Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ブラウザのUIのバグを探す / Secusoba PopUnder

Masato Kinugawa
November 26, 2017
Technology
2
1.7k

ブラウザのUIのバグを探す / Secusoba PopUnder

第40回セキュそば勉強会(http://secusoba.info/?%E7%AC%AC40%E5%9B%9E%2811%E6%9C%8825%E6%97%A5%29) で発表した資料です。

Masato Kinugawa

November 26, 2017
Tweet

More Decks by Masato Kinugawa

See All by Masato Kinugawa
JSでDoSる/ Shibuya.XSS techtalk #11
masatokinugawa
21
5.9k
Electron: Abusing the lack of context isolation - CureCon(en)
masatokinugawa
5
84k
Electron: Context Isolationの欠如を利用した任意コード実行 / Electron: Abusing the lack of context isolation - CureCon(ja)
masatokinugawa
9
19k
バグハンターが見てきたBug Bountyの7年 / LINE Developer Meetup #34 Security Bug Bounty
masatokinugawa
18
11k
5文字で書くJavaScript/ Shibuya.XSS techtalk #10
masatokinugawa
35
19k
攻撃者視点で見る Service Worker / PWA Study SW
masatokinugawa
20
24k
USAGE OF XSS FILTER
masatokinugawa
4
2.5k
XSSフィルターの使い方/ Shibuya.XSS techtalk #9
masatokinugawa
7
2.6k
XSS Attacks through PATH
masatokinugawa
8
16k

Other Decks in Technology

See All in Technology
CDK使用歴1年の僕が現場でCDK導入するときに得たTips
miura55
0
310
エンジニアのためのドキュメントライティング / Docs for Developers and Paragraph Writing
nttcom
3
550
ORM - Object-relational mapping
onk
PRO
0
500
大規模レガシーテストを 倒すための CI基盤の作り方 / #CICD2023
udzura
4
1.5k
就活は相談したもの勝ち
carta_engineering
0
120
Invitation to K8s-Docs ja
nasa9084
0
1k
「はたらく」前に知るべきIT企業5つのヒミツ 〜プロが教えるプロダクト開発最前線〜 / geeksai_2023spring
visional_engineering_and_design
0
260
nlp2023 位置属性を有しない事物に対する地理的特定性の分析
takashiinui
0
140
テスト技法を使ったテストケースの表現方法/How to express test cases using test techniques
shimashima35
0
290
Pain-free APIs with Smithy4s
kubukoz
0
140
ITエンジニアとして大切にしている3つのこと
korodroid
1
440
ローコード自動テストを1ヶ月半で導入した話
sumiren
0
150

Featured

See All Featured
The Power of CSS Pseudo Elements
geoffreycrofte
53
4.4k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
14
1.2k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
657
120k
The Cult of Friendly URLs
andyhume
70
5.2k
How STYLIGHT went responsive
nonsquared
89
4.2k
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
101
6.2k
Music & Morning Musume
bryan
37
4.7k
No one is an island. Learnings from fostering a developers community.
thoeni
12
1.6k
KATA
mclloyd
12
10k
Thoughts on Productivity
jonyablonski
50
2.8k
Reflections from 52 weeks, 52 projects
jeffersonlam
340
18k
WebSockets: Embracing the real-time Web
robhawkes
58
6.1k

Transcript

  1. View Slide

  2. View Slide

  3. View Slide




  4. View Slide


  5. View Slide



  6. View Slide

  7. View Slide



  8. newWin = window.open('//example.com/','w','a');
    newWin.blur();//新しいウインドウのフォーカスを離す
    window.focus();//親にフォーカスを移す

    View Slide



  9. View Slide


  10. https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w

    View Slide

  11. View Slide

  12. View Slide

  13. View Slide

  14. View Slide

  15. View Slide

  16. confirm(1);

    View Slide

  17. prompt(1);

    View Slide

  18. print();

    View Slide

  19. //Basic認証

    View Slide

  20. //外部アプリを開くプロトコルへナビゲーション
    location = "mms:";

    View Slide

  21. onbeforeunload=function(e){return 1;}
    //どこかへ移動しようとするとダイアログ出現

    View Slide

  22. new PresentationRequest("").start();

    View Slide

  23. new PaymentRequest([{
    supportedMethods: ['basic-card']
    }], {
    total: {
    label: 1,
    amount: {
    currency: 'USD',
    value: 0
    }
    }
    }).show();

    View Slide

  24. navigator.usb.requestDevice({filters:[]});

    View Slide





  25. <br/>button.click();<br/>

    View Slide







  26. View Slide

  27. <br/>function popUnder() {<br/>new PresentationRequest("").start();<br/>window.open("https://example.com/", "_blank","a");<br/>setTimeout(function(){<br/>location.reload();//リロードでダイアログを消す<br/>},1000);<br/>}<br/>
    Create PopUnder

    View Slide

  28. View Slide








  29. View Slide






  30. View Slide



  31. View Slide




  32. View Slide

  33. View Slide