maride/hacktricks
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks.git synced 2025-10-10 18:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Translated ['src/pentesting-web/browser-extension-pentesting-methodology

Browse Source
This commit is contained in:
Translator 2025-04-13 15:32:16 +00:00
parent d1190a7052
commit dca99ced41
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/pentesting-web/browser-extension-pentesting-methodology/browext-clickjacking.md
View File

@ -25,7 +25,7 @@
## PrivacyBadger示例 ## PrivacyBadger示例
在扩展PrivacyBadger中发现了一个`skin/`目录被声明为`web_accessible_resources`相关的漏洞(查看原始[博客文章](https://blog.lizzie.io/clickjacking-privacy-badger.html) 在扩展PrivacyBadger中发现了与`skin/`目录被声明为`web_accessible_resources`相关的漏洞,具体如下(查看原始[博客文章](https://blog.lizzie.io/clickjacking-privacy-badger.html)
```json ```json
"web_accessible_resources": [ "web_accessible_resources": [
"skin/*", "skin/*",
@ -79,7 +79,7 @@ src="chrome-extension://ablpimhddhnaldgkfbpafchflffallca/skin/popup.html">
<figure><img src="../../images/image (21).png" alt=""><figcaption></figcaption></figure> <figure><img src="../../images/image (21).png" alt=""><figcaption></figcaption></figure>
**另一个在 Metamask 扩展中修复的 ClickJacking** 是用户能够在页面被怀疑为钓鱼时 **点击以列入白名单**,因为 `“web_accessible_resources”: [“inpage.js”, “phishing.html”]`。由于该页面易受 Clickjacking 攻击,攻击者可以利用它显示一些正常内容,使受害者在未注意的情况下点击以列入白名单,然后再返回到将被列入白名单的钓鱼页面。 在 Metamask 扩展中修复的 **另一个 ClickJacking** 是用户能够在页面被怀疑为钓鱼时 **点击以列入白名单**,因为 `“web_accessible_resources”: [“inpage.js”, “phishing.html”]`。由于该页面易受 Clickjacking 攻击,攻击者可以利用它显示一些正常内容,使受害者在未注意的情况下点击以列入白名单,然后再返回到将被列入白名单的钓鱼页面。
## Steam Inventory Helper 示例 ## Steam Inventory Helper 示例