跨子域cross-subdomain demo
JavaScript
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
.gitattributes
.gitignore
README
attack.htm
poc.js
proxy.htm

README

《Web前端黑客技术揭秘》跨子域DEMO

1、设置hosts:
127.0.0.1	evil.com
127.0.0.1	a.evil.com
2、将proxy目录放到本地Web服务根目录下。
3. 访问http://a.evil.com/proxy/attack.htm

原理:
双方页面都设置:document.domain='evil.com';在浏览器下,可跨子域。


by evilcos@gmail.com