Remote IFrame Detector
I saw a presentation yesterday about cross-site scripting. It was pretty interesting (though a bit overdramatic) but ultimately almost all of the attacks came down to the ability to send the user to a site which contains an iframe for the site they wanted to visit.
This allows the attacker to be running javascript code on their machine, but the iframe makes the user believe he or she is at the same site. This can allow for keylogging and some degree of remote control.
All of this hinges on the ability to load the real site in an iframe from within the hacker site. It seems to be that all you need to do is prevent an iframe from loading a page on a different host than the one containing the iframe.
A simple way to accomplish a task like this is to load a greasemonkey script that draws a border around any iframe that is at a different location than the parent site. Having never written a greasemonkey script before, I set about doing this.
This is my first greasemonkey script, so it likely sucks, but it seems to work on the very limited set of tests I performed.
To install the script, click here.
Constructive feedback and criticisms welcome. I'm happy to improve this script, though I may not know exactly how to do so. ;)
Chris:
Great idea. Don’t forget to account for https:// URLs. These are most likely to be targeted for attack.
19 January 2007, 12:41 pm