Upgrade to Pro — share decks privately, control downloads, hide ads and more …

2000day in Safari

Bo0oM
May 21, 2019
2
2k

2000day in Safari

Bo0oM

May 21, 2019
Tweet

More Decks by Bo0oM

See All by Bo0oM
Защита от вредоносной автоматизации сегодня
bo0om
0
420
Defending against automatization using nginx
bo0om
0
710
Antibot pitch deck
bo0om
0
98
31337
bo0om
0
96
Your back is white
bo0om
0
240
FTP2RCE
bo0om
0
6.9k
Interpret it!
bo0om
0
1k
At Home Among Strangers
bo0om
1
3.4k
Partyhack 3.0 - Telegram bugbounty writeup
bo0om
0
3.9k

Featured

See All Featured
GitHub's CSS Performance
jonrohan
1024
450k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
60
14k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
226
51k
Building Better People: How to give real-time feedback that sticks.
wjessup
354
18k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
9
8.3k
In The Pink: A Labor of Love
frogandcode
138
21k
The Cult of Friendly URLs
andyhume
74
5.7k
Navigating Team Friction
lara
177
13k
The World Runs on Bad Software
bkeepers
PRO
61
6.7k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
220
21k
The Invisible Side of Design
smashingmag
294
49k
Designing with Data
zakiwarfel
95
4.8k

Transcript

  1. 2000-day in Safari Anton Lopanitsyn @i_bo0om

  2. phdays.com #PHDays XSS https://portswigger.net/web-security/cross-site-scripting

  3. phdays.com #PHDays UXSS https://evil.com https://victim.com

  4. phdays.com #PHDays Save as webpage, complete

  5. phdays.com #PHDays chrome://flags

  6. phdays.com #PHDays MHTML

  7. phdays.com #PHDays MHTML

  8. phdays.com #PHDays

  9. phdays.com #PHDays Safari save as webarchive

  10. phdays.com #PHDays Signed webarchive

  11. phdays.com #PHDays Plaintext webarchive

  12. phdays.com #PHDays Plaintext webarchive <script> … </script>

  13. phdays.com #PHDays Plaintext webarchive

  14. phdays.com #PHDays

  15. phdays.com #PHDays https://blog.rapid7.com/2013/04/25/abusing-safaris-webarchive-file-format/

  16. phdays.com #PHDays

  17. phdays.com #PHDays

  18. phdays.com #PHDays

  19. phdays.com #PHDays

  20. phdays.com #PHDays

  21. phdays.com #PHDays xhtml

  22. phdays.com #PHDays xhtml

  23. phdays.com #PHDays file:///Users/bo0om/Library/Containers/com.apple.mail/Data/Library/Mail%20 Downloads/2F4D2013-CCBF-4341-B05E-CEB4B76F30CE/Document.xhtm file:///Users/bo0om/Downloads/33h0ygug3ulny0gvwhh3d.webarchive

  24. phdays.com #PHDays

  25. phdays.com #PHDays file:///Users/bo0om/Library/Containers/com.apple.mail/Data/Downloads/x.webarchive file:///Users/bo0om/Library/Containers/com.apple.mail/Downloads/x.webarchive file:///Users/bo0om/Library/Containers/Downloads/x.webarchive file:///Users/bo0om/Library/Downloads/x.webarchive file:///Users/bo0om/Downloads/x.webarchive

  26. phdays.com #PHDays DEMO https://github.com/Bo0oM/Safari2000day)

  27. Thank you!