Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I know that you can easily trigger a series of POST/GET to a target website usin

ID: 661317 • Letter: I

Question

I know that you can easily trigger a series of POST/GET to a target website using an iframe as I have done it in the past to manipulate session variable on my sites.

My question is more about : what information could I get from another website that I load into an iframe?

If I'm right, the same origin policy is supposed to block me from reading the iframe content if the page I load into the iframe is not from the same domain as the page containing the iframe. Is there any ways to do bypass that?

If there are information that I absolutely need to read on the page, like unique form submission token, how would you mount the attack?

Explanation / Answer

The closest thing that matches your question is a Clickjacking attack (UI redress).

This is where you load another website within an IFrame that contains a button for the user to click. For example you (the attacker) could load the URL on a user's bank's website in the form https://www.example.com/money_transfer.aspx?to_account=12345&amount=1000000 where 12345 is your account number. If they are already logged into their bank and the response is a HTML form containing a single Transfer button, you could draw your own UI in your outer page that would replace the button with one that said Get a free iPad now!.

When the unsuspecting user clicks the free iPad button on your site, they are in fact clicking the Transfer button on their bank's website to transfer the money.

This sort of attack can be defeated by setting the X-Frame-Options HTTP header which modern browsers will obey and stop your website from being loaded within a frame.

Accessing the loaded IFrame using scripting is prohibited due to the Same Origin Policy - the only way round this if the user is using some old unsupported browser, or a browser containing a vulnerability where the origin is not properly checked.

The other possibility is a Rebinding Attack - the scope of this is usually limited as the cookies sent to the rebound IP will be the same as to the attacker's domain.

Related Questions

I know that the questions are supposed to be limited which is why I why bolded w
Question #295677
I know that there are already tools out there to generate cryptographic random n
Question #661252
I know that there are companies that offer a kit+storage of your pet DNA for aro
Question #30800
I know that there are some other questions about c++ refactoring, but none satis
Question #654634
I know that there is similiar question, but I\'m unable to use Microsoft Securit
Question #658685
I know that there is some things wrong just not sure on how to fix (i need a loo
Question #3660225
I know that there is something called partial correctness, but I was wondering i
Question #651834
I know that there\'s no evidence at this point for \"white holes\" however would
Question #2284567

Navigate

Previous
I know that you are not taking Macro but Micro. However, as your economics instr
Next
I know that you can\'t answer alll of these questions with out the lab but can y