Cenzic 232 Patent
Paid Advertising
web application security lab

Mhtml Continued

I got some complaints with how I wrote my mhtml library so I’ve modified it to be a little better (fixed the restriction functionality and expanded it to support https as well as http). I also uploaded a sample of how it works so people can actually see what’s going on here (you must use Internet Explorer 7.0). The example I chose is probably more interesting than most.

Expanding on the original example that Trev built, I pulled a page from Google, but I picked a slightly more interesting page that includes not only the user’s email address, but their actual email address that they used to register their account.

Assuming the user visiting the page is already authenticated to Gmail we can de-anonymize people who hide behind the gmail.com domain and use Internet Explorer. There are probably lots of other interesting things you can pull with this, but I just wanted to throw together an example that people could really understand.

Comments are closed.