
Avatar for Tammy Everts tammyeverts
12
970
Fantastic passwords and where to find them - at NoRuKo
Avatar for Phil Nash philnash
52
3.5k
jQuery: Nuts, Bolts and Bling
Avatar for Doug Neiner dougneiner
65
8.3k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
Avatar for soudai sone soudai
PRO
196
70k
A designer walks into a library…
Avatar for Paul Jervis Heath pauljervisheath
210
24k

Transcript

  1. 2000-day in Safari Anton Lopanitsyn @i_bo0om

  2. phdays.com #PHDays XSS https://portswigger.net/web-security/cross-site-scripting

  3. phdays.com #PHDays UXSS https://evil.com https://victim.com

  4. phdays.com #PHDays Save as webpage, complete

  5. phdays.com #PHDays chrome://flags

  6. phdays.com #PHDays MHTML

  7. phdays.com #PHDays MHTML

  8. phdays.com #PHDays

  9. phdays.com #PHDays Safari save as webarchive

  10. phdays.com #PHDays Signed webarchive

  11. phdays.com #PHDays Plaintext webarchive

  12. phdays.com #PHDays Plaintext webarchive <script> … </script>

  13. phdays.com #PHDays Plaintext webarchive

  14. phdays.com #PHDays

  15. phdays.com #PHDays https://blog.rapid7.com/2013/04/25/abusing-safaris-webarchive-file-format/

  16. phdays.com #PHDays

  17. phdays.com #PHDays

  18. phdays.com #PHDays

  19. phdays.com #PHDays

  20. phdays.com #PHDays

  21. phdays.com #PHDays xhtml

  22. phdays.com #PHDays xhtml

  23. phdays.com #PHDays file:///Users/bo0om/Library/Containers/com.apple.mail/Data/Library/Mail%20 Downloads/2F4D2013-CCBF-4341-B05E-CEB4B76F30CE/Document.xhtm file:///Users/bo0om/Downloads/33h0ygug3ulny0gvwhh3d.webarchive

  24. phdays.com #PHDays

  25. phdays.com #PHDays file:///Users/bo0om/Library/Containers/com.apple.mail/Data/Downloads/x.webarchive file:///Users/bo0om/Library/Containers/com.apple.mail/Downloads/x.webarchive file:///Users/bo0om/Library/Containers/Downloads/x.webarchive file:///Users/bo0om/Library/Downloads/x.webarchive file:///Users/bo0om/Downloads/x.webarchive

  26. phdays.com #PHDays DEMO https://github.com/Bo0oM/Safari2000day)

  27. Thank you!