Interesting Video Of BeEF and a Rickroll
This is more amusing than anything but if you aren’t familiar with the term Rickroll you should read this first. Click on the link in the article at your own risk - it’s very very annoying. Basically it’s the same old link bomb fun that we have all come to know and love that stops the browser from closing by tons of alerts (I’ve never been sure why the webpage gets to control if the app closes or not). Anyway…
If you aren’t familiar with BeEF, Josh Abraham made a video of himself testing BeEF against himself. He shows how Rickrolls can be used against the user. We are assuming that at this point the attacker has already done everything they wanted to do against the user, and now they are content with annoying them with annoying web-pages. It’s a big video but it definitely shows the power of BeEF as an attack platform.
November 4th, 2007 at 6:56 pm
Ran across this about 2-3 months ago and was going to post about it but I lost the link when I had to ctrl-alt-del Firefox. The modal dialogs really dont have a place in the modern browser and shouldn’t interfere with the user closing the tab/window.
November 4th, 2007 at 10:11 pm
hello
there is a xss in https://www.google.com
poc:https://www.google.com/accounts/ServiceLogin?service=mail&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl<mpl=default<mplcache=2&passive=truel#”>alert(’xss’)&1-=1
exploit:http://www.loveshell.net/blog/blogview.asp?logID=262
can i have your email?you can contact me by my email
November 5th, 2007 at 9:22 pm
Never gonna give you up … ARGH - it won’t get out of my head!
November 7th, 2007 at 3:26 pm
Heh. I’ve never heard of a Rickroll before, but it is far better than clicking on some link and seeing tub-girl or goatse. I am happy to say that has never happened to me either.
November 10th, 2007 at 12:53 am
Just remember to preview your tinyurls and other links.
Also disabling javascript/noscript is useful.