Skip to content
/ address-spoofing-poc Public
forked from landaire/address-spoofing-poc

Chrome address spoofing vulnerability proof-of-concept for HTTPS. (Original by David Leo.)

0 stars 32 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

BwRy/address-spoofing-poc

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits

README.md

README.md

 
 

content.html

content.html

 
 

index.html

index.html

 
 

screenshot.png

screenshot.png

 
 

Repository files navigation

This is a modification of a proof-of-concept of a chrome address spoofing flaw published by David Leo (david.leo () deusen co uk) on the Full Disclosure mailing list.

(According to the original publication, this was reported to Google but it was regarded as a non-vulnerability.)

This version spoofs the HTTPS version of facebook.com. Surprisingly, it even shows the certificate in green:

You can try a live demo but note that you may have to try it a few times for it to work. There's a connection timing condition involved. However if you clone the repo locally, it should work 100% of the time.

About

Chrome address spoofing vulnerability proof-of-concept for HTTPS. (Original by David Leo.)

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • HTML 100.0%