Skip to content

GitLab

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Closed
Opened by Trac@tracbot

Tor Bowser Address Spoofing.

Steps to reproduce the problem: Please find the attachment.

  1. Open http://hackies.in/spoof.html
  2. Hit Go.
  3. The Address Bar gets spoofed.

Address Spoofing: Address bar says facebook.com Content is not facebook.com

However by closing the spoofed tab the browser crashed. In my attempts to repro, the page always goes blank after a short delay, both on Linux and Windows. I'm sure that it's possible to tweak the parameters to DoS the browser and delay the blank paint, but that's fragile and is unlikely to work well across machines.

The timer setTimeout() is actually set to 4 seconds. Locally, the spoofed content gets displayed for the time mention in the code (Time value van be extended) to make the spoof page stable.

Demo URL : http://hackies.in/spoof.html Please find the attachment for the reference.

Thank you

Trac:
Username: Dhiraj_Mishra

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information