musalbas/address-spoofing-poc musalbas/address-spoofing-poc

  • Stars
    star
    210
  • Rank 187,585 (Top 4 %)
  • Language
    HTML
  • Created over 9 years ago
  • Updated over 9 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
musalbas/address-spoofing-poc
github

musalbas

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Chrome address spoofing vulnerability proof-of-concept for HTTPS. (Original by David Leo.)

This is a modification of a proof-of-concept of a chrome address spoofing flaw published by David Leo (david.leo () deusen co uk) on the Full Disclosure mailing list.

(According to the original publication, this was reported to Google but it was regarded as a non-vulnerability.)

This version spoofs the HTTPS version of facebook.com. Surprisingly, it even shows the certificate in green:

You can try a live demo but note that you may have to try it a few times for it to work. There's a connection timing condition involved. However if you clone the repo locally, it should work 100% of the time.

Note that you can't interact with the spoofed web page, making the severity of this vulnerability limited as it can't be used to do direct phishing.

More Repositories

1

heartbleed-masstest

Multi-threaded tool for scanning many hosts for CVE-2014-0160.
Python
572
star
2

mcc-mnc-table

Mobile Country Codes (MCC) and Mobile Network Codes (MNC) table in CSV, JSON and XML. Updated daily.
Python
354
star
3

trustery

Public Key Infrastructure and identity management system on the Ethereum blockchain.
Python
63
star
4

solidity-BN256G2

Implementation of elliptic curve operations on G2 for alt_bn128 in Solidity.
Solidity
49
star
5

listentotwitter

Listen to Twitter.
Python
47
star
6

musicalpackets

Convert internet traffic to music.
JavaScript
23
star
7

KeypairAuth

A web-based keypair authentication system.
Python
8
star
8

coconut-ethereum

Ethereum implementation of the Coconut smart contract library.
Python
7
star
9

Nuclibook

Nuclear medicine booking system
JavaScript
6
star
10

yolo-crypto

Python
5
star
11

edetective-poc

Python
4
star
12

Corfucoin

C++
4
star
13

btcalltimehigh

A web application that records and displays the current and historic Bitcoin all time high prices.
Python
4
star
14

contour

Python
3
star
15

Battleships

Java
2
star
16

ipfs-experiments

Python
2
star
17

musalbas.com-old

Source code for https://musalbas.com
CSS
2
star
18

Asteroids-on-Steroids

Destroy anything by turning it into a game of Asteroids.
Python
2
star
19

trustery-report

TeX
2
star
20

DeleteCrawler

Python
2
star
21

WorldStatus

Java
1
star
22

promulgate

Python
1
star
23

hackerolympics2014-snippets

Some of the worst code I've ever written. Reminds me of when I was what, 13?
Python
1
star
24

Mailpile-print

Mailpile plugin for displaying a message in a printer-friendly format.
Python
1
star
25

camp2015-ticket-check

Shell
1
star
26

genre-affinity

Python
1
star
27

leopard-go

C
1
star
28

research-homepage

HTML
1
star