elfs | A breakthrough! Cross-domain communication between non-cooperative parasite-and-host browser frames

I have acheived EVIL! EVIL, I tell you! I have successfully created a cross-domain communications channel between a page and a contained iframe even when the domains are not cooperating!

The trick involves javascript injection into the host (in the sense of "parasite and host") browser frame using a bookmarklet, which then starts running a tight-loop timer that watches the ANCHOR portion of the URL.

The parasite frame can then manipulate the ANCHOR portion of the URL, to which it has access with its initialized document.referer. As it does so, the infected host frame checks the ANCHOR every 10 milliseconds, then changes the ANCHOR back (to hide its activities) and uses that change as an ACK to the parasite, which can then send another message.

Using prefix codes, the infected host and parasite browser frames can communicate with each other. Depending upon the length of the URL, you have about a half-kilobyte of bandwidth-- not much it seems, but more than enough for a URL, a title, and maybe some metadata.

I'll hack up an example and post it to the technical blog sometime soon.

Wheee!

S	M	T	W	T	F	S
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

Most Popular Tags

anime - 28 uses
art - 17 uses
book - 73 uses
books - 44 uses
camping - 42 uses
cats - 18 uses
cooking - 49 uses
design - 38 uses
django - 20 uses
exercise - 51 uses
family - 60 uses
food - 55 uses
geek - 340 uses
geeky - 33 uses
gtd - 18 uses
health - 23 uses
intelligent design - 43 uses
kids - 181 uses
life - 1084 uses
meme - 55 uses
movie - 58 uses
muse - 30 uses
music - 55 uses
news - 298 uses
philosophy - 102 uses
photography - 61 uses
politics - 176 uses
porn - 41 uses
programming - 51 uses
python - 20 uses
reading - 51 uses
recipe - 37 uses
religion - 63 uses
restaurant - 25 uses
review - 264 uses
science - 22 uses
seattle - 43 uses
sex - 64 uses
shrill - 654 uses
sighting - 387 uses
transhumanism - 20 uses
uncategorized - 44 uses
unemployed - 30 uses
vacation - 33 uses
video - 20 uses
video game - 21 uses
web development - 25 uses
wine - 19 uses
work - 26 uses
writing - 386 uses

Flat | Top-Level Comments Only

From:

zanfur.livejournal.com

Interesting side channel...

elfs.livejournal.com

About the only one left that hasn't been closed by the browser folks, and it's hard to do so because we expect to be able to open sub-frames, and for sub-frames to be able to address new URLs. I wonder if they'll leave it open. It's difficult to imagine an exploit that doesn't involve a bookmarklet or similar apparatus (like XBL, which has to get into your system in the first place), so this is more a matter of bookmarklet people not violating the user's trust.

As I've been freelancing, though, I'm utterly shocked (naive, innocent me) by how many of my clients are so trustworthy, and say that they've never even thought about using anything but "the stuff that came with the computer when I bought it." That's usually IE.

technoshaman.livejournal.com

that is EVIL! And probably fairly CPU-intensive as well... and not even *close* to being ADA-compliant.

ionotter.livejournal.com

How well does it fare against NoScript?

Elf Sternberg

A breakthrough! Cross-domain communication between non-cooperative parasite-and-host browser frames

A breakthrough! Cross-domain communication between non-cooperative parasite-and-host browser frames

no subject

no subject

no subject

no subject

Profile

December 2025

Most Popular Tags

Page Summary

Active Entries

Style Credit

Expand Cut Tags