Upgrade to Pro — share decks privately, control downloads, hide ads and more …

2000day in Safari

Avatar for Bo0oM Bo0oM
May 21, 2019
2
2.2k

2000day in Safari

Avatar for Bo0oM

Bo0oM

May 21, 2019
Tweet

More Decks by Bo0oM

See All by Bo0oM
Носок на сок
Avatar for Bo0oM bo0om
0
1.8k
Выйди и зайди нормально
Avatar for Bo0oM bo0om
0
74
Защита от вредоносной автоматизации сегодня
Avatar for Bo0oM bo0om
0
580
Defending against automatization using nginx
Avatar for Bo0oM bo0om
0
830
Antibot pitch deck
Avatar for Bo0oM bo0om
0
150
31337
Avatar for Bo0oM bo0om
0
180
Your back is white
Avatar for Bo0oM bo0om
0
360
FTP2RCE
Avatar for Bo0oM bo0om
1
7.5k
Interpret it!
Avatar for Bo0oM bo0om
0
1.2k

Featured

See All Featured
RailsConf 2023
Avatar for Aaron Patterson tenderlove
30
1.2k
Statistics for Hackers
Avatar for Jake VanderPlas jakevdp
799
220k
The Art of Delivering Value - GDevCon NA Keynote
Avatar for David Neal reverentgeek
15
1.6k
Designing Experiences People Love
Avatar for Jonathan Moore moore
142
24k
GraphQLの誤解/rethinking-graphql
Avatar for sonatard sonatard
71
11k
Fireside Chat
Avatar for paigeccino paigeccino
39
3.6k
Improving Core Web Vitals using Speculation Rules API
Avatar for Sergey Chernyshev sergeychernyshev
18
1.1k
Understanding Cognitive Biases in Performance Measurement
Avatar for Philip Tellis bluesmoon
29
1.9k
Why Our Code Smells
Avatar for Brandon Keepers bkeepers
PRO
339
57k
The MySQL Ecosystem @ GitHub 2015
Avatar for Sam Lambert samlambert
251
13k
Product Roadmaps are Hard
Avatar for C. Todd Lombardo iamctodd
PRO
54
11k
How STYLIGHT went responsive
Avatar for nonsquared nonsquared
100
5.8k

Transcript

  1. 2000-day in Safari Anton Lopanitsyn @i_bo0om

  2. phdays.com #PHDays XSS https://portswigger.net/web-security/cross-site-scripting

  3. phdays.com #PHDays UXSS https://evil.com https://victim.com

  4. phdays.com #PHDays Save as webpage, complete

  5. phdays.com #PHDays chrome://flags

  6. phdays.com #PHDays MHTML

  7. phdays.com #PHDays MHTML

  8. phdays.com #PHDays

  9. phdays.com #PHDays Safari save as webarchive

  10. phdays.com #PHDays Signed webarchive

  11. phdays.com #PHDays Plaintext webarchive

  12. phdays.com #PHDays Plaintext webarchive <script> … </script>

  13. phdays.com #PHDays Plaintext webarchive

  14. phdays.com #PHDays

  15. phdays.com #PHDays https://blog.rapid7.com/2013/04/25/abusing-safaris-webarchive-file-format/

  16. phdays.com #PHDays

  17. phdays.com #PHDays

  18. phdays.com #PHDays

  19. phdays.com #PHDays

  20. phdays.com #PHDays

  21. phdays.com #PHDays xhtml

  22. phdays.com #PHDays xhtml

  23. phdays.com #PHDays file:///Users/bo0om/Library/Containers/com.apple.mail/Data/Library/Mail%20 Downloads/2F4D2013-CCBF-4341-B05E-CEB4B76F30CE/Document.xhtm file:///Users/bo0om/Downloads/33h0ygug3ulny0gvwhh3d.webarchive

  24. phdays.com #PHDays

  25. phdays.com #PHDays file:///Users/bo0om/Library/Containers/com.apple.mail/Data/Downloads/x.webarchive file:///Users/bo0om/Library/Containers/com.apple.mail/Downloads/x.webarchive file:///Users/bo0om/Library/Containers/Downloads/x.webarchive file:///Users/bo0om/Library/Downloads/x.webarchive file:///Users/bo0om/Downloads/x.webarchive

  26. phdays.com #PHDays DEMO https://github.com/Bo0oM/Safari2000day)

  27. Thank you!