Upgrade to Pro — share decks privately, control downloads, hide ads and more …

2000day in Safari

Avatar for Bo0oM Bo0oM
May 21, 2019
2
2.3k

2000day in Safari

Avatar for Bo0oM

Bo0oM

May 21, 2019
Tweet

More Decks by Bo0oM

See All by Bo0oM
Носок на сок
Avatar for Bo0oM bo0om
0
1.9k
Выйди и зайди нормально
Avatar for Bo0oM bo0om
0
88
Защита от вредоносной автоматизации сегодня
Avatar for Bo0oM bo0om
0
620
Defending against automatization using nginx
Avatar for Bo0oM bo0om
0
860
Antibot pitch deck
Avatar for Bo0oM bo0om
0
170
31337
Avatar for Bo0oM bo0om
0
200
Your back is white
Avatar for Bo0oM bo0om
0
380
FTP2RCE
Avatar for Bo0oM bo0om
1
7.6k
Interpret it!
Avatar for Bo0oM bo0om
0
1.2k

Featured

See All Featured
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
Avatar for Aki / @LoveIdahoBurger aki_iinuma
128
55k
Java REST API Framework Comparison - PWX 2021
Avatar for Matt Raible mraible
34
9.1k
Statistics for Hackers
Avatar for Jake VanderPlas jakevdp
799
230k
Building Experiences: Design Systems, User Experience, and Full Site Editing
Avatar for Michelle Schulp Hunt marktimemedia
0
380
Embracing the Ebb and Flow
Avatar for Simon Collison colly
88
4.9k
How to optimise 3,500 product descriptions for ecommerce in one day using ChatGPT
Avatar for Katarina Dahlin katarinadahlin
PRO
0
3.4k
Building a Scalable Design System with Sketch
Avatar for Laura Van Doore lauravandoore
463
34k
DBのスキルで生き残る技術 - AI時代におけるテーブル設計の勘所
Avatar for soudai sone soudai
PRO
61
48k
How to Get Subject Matter Experts Bought In and Actively Contributing to SEO & PR Initiatives.
Avatar for Liv Day livdayseo
0
47
Winning Ecommerce Organic Search in an AI Era - #searchnstuff2025
Avatar for Aleyda Solis aleyda
0
1.8k
Easily Structure & Communicate Ideas using Wireframe
Avatar for Afnizar Nur Ghifari afnizarnur
194
17k
Design in an AI World
Avatar for tapps tapps
0
120

Transcript

  1. 2000-day in Safari Anton Lopanitsyn @i_bo0om

  2. phdays.com #PHDays XSS https://portswigger.net/web-security/cross-site-scripting

  3. phdays.com #PHDays UXSS https://evil.com https://victim.com

  4. phdays.com #PHDays Save as webpage, complete

  5. phdays.com #PHDays chrome://flags

  6. phdays.com #PHDays MHTML

  7. phdays.com #PHDays MHTML

  8. phdays.com #PHDays

  9. phdays.com #PHDays Safari save as webarchive

  10. phdays.com #PHDays Signed webarchive

  11. phdays.com #PHDays Plaintext webarchive

  12. phdays.com #PHDays Plaintext webarchive <script> … </script>

  13. phdays.com #PHDays Plaintext webarchive

  14. phdays.com #PHDays

  15. phdays.com #PHDays https://blog.rapid7.com/2013/04/25/abusing-safaris-webarchive-file-format/

  16. phdays.com #PHDays

  17. phdays.com #PHDays

  18. phdays.com #PHDays

  19. phdays.com #PHDays

  20. phdays.com #PHDays

  21. phdays.com #PHDays xhtml

  22. phdays.com #PHDays xhtml

  23. phdays.com #PHDays file:///Users/bo0om/Library/Containers/com.apple.mail/Data/Library/Mail%20 Downloads/2F4D2013-CCBF-4341-B05E-CEB4B76F30CE/Document.xhtm file:///Users/bo0om/Downloads/33h0ygug3ulny0gvwhh3d.webarchive

  24. phdays.com #PHDays

  25. phdays.com #PHDays file:///Users/bo0om/Library/Containers/com.apple.mail/Data/Downloads/x.webarchive file:///Users/bo0om/Library/Containers/com.apple.mail/Downloads/x.webarchive file:///Users/bo0om/Library/Containers/Downloads/x.webarchive file:///Users/bo0om/Library/Downloads/x.webarchive file:///Users/bo0om/Downloads/x.webarchive

  26. phdays.com #PHDays DEMO https://github.com/Bo0oM/Safari2000day)

  27. Thank you!