[tor-bugs] #5477 [EFF-HTTPS Everywhere]: Surprising DOM origins before HTTPS-E/NoScript redirects have completed
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue Apr 17 16:17:44 UTC 2012
#5477: Surprising DOM origins before HTTPS-E/NoScript redirects have completed
------------------------------------------------------+---------------------
Reporter: Drugoy | Owner: pde
Type: defect | Status: new
Priority: major | Milestone:
Component: EFF-HTTPS Everywhere | Version:
Keywords: address spoofing, critical vulnerability | Parent:
Points: | Actualpoints:
------------------------------------------------------+---------------------
Comment(by pde):
mikeperry: the way I'm trying to snag a cookie is by document.writing an
alert(document.cookie) script into the apple page. It doesn't seem to
work: I think that write only goes to Apple's ''window'', not Apple's DOM,
and only until the redirect has completed. So some way of stopping the
redirect halfway would be necessary to make the fake login page work.
(In my testing, if it gets any cookies, they're from the attack page, not
the victim page:
http://ww2.cs.mu.oz.au/~pde/bugs/5477-tst-cookies.html
screenshot of (transient) cookie alert:
http://ww2.cs.mu.oz.au/~pde/bugs/5477-screenshot.png
)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5477#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list