Usually, Firefox can block mixed content as follows:
https://mkpocapp.appspot.com/bug1148732/victim
But using feed: protocol and POST method as follows, we can bypass it:
http://l0.cm/fx_mixed_content_blocker_bypass.html
<form action="feed:https://mkpocapp.appspot.com/bug1148732/victim" method="post">
<input type="submit" value="go">
</form>
To use this bug, we need http: resource in target https: website. So, you might think such website is broken from the beginning. But wait! I think this bug affects many websites.
Please go to the following page and see location.protocol:
http://l0.cm/fx_location_protocol_and_feed.html
location.protocol returns "feed:". Next, let's see Google Analytics tracking code.
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-xxx-y']);
_gaq.push(['_trackPageview']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
Let's take a look at red js code. If location.protocol is not "https:", insecure ga.js (http://www.google-analytics.com/ga.js) is loaded in the page. Combining with "location.protocol==feed:" trick, what's going to happen? Yes, we can load insecure js via GA tracking code! :)
For example, we can load insecure js in accounts.google.com as follows:
http://l0.cm/google/accounts.google.com_mixedscripting.html
Firefox 40 can block mixed content properly. But it seems that we can still put "feed:" string to protocol part of URL.
For example, we can load insecure js in accounts.google.com as follows:
http://l0.cm/google/accounts.google.com_mixedscripting.html
Firefox 40 can block mixed content properly. But it seems that we can still put "feed:" string to protocol part of URL.
Thank you!
Great Article
ReplyDeleteInformation Security Projects for Final Year Students
Project Centers in Chennai for CSE
JavaScript Training in Chennai
JavaScript Training in Chennai
Đại lý Aivivu chuyên cung cấp vé máy bay, tham khảo
ReplyDeletevé máy bay tết giá rẻ
Ve may bay di My
vé máy bay đi Pháp giá bao nhiêu
cách săn vé rẻ đi Hàn Quốc
giá vé máy bay từ tphcm đi nhật bản
vé máy bay đi Anh giá rẻ 2020
web đặt vé máy bay giá rẻ
Aivivu chuyên vé máy bay, tham khảo
ReplyDeletekinh nghiệm mua vé máy bay đi Mỹ giá rẻ
vé máy bay từ mỹ về vn
giá vé máy bay từ nhật bản về việt nam
thông tin chuyến bay từ canada về việt nam