Mainly the scenario is that there are two websites. The two website implements single sign-on. So if you login to the first website, you are considered logged on as well on the other. The problem is that the first website tries to get information such as XML from the second website; however, some users do not go to the second website in order to be automatically prompted by their browsers to accept/deny the certificate for that website.
Is there a way through javascript that if the user goes to the specific page in the first website, it will check if their browser has the certificate from the second website. If not, it will prompt the user to install the certificate from the second website in order for the contents of the page in the first website to fully load.
Related
I am trying to create a bot to buy tickets automatically from this website https://kide.app/products/96ad9c18-66b3-43e5-88f2-c55d9da3c227
So far I have succesfully made it that when I run the script it automatically logins to the site with my account and password. I used f12 and inspect element to copy the right parts of javascript which was relatively easy. But when I try to do the same thing with the add to cart feature, I can't find the right part from the code to copy. Is there some protection to block the making of such scripts or what?
I have tried to set cookies in multiples domain that i own (for a better user experience, they will be so directly logged in on my different domains)
The cookies is secured, i know we can edit it so it's a 64 random letters key for every users.
I've tried to load cookies with this https://subinsb.com/set-same-cookie-on-different-domains/ method but apparently it didn't work because i so by inspect that google chrome (my browser) had block the request considering that as hacking.
So for now it's a button that allows the cookie to load by windows openning in javascript but the user has to close every single window when cookie are load (long and boring)
Is there any way to make my operation simple ?
Thanks for your help,
Your sincerely,
MySve
You can use window.close() to close the current window. But opening a window for every domain isnt a good solution, and cross origin cookies arent great either.
I'd recommend doing it like this:
Lets say that the user is on webpage 1, and logged in on webpage 4.
Your button should redirect you to website 2.
Website 2 should check if the user is logged in. The user is not logged in, so it redirect you to website 3.
The user is not logged in on website 3 either, so it redirects you to website 4.
The user is logged in on website 4, so it redirects you back to page 1.
Hope this helps! :D
There is one thing I don't understand about the UI Redressing attack. Basically what I understand is:
1- The user clicks on a external URL
2- The attackers webpage opens. Inside this webpage, the original webpage is loaded as an iframe in a transparent manner.
3- As the user interacts with the attackers webpage he will actually be interacting with the transparent iframe.
Here is where I am confused. Why does the user even need to interact with the loaded webpage? Once the inner iframe is loaded you can have a javascript code to automate clicks on the page. Since this is all happening on the victims browser the target site will receive the victims session cookie and assume everythings fine.
Am I missing something here? Thanks in advance
Note: Please note this is a UI Redressing attack also known as click-jacking. This is different than phishing attacks.
The user wants to interact with the loaded webpage, because the user is not aware they are visiting a fake (inauthentic) page. I'm not 100% certain about the javascript, but I'm pretty sure the attacker wants to log the user's activity (e.g, keystrokes for a password).
I am working on an application (asp.net) where links to my application go through an email. Now one of the requirements is that only one instance of the application must be open for a user. Now when a user clicks on a link from an email I want to be able to spot if my application is already open in one of the browsers, grab it, change location and focus on that. Expecting it to be a javascript solution.
I have the next task - I have a page where we have some interaction logic:
After a user clicks a button, my script redirects the user to another site where it must be populate 2 textfields then click button, after redirect to new page it must click on another button.
My project is based on ASP.NET MVC4.
My questions are:
May I do all of this?
If yes, how can I redirect to another page and run my script
P.S.: Second web site isn't my site and everything I know is id of buttons where I need to click.
Elaborating on my comment
You cannot do this in a normal browser. You could write a bookmarklet or two that would navigate and click but there is no script you can write in a web page that will do what you want for security reasons. A long time ago, it was possible in IE to load a banking site into an iFrame and script and monitor user interaction to steal credentials. This has been blocked.
If you save an HTML page with the extension HTA, it can be loaded from harddisk in windows and will have relaxed security so you could load the other site into an iFrame and script the interaction. This is likely not what you want.
The last method is to use for example CURL to get the foreign page, insert stuff and submit the form to the foreign site and return the result. This is not recommended either.
So the question to you is: Why do you need this and are there other ways to do what you want
1) location.href = "http://another.page.com"
2) impossible for security purposes