Episode Details
Back to Episodes
Course 38 - Web Security Known Web Attacks | Episode 4: From Phishing to Reverse Clickjacking
Published 1 week ago
Description
In this lesson, you’ll learn about: window.opener risks, phishing via tab manipulation, and Same Origin Method Execution (SOME)1. What is window.openerUsing JavaScript:🔹 Definition:
A child tab can control or modify the parent tab2. Why window.opener is Dangerous🔹 Core issue:
Opening external links creates a hidden trust boundary3. Phishing via window.opener🔹 Attack flow:
User thinks they’re still on the trusted site4. Why This Phishing Works🔹 Psychological factor:
This attack combines technical manipulation + human trust5. Same Origin Method Execution (SOME)🔹 Definition:
Even without full XSS, attackers can still execute actions indirectly6. How SOME Works🔹 Core idea:
Timing + reference = powerful attack vector7. Weak Callback Exploitation🔹 Targets:
Even restricted inputs can be abused for execution8. Example Impact of SOME🔹 Possible actions:
User doesn’t need to interact—actions happen silently9. Relation to Other Attacks🔹 Similar to:
SOME is a bypass technique when XSS/CSRF are blocked10. Preventing window.opener Attacks🔹 Best practices:
You must explicitly break the opener relationship11. Defense Against SOME🔹 Strategies:
Never rely on client-side trust12. Big Security Lesson🔹 Core idea:
Security requires understanding how features interact, not just codeKey Takeaways
- A property that gives a newly opened tab access to its parent tab
- When a link uses target="_blank"
A child tab can control or modify the parent tab2. Why window.opener is Dangerous🔹 Core issue:
- Trust between tabs is implicit
- The new tab may be malicious or compromised
Opening external links creates a hidden trust boundary3. Phishing via window.opener🔹 Attack flow:
- User clicks link on trusted site
- New tab opens (attacker-controlled)
- Attacker uses window.opener
- Parent tab is redirected to fake login page
User thinks they’re still on the trusted site4. Why This Phishing Works🔹 Psychological factor:
- User trusts the original tab
- URL changes silently in background
This attack combines technical manipulation + human trust5. Same Origin Method Execution (SOME)🔹 Definition:
- Triggering actions in another window using limited scripting capabilities
- Reverse clickjacking
Even without full XSS, attackers can still execute actions indirectly6. How SOME Works🔹 Core idea:
- Child tab keeps reference to parent
- Waits for parent to reach sensitive state
- Triggers actions programmatically
Timing + reference = powerful attack vector7. Weak Callback Exploitation🔹 Targets:
- JSONP endpoints
- Legacy browser integrations
- Accept limited characters
- Still allow function execution
Even restricted inputs can be abused for execution8. Example Impact of SOME🔹 Possible actions:
- Trigger button clicks
- Submit forms
- Perform sensitive operations
User doesn’t need to interact—actions happen silently9. Relation to Other Attacks🔹 Similar to:
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Uses browser relationships instead of direct injection
SOME is a bypass technique when XSS/CSRF are blocked10. Preventing window.opener Attacks🔹 Best practices:
- Add rel="noopener noreferrer" to links
- Avoid unnecessary target="_blank"
- Use strict Content Security Policy (CSP)
You must explicitly break the opener relationship11. Defense Against SOME🔹 Strategies:
- Avoid JSONP and legacy callbacks
- Validate all actions server-side
- Implement CSRF protections
Never rely on client-side trust12. Big Security Lesson🔹 Core idea:
- Browser features can be weaponized
- Even “normal” functionality can become an attack vector
Security requires understanding how features interact, not just codeKey Takeaways
- window.opener allows child tabs to control parent tabs
- Can be used for stealth phishing attacks
- SOME enables action execution without full XSS
- Legacy features increase risk
- Proper link attributes and validation are critical
Listen Now
Love PodBriefly?
If you like Podbriefly.com, please consider donating to support the ongoing development.
Support Us