Skip to content

Module: iFrame Sniffer

Jump to bottom
Jess Williams edited this page Jan 13, 2020 · 3 revisions

Summary

  • Objective: Sniff data from other origins via iframes

  • Authors: Bart Leppens

  • Browsers: Safari, IE

  • Code

Internal Working

By using anchors (#) to request cross-origin resources in an iframe, it can leak information based on the presence and absence of elements.

Content can't be directly read with this technique, but data can be inferred from web applications.

      if (typeof LeakyFrame === 'function') {
          new LeakyFrame(inputURL,
            function(frame){
              //check each anchor
              for (var anchor = 0; anchor < arrayOfAnchorsToCheck.length; anchor++){
                if (frame.checkID(arrayOfAnchorsToCheck[anchor])){
                  resultList.push('Exists');
                }
                else{
                  resultList.push('Does not exist');
                }
              }
              frame.remove();

References

https://www.contextis.com/en/blog/framesniffing-against-sharepoint-and-linkedin

(old link, maybe check it on archive.org): http://www.contextis.co.uk/research/blog/framesniffing/

Feedback

User Guide

I. Introduction   |   II. Basic Utilization   |   III. Advanced Utilization   |   IV. Development   |   V. References

Community

Blog   |   Code   |   Youtube   |   Twitter

I - Starting BeEF

  1. Introducing BeEF
  2. Installation
  3. Basics
  4. Troubleshooting

II - Basic Utilization

  1. Configuration
  2. Interface
  3. Information Gathering
  4. Social Engineering
  5. Network Discovery
  6. Metasploit
  7. Tunneling
  8. XSS Rays
  9. Persistence
  10. Creating a Module
  11. Geolocation
  12. Using-BeEF-With-NGROK

III - Advanced Utilization

  1. RESTful API
  2. Autorun Rule Engine
  3. Notifications
  4. Console
  5. WebRTC Extension

IV - Development

  1. Contributing
  2. ActiveRecord
  3. Development Organization
  4. Architecture
  5. BeEF Javascript API
  6. Step By Step Module Creation
  7. Creating a New Extension
  8. BeEF Testing
  9. Browser & OS Compatibility
  10. Database Schema
  11. Development Milestones
  12. Command Module Config
  13. Command Module API

V - References

  1. FAQ
  2. Other
  3. References
  4. Modules
  5. Release Notes
Clone this wiki locally