Tor Bowser Address Spoofing.
Steps to reproduce the problem: Please find the attachment.
- Open http://hackies.in/spoof.html
- Hit Go.
- The Address Bar gets spoofed.
Address Spoofing: Address bar says facebook.com Content is not facebook.com
However by closing the spoofed tab the browser crashed. In my attempts to repro, the page always goes blank after a short delay, both on Linux and Windows. I'm sure that it's possible to tweak the parameters to DoS the browser and delay the blank paint, but that's fragile and is unlikely to work well across machines.
The timer setTimeout() is actually set to 4 seconds. Locally, the spoofed content gets displayed for the time mention in the code (Time value van be extended) to make the spoof page stable.
Demo URL : http://hackies.in/spoof.html Please find the attachment for the reference.