$30 off During Our Annual Pro Sale. View Details »

ブラウザのUIのバグを探す / Secusoba PopUnder

Masato Kinugawa
November 26, 2017
Technology
2
1.8k

ブラウザのUIのバグを探す / Secusoba PopUnder

第40回セキュそば勉強会(http://secusoba.info/?%E7%AC%AC40%E5%9B%9E%2811%E6%9C%8825%E6%97%A5%29) で発表した資料です。

Masato Kinugawa

November 26, 2017
Tweet

More Decks by Masato Kinugawa

See All by Masato Kinugawa
Pwn2OwnでMicrosoft Teamsをハッキングして2000万円を獲得した方法/ Shibuya.XSS techtalk #12
masatokinugawa
13
14k
How I Hacked Microsoft Teams and got $150,000 in Pwn2Own
masatokinugawa
0
10k
JSでDoSる/ Shibuya.XSS techtalk #11
masatokinugawa
21
6.2k
Electron: Abusing the lack of context isolation - CureCon(en)
masatokinugawa
5
87k
Electron: Context Isolationの欠如を利用した任意コード実行 / Electron: Abusing the lack of context isolation - CureCon(ja)
masatokinugawa
9
21k
バグハンターが見てきたBug Bountyの7年 / LINE Developer Meetup #34 Security Bug Bounty
masatokinugawa
18
11k
5文字で書くJavaScript/ Shibuya.XSS techtalk #10
masatokinugawa
35
19k
攻撃者視点で見る Service Worker / PWA Study SW
masatokinugawa
20
25k
USAGE OF XSS FILTER
masatokinugawa
4
2.6k

Other Decks in Technology

See All in Technology
論文紹介: Improving Implicit Feedback-Based Recommendation through Multi-Behavior Alignment(Xin Xin et al., 2023)
hakubishin3
0
170
実装がすべてではない、開発者の周りから考える Web プロダクトセキュリティ
oldbigbuddha
1
210
Oracle Cloud Infrastructure データベース・クラウド:各バージョンのサポート期間
oracle4engineer
PRO
6
5.2k
開発生産性大幅アップ!Postman VS Code拡張機能
nagix
0
120
Cloud Security Day 2023パネルディスカッション資料
coconala_engineer
0
150
技術的負債あるある早く言いたい〜/RookiesLT-link-and-motivation
lmi
0
2k
Making your Kubernetes-based log collection reliable & durable with Vector
palark
0
330
RealSense T265とD415とUFACTORY Lite 6で模倣学習の実験
hygradme
0
340
cloudflare-workersを使ってslack上に匿名チャットを作った話
sugawani
0
130
visionOSについてGlobeeが取り組んでいること
toshi0383
0
230
eBPF for the rest of us - Golab 2023
fedepaol
0
300
⾃律的な開発チームを⽀えるためのSLO運⽤
sansantech
PRO
5
860

Featured

See All Featured
Design by the Numbers
sachag
272
18k
Fontdeck: Realign not Redesign
paulrobertlloyd
74
4.7k
BBQ
matthewcrist
76
8.5k
Reflections from 52 weeks, 52 projects
jeffersonlam
342
19k
Designing with Data
zakiwarfel
93
4.6k
The Invisible Customer
myddelton
113
12k
Navigating Team Friction
lara
177
13k
How to Ace a Technical Interview
jacobian
272
22k
The Illustrated Children's Guide to Kubernetes
chrisshort
26
45k
Building Your Own Lightsaber
phodgson
97
5.4k
What the flash - Photography Introduction
edds
64
11k
What’s in a name? Adding method to the madness
productmarketing
PRO
14
2.3k

Transcript

  1. View Slide

  2. View Slide

  3. View Slide




  4. View Slide


  5. View Slide



  6. View Slide

  7. View Slide



  8. newWin = window.open('//example.com/','w','a');
    newWin.blur();//新しいウインドウのフォーカスを離す
    window.focus();//親にフォーカスを移す

    View Slide



  9. View Slide


  10. https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w

    View Slide

  11. View Slide

  12. View Slide

  13. View Slide

  14. View Slide

  15. View Slide

  16. confirm(1);

    View Slide

  17. prompt(1);

    View Slide

  18. print();

    View Slide

  19. //Basic認証

    View Slide

  20. //外部アプリを開くプロトコルへナビゲーション
    location = "mms:";

    View Slide

  21. onbeforeunload=function(e){return 1;}
    //どこかへ移動しようとするとダイアログ出現

    View Slide

  22. new PresentationRequest("").start();

    View Slide

  23. new PaymentRequest([{
    supportedMethods: ['basic-card']
    }], {
    total: {
    label: 1,
    amount: {
    currency: 'USD',
    value: 0
    }
    }
    }).show();

    View Slide

  24. navigator.usb.requestDevice({filters:[]});

    View Slide





  25. <br/>button.click();<br/>

    View Slide







  26. View Slide

  27. <br/>function popUnder() {<br/>new PresentationRequest("").start();<br/>window.open("https://example.com/", "_blank","a");<br/>setTimeout(function(){<br/>location.reload();//リロードでダイアログを消す<br/>},1000);<br/>}<br/>
    Create PopUnder

    View Slide

  28. View Slide








  29. View Slide






  30. View Slide



  31. View Slide




  32. View Slide

  33. View Slide