Redirected to this domain from a domain he trusts, he will also trust this The theory (as is also mentioned on the OWASP) is that if a user has been Have, e.g., a URL of the following type: attacker-domain after visiting which the user will Open redirectĬommon vulnerability in web applications. You will need a vulnerability that allows you to Time being, the attack is practically impossible to use because it is hard toĬount that we will be able to attach a proxy to the user, who will change the Was possible to talk about vulnerability in this application, i.e., notĬhecking where the redirections lead. Let’s see below how the application reacted to such changed redirection:įantastic! I think that already at this point it Picture nr 2 Substitution of response headers The values I set are shown in Picture nr 2. The appropriate option in Burp can be found in the menu Proxy->Options->Match and replace->Add. In the background (this is a webproxy tool), In order to test whether the redirections will actually allow redirecting to Redirections, in other words HTTP responses with 3xx codes.ĭefault, responds with redirection if we refer to a
Meaning, only links to a specific domain are allowed) is to use HTTP The experience of working with various applications, it was often noticed thatĪ good way to circumvent the rules related to URLs (in the example above, this one: ), he has to restart the application in order to be able to continue using it because there is no “Back” button in it. By the way, I discovered that if a user clicks on a link that answers with e.g. Testing the topic further, I noticed that links leading to the domain, are being opened in the application. So it is difficult toĬonvince the user to provide us with data to Google, if he will be able to see You can see in the video above, the link to Sekurak site does not open in theĬhat application itself, but in an external browser. Reality? Links to external domains are opened in the default system browser. The user clicks the link and then switches to the external domain. The simplest idea… is to add a link to an external chat domain. Search for redirection So I started to think about possible ways of redirecting the user to another domain. Panel is false (there is no address bar), so he would give his data there, Redirected to a domain controlled by me, where there would be a login panel To a location other than, which would result in a very reliable I thought that maybe I could find a way to convince an application to redirect Reliable method, no reliable indicator to confirm it. That it serves content from the domain, but there is no This means that the user must trust the application itself, Users to quickly differentiate sites they trust and have done business withĭesktop application. In essence, the domain name in the URL shown in the browser’s addressīar is one of the most important security indicators on the Web, as it allows Below is a quotationīy Michał Zalewski, which confirms this opinion:
You can determine whether or not you can trust the domain. The address bar is, in fact, the only place where The web version, displayed in a traditional browser, ofĬourse, has an address bar. It may seem that searching for bugs in the desktop version will be no differentįrom searching for bugs in the web version. Picture nr 1 Hangouts Chat comparison – web version (on the left) and desktop version (on the right) In fact, the Electron window simply displays the same website that is hosted at. In the case of Hangouts Chat, the desktop application is practically no different from its web version.
The application is, in fact, an instance of Chromium browser, and underneath Point of view it was realized in such a way that the window with the view of Use of web technologies, such as HTML, CSS, or JavaScript. Writing of applications for desktop systems (Windows, Linux, macOS) with the Turned out that the desktop application is written with the use of Electron, a framework that allows the Hangouts Chat – what a desktop application I also decided to use it – and I took a desktop application for the workshop because it is not web applications alone that humans live for :). Google apparently cared strongly about the security of this application because they awarded a number of research grants at the time. You can use the Chat both in your browser (at, but it is necessary to have a G Suite account), as well as in the form of a desktop and mobile application – which in turn, can be downloaded from. In short, it is aĬommunication platform for teams, where you can simply chat, as well as Surely the answer of the American giant to the ubiquitous Slack. Few months ago Google released a new product – Hangouts Chat application, which was
0 kommentar(er)
