Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
2000day in Safari
Search
Bo0oM
May 21, 2019
2
2.2k
2000day in Safari
Bo0oM
May 21, 2019
Tweet
Share
More Decks by Bo0oM
See All by Bo0oM
Защита от вредоносной автоматизации сегодня
bo0om
0
530
Defending against automatization using nginx
bo0om
0
800
Antibot pitch deck
bo0om
0
120
31337
bo0om
0
140
Your back is white
bo0om
0
320
FTP2RCE
bo0om
1
7.3k
Interpret it!
bo0om
0
1.1k
At Home Among Strangers
bo0om
1
3.8k
Partyhack 3.0 - Telegram bugbounty writeup
bo0om
0
4k
Featured
See All Featured
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
GraphQLとの向き合い方2022年版
quramy
46
14k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
23
2.6k
Become a Pro
speakerdeck
PRO
27
5.3k
4 Signs Your Business is Dying
shpigford
183
22k
The Pragmatic Product Professional
lauravandoore
33
6.5k
Rails Girls Zürich Keynote
gr2m
94
13k
How STYLIGHT went responsive
nonsquared
99
5.5k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
666
120k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
52
2.4k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
Transcript
2000-day in Safari Anton Lopanitsyn @i_bo0om
phdays.com #PHDays XSS https://portswigger.net/web-security/cross-site-scripting
phdays.com #PHDays UXSS https://evil.com https://victim.com
phdays.com #PHDays Save as webpage, complete
phdays.com #PHDays chrome://flags
phdays.com #PHDays MHTML
phdays.com #PHDays MHTML
phdays.com #PHDays
phdays.com #PHDays Safari save as webarchive
phdays.com #PHDays Signed webarchive
phdays.com #PHDays Plaintext webarchive
phdays.com #PHDays Plaintext webarchive <script> … </script>
phdays.com #PHDays Plaintext webarchive
phdays.com #PHDays
phdays.com #PHDays https://blog.rapid7.com/2013/04/25/abusing-safaris-webarchive-file-format/
phdays.com #PHDays
phdays.com #PHDays
phdays.com #PHDays
phdays.com #PHDays
phdays.com #PHDays
phdays.com #PHDays xhtml
phdays.com #PHDays xhtml
phdays.com #PHDays file:///Users/bo0om/Library/Containers/com.apple.mail/Data/Library/Mail%20 Downloads/2F4D2013-CCBF-4341-B05E-CEB4B76F30CE/Document.xhtm file:///Users/bo0om/Downloads/33h0ygug3ulny0gvwhh3d.webarchive
phdays.com #PHDays
phdays.com #PHDays file:///Users/bo0om/Library/Containers/com.apple.mail/Data/Downloads/x.webarchive file:///Users/bo0om/Library/Containers/com.apple.mail/Downloads/x.webarchive file:///Users/bo0om/Library/Containers/Downloads/x.webarchive file:///Users/bo0om/Library/Downloads/x.webarchive file:///Users/bo0om/Downloads/x.webarchive
phdays.com #PHDays DEMO https://github.com/Bo0oM/Safari2000day)
Thank you!
bo0om
keithpitt
denniskardys
quramy
eileencodes
speakerdeck
shpigford
lauravandoore
gr2m
nonsquared
pedronauck
tammyeverts
stephaniewalter
