[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #5477 [EFF-HTTPS Everywhere]: Surprising DOM origins before HTTPS-E/NoScript redirects have completed

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #5477 [EFF-HTTPS Everywhere]: Surprising DOM origins before HTTPS-E/NoScript redirects have completed
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Tue, 17 Apr 2012 16:17:44 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 17 Apr 2012 12:18:01 -0400
In-reply-to: <046.ae2ee838b13caea9348aa964fae75ba1@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <046.ae2ee838b13caea9348aa964fae75ba1@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#5477: Surprising DOM origins before HTTPS-E/NoScript redirects have completed
------------------------------------------------------+---------------------
 Reporter:  Drugoy                                    |          Owner:  pde
     Type:  defect                                    |         Status:  new
 Priority:  major                                     |      Milestone:     
Component:  EFF-HTTPS Everywhere                      |        Version:     
 Keywords:  address spoofing, critical vulnerability  |         Parent:     
   Points:                                            |   Actualpoints:     
------------------------------------------------------+---------------------

Comment(by pde):

 mikeperry: the way I'm trying to snag a cookie is by document.writing an
 alert(document.cookie) script into the apple page.Â It doesn't seem to
 work: I think that write only goes to Apple's ''window'', not Apple's DOM,
 and only until the redirect has completed.Â So some way of stopping the
 redirect halfway would be necessary to make the fake login page work.

 (In my testing, if it gets any cookies, they're from the attack page, not
 the victim page:

 http://ww2.cs.mu.oz.au/~pde/bugs/5477-tst-cookies.html

 screenshot of (transient) cookie alert:

 http://ww2.cs.mu.oz.au/~pde/bugs/5477-screenshot.png

 )

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5477#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #5635 [Tor Directory Authority]: Hundreds of thousands of "While fetching directory info, no running dirservers known"
Next by Author: Re: [tor-bugs] #5477 [EFF-HTTPS Everywhere]: Surprising DOM origins before HTTPS-E/NoScript redirects have completed
Previous by thread: Re: [tor-bugs] #5477 [EFF-HTTPS Everywhere]: Surprising DOM origins before HTTPS-E/NoScript redirects have completed
Next by thread: Re: [tor-bugs] #5477 [EFF-HTTPS Everywhere]: Surprising DOM origins before HTTPS-E/NoScript redirects have completed
Index(es):
- Author
- Thread