Aziz Saleh – Software development

Bypass, Hijack, Beat, and Defeat Same Origin Policy

Description:

  • This is a flash object, combined with a PHP proxy and javascript (jquery) to process the Server – Proxy – Server Method.
  • This allows you to retrieve external Iframes which will be treated as if they were called from the same domain, thus defeating the Same Origin Policy.
  • Fully customizable.

Documentation:

  • Application installation:
    • Extract the folder into your working directory.
    • Implement example.php to your application.
  • Important Questions
    • The process for the SPSM is pretty much simple:
      • Your website makes the request to external website.
      • Your proxy page copies the exact request over to your site.
      • Your website has now bypassed the same origin policy, because of the proxy you can handle the returned request as your own.
    • What does this script use (all included)?
      • Flash for the click tracking.
      • CSS for the overlay.
      • Jquery for Javascript (can be easily changed to plain javascript).
      • AC_OETags to insert the flash object.
      • PHP Proxy to hold the request.
    • What is the only drawback of this app?
      • Your request will be expected twice instead of once. The requests might differ depending on how dynamic the response is.
  • Flash Variables:
    • callMe » Javascript function to call back on mouse click
    • width » Width of the flash object default » 200
    • height » Height of the flash object default » 200
    • Returned Variables:
      • x » x position of the click
      • y » y Position of the click

Demo

 

Leave a comment

Your email address will not be published. Required fields are marked *