Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥

2000day in Safari

Avatar for Bo0oM Bo0oM
May 21, 2019
2
2.2k

2000day in Safari

Avatar for Bo0oM

Bo0oM

May 21, 2019
Tweet

More Decks by Bo0oM

See All by Bo0oM
Носок на сок
Avatar for Bo0oM bo0om
0
1.8k
Выйди и зайди нормально
Avatar for Bo0oM bo0om
0
83
Защита от вредоносной автоматизации сегодня
Avatar for Bo0oM bo0om
0
600
Defending against automatization using nginx
Avatar for Bo0oM bo0om
0
840
Antibot pitch deck
Avatar for Bo0oM bo0om
0
160
31337
Avatar for Bo0oM bo0om
0
200
Your back is white
Avatar for Bo0oM bo0om
0
370
FTP2RCE
Avatar for Bo0oM bo0om
1
7.5k
Interpret it!
Avatar for Bo0oM bo0om
0
1.2k

Featured

See All Featured
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
Avatar for Aki / @LoveIdahoBurger aki_iinuma
128
54k
A better future with KSS
Avatar for Kyle Neath kneath
240
18k
Designing for humans not robots
Avatar for Tammie Lister tammielis
254
26k
How GitHub (no longer) Works
Avatar for Zach Holman holman
316
140k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
Avatar for Marc Duiker marcduiker
35
2.3k
Put a Button on it: Removing Barriers to Going Fast.
Avatar for kastner kastner
60
4.1k
Why Our Code Smells
Avatar for Brandon Keepers bkeepers
PRO
340
57k
10 Git Anti Patterns You Should be Aware of
Avatar for Lemi Orhan Ergin lemiorhan
PRO
659
61k
Stop Working from a Prison Cell
Avatar for Chris Michel hatefulcrawdad
273
21k
Bash Introduction
Avatar for André Augusto Costa Santos 62gerente
615
210k
KATA
Avatar for Megan Lloyd mclloyd
PRO
32
15k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
Avatar for panda_program panda_program
119
20k

Transcript

  1. 2000-day in Safari Anton Lopanitsyn @i_bo0om

  2. phdays.com #PHDays XSS https://portswigger.net/web-security/cross-site-scripting

  3. phdays.com #PHDays UXSS https://evil.com https://victim.com

  4. phdays.com #PHDays Save as webpage, complete

  5. phdays.com #PHDays chrome://flags

  6. phdays.com #PHDays MHTML

  7. phdays.com #PHDays MHTML

  8. phdays.com #PHDays

  9. phdays.com #PHDays Safari save as webarchive

  10. phdays.com #PHDays Signed webarchive

  11. phdays.com #PHDays Plaintext webarchive

  12. phdays.com #PHDays Plaintext webarchive <script> … </script>

  13. phdays.com #PHDays Plaintext webarchive

  14. phdays.com #PHDays

  15. phdays.com #PHDays https://blog.rapid7.com/2013/04/25/abusing-safaris-webarchive-file-format/

  16. phdays.com #PHDays

  17. phdays.com #PHDays

  18. phdays.com #PHDays

  19. phdays.com #PHDays

  20. phdays.com #PHDays

  21. phdays.com #PHDays xhtml

  22. phdays.com #PHDays xhtml

  23. phdays.com #PHDays file:///Users/bo0om/Library/Containers/com.apple.mail/Data/Library/Mail%20 Downloads/2F4D2013-CCBF-4341-B05E-CEB4B76F30CE/Document.xhtm file:///Users/bo0om/Downloads/33h0ygug3ulny0gvwhh3d.webarchive

  24. phdays.com #PHDays

  25. phdays.com #PHDays file:///Users/bo0om/Library/Containers/com.apple.mail/Data/Downloads/x.webarchive file:///Users/bo0om/Library/Containers/com.apple.mail/Downloads/x.webarchive file:///Users/bo0om/Library/Containers/Downloads/x.webarchive file:///Users/bo0om/Library/Downloads/x.webarchive file:///Users/bo0om/Downloads/x.webarchive

  26. phdays.com #PHDays DEMO https://github.com/Bo0oM/Safari2000day)

  27. Thank you!