All Questions
Tagged with attacksweb-browser
31 questions
6votes
4answers
1kviews
How can non-root intercept privileged loopback ports?
Please walk through how an attacker can intercept Chrome's connection to 127.0.0.1:999, as suggested by the warning below. This warning is consitently displayed across many versions of Chrome in many ...
5votes
1answer
782views
Are CSRF attacks a thing of the past?
If the default value for the samesite directive in the Set-Cookie header is lax, then surely the only way for a CSRF attack to work, is if the website's developer, for some reason, puts a less ...
0votes
1answer
911views
What can happen when you click on a bad link? [duplicate]
I sleepily clicked on this bad link yesterday (DONT CLICK Unless you know what you're doing: https://6to.me/idsoni7kjv with a "?fbclid=" param - presumably identifying me) I'm wondering how ...
25votes
5answers
15kviews
Can a website steal passwords saved in my browser?
Today I was on Steam and someone sent me a link and asked me to vote for him in some online gaming league. I clicked on it and the browser told me that this could be an unsafe link so I didn't proceed ...
- 399
3votes
2answers
491views
How do attacks on web browsers succeed? [closed]
We all know that attacks on web browsers are entirely possible. This includes attacks such as drive-by downloads, MITB (man-in-the-browser) attacks and keylogger browser plugins/extensions. However, ...
- 153
1vote
0answers
297views
Bizarre request being made from Chrome
I've been seeing a very weird request being made from my Chrome browser (haven't noticed it on Brave). It does not run on all websites, and not all the time (it can appear on a website, then after a ...
- 11
0votes
1answer
289views
Is there a danger to client port scanning?
Are there any security risks associated with client-side port scanning? Or, more specifically, a "trusted" site (e.g., banking website) loading javascript trying to connect to various localhost ports? ...
- 425
0votes
0answers
285views
Is JIT-compiler required for JIT-ROP attack?
I have been studying up on the concept of Just-in-Time (JIT) ROP attack (https://cs.unc.edu/~fabian/papers/oakland2013.pdf), and came across this question which I have not been able to find the ...
3votes
1answer
1kviews
Can Arbitrary Code Execution be done using CSS Injection?
As part of our class project, we are studying the attacks that could be done using CSS Injection. In our threat model, attacker can manipulate any CSS file on the server. If attacker replaces original ...
- 151
0votes
1answer
204views
Why are there no browser feature or extension to only check the domain and username to prevent phishing?
One of the recommendations to prevent phishing using look-alike domain names (like www.google.com.phishing.org or IDN homograph attacks) is to use a password manager or a physical security token like ...
- 183
-1votes
2answers
2kviews
My screen froze; have I been hacked? [closed]
I am computer illiterate . My screen froze and no keys , combination of keys, mouse, off switch , or closing the top had any effect. I have a Dell Insperion N 7010 using Windows 10 and our home WiFi. ...
1vote
1answer
180views
Mobile Website Security
I have a school project with the topic name "Mobile Website security" which is a little confusing. The task is to write a report regarding the type of threats and the defenses against these threats ...
30votes
2answers
5kviews
Why does curl/wget in the ebay search box give me an access denied error?
I just accidentally copypasted a wget command into the ebay search box and got the following error: It happens with wget http://google.com or curl http://google.com, or any other URL... It does seem ...
- 382
1vote
2answers
967views
Relay attack against Captcha
I am implementing a website that included my own text Captcha (I do not use any Captcha service - like reCaptcha). the Captcha code serves each challenge (i.e. image) only once for both display and ...
- 11
5votes
2answers
16kviews
XSS vectors in img src and background-image url
I'm a little confused about XSS vulnerabilities when serving img.src and background url. From what I understand, the only way to execute javascript in this case, is to use javascript protocol. Let's ...
