As we know, all browsers impose several restrictions when trying to access resources from different origins. Of course we can play music and render images coming from different domains but thanks to the Same Origin Policy, we will not be able to read …
Read More »Monthly Archives: September 2016
Detecting analysts before installing the malware (IE)
With the help of a beautiful piece of code, malware authors can detect installed applications straight from within the browser and serve the bad bits only to unsavvy users. In other words, attackers target regular users by detecting specific analysts applications (like Fiddler) and serving …
Read More »Referer spoofing and defeating the XSS filter (Edge/IE)
According to Wikipedia, “Referer spoofing is the sending of incorrect referer information in an HTTP request in order to prevent a website from obtaining accurate data on the identity of the web page previously visited by the user.” In other words, making …
Read More »CSS History Leak or “I know where you’ve been” (Edge)
Hello fellow bug hunter! I’ve been thinking this morning on the classic trick originally discovered by Jeremiah Grossman back in 2006, where you could find out which sites were visited by the user. If you are not familiar with this beauty, I recommend you …
Read More »