User Controls

Depending on the browser, could you force a crash?

  1. #1
    Sophie Pedophile Tech Support
    I know there are some buffer overflow shenanigans in old FF. And while i haven't looked into them yet, i was wondering if you could just write a piece of JS let's say, that basically kills the browser.

    other than that any exploits for certain browsers you are familiar with that do the same?
  2. #2
    Lanny Bird of Courage
    With modern browsers, tabs are generally isolated into their own processes (which is why if you look at your process manager you probably see a bazillion processes) so even if you max out your utilization on a page, other browser functions don’t get starved (because they’re different processes and will get scheduled by the os).

    If you want to crash the whole browser you either need to manage to break out of the JS sandbox then escape process isolation somehow (not easy) or find an IPC mechanism that’s abusable. Latter is probably easier, with a dozen new browser APIs a year there’s bound to be something that’s not adequately throttled or size capped
  3. #3
    the man who put it in my hood Black Hole [miraculously counterclaim my golf]
    didn't spamming auto embed YT videos crash browsers
  4. #4
    Sophie Pedophile Tech Support
    Originally posted by Lanny With modern browsers, tabs are generally isolated into their own processes (which is why if you look at your process manager you probably see a bazillion processes) so even if you max out your utilization on a page, other browser functions don’t get starved (because they’re different processes and will get scheduled by the os).

    If you want to crash the whole browser you either need to manage to break out of the JS sandbox then escape process isolation somehow (not easy) or find an IPC mechanism that’s abusable. Latter is probably easier, with a dozen new browser APIs a year there’s bound to be something that’s not adequately throttled or size capped

    Could you elaborate a little on IPC, i am vaguely familiar with the term. I might be more familiar with the concept but IPC as a term isn't something i hear too often.

    Other than that, the things you mentioned are why i figured i'd make a thread to ask. :\
  5. #5
    You could lure them to your webserver and create an IFRAME which sits as an overlay over the scroll bar, so when they go to grab the scrollbar, it won't move, but the IFRAME will, and when they release the IFRAME onto the current browser window, you could run further CODE through the IFRAME.
  6. #6
    Sophie Pedophile Tech Support
    Originally posted by ⠀⠀⠀⠀⠀⠀ You could lure them to your webserver and create an IFRAME which sits as an overlay over the scroll bar, so when they go to grab the scrollbar, it won't move, but the IFRAME will, and when they release the IFRAME onto the current browser window, you could run further CODE through the IFRAME.

    I have considered injecting through iFrames, but there are some secure browsers that will nip that in the bud.
  7. #7
    Originally posted by Sophie I have considered injecting through iFrames, but there are some secure browsers that will nip that in the bud.

    Obfuscate the IFRAME injection with HEX maybe.
  8. #8
    Sophie Pedophile Tech Support
    Originally posted by ⠀⠀⠀⠀⠀⠀ Obfuscate the IFRAME injection with HEX maybe.

    It's not a matter of obfuscation or encoding unfortunately, the trouble is sandboxing and process isolation. You could crash a tab through some shenanigans, but i want to crash the browser entirely.
  9. #9
    Browsers crash on their own, so simply investigate why they do and replicate.
  10. #10
    Sophie Pedophile Tech Support
    Originally posted by ⠀⠀⠀⠀⠀⠀ Browsers crash on their own, so simply investigate why they do and replicate.

    I might, but reverse engineering a browser is no trivial task.
  11. #11
    Lanny Bird of Courage
    Originally posted by Sophie Could you elaborate a little on IPC, i am vaguely familiar with the term. I might be more familiar with the concept but IPC as a term isn't something i hear too often.

    Other than that, the things you mentioned are why i figured i'd make a thread to ask. :\

    "Inter-Process Communication", it's just a catchall term for how processes communicate with each other (on the same machine). In a browser's case it's _probably_ domain sockets but IDK. The particular mechanism isn't too important, the central point is that if you want to escape your tab's sandbox you need to exploit not what you can do within the tab's process, but what you can make other shared process do by communicating with them.

    Originally posted by ⠀⠀⠀⠀⠀⠀ You could lure them to your webserver and create an IFRAME which sits as an overlay over the scroll bar, so when they go to grab the scrollbar, it won't move, but the IFRAME will, and when they release the IFRAME onto the current browser window, you could run further CODE through the IFRAME.

    Retarded. You have no idea what an iframe is as evidenced by you thinking there is any point in instantiating one to run some code when a user is already sitting on your webpage.

    Originally posted by ⠀⠀⠀⠀⠀⠀ Obfuscate the IFRAME injection with HEX maybe.

    Further proof of retardation. "durrr, hide it with 1337speak HEX like a HAXOR does". You're like a child that sees adults do things and tries to mimic how they look without even the most basic understanding of what the point is.
  12. #12
    Originally posted by Lanny "Inter-Process Communication", it's just a catchall term for how processes communicate with each other (on the same machine). In a browser's case it's _probably_ domain sockets but IDK. The particular mechanism isn't too important, the central point is that if you want to escape your tab's sandbox you need to exploit not what you can do within the tab's process, but what you can make other shared process do by communicating with them.



    Retarded. You have no idea what an iframe is as evidenced by you thinking there is any point in instantiating one to run some code when a user is already sitting on your webpage.



    Further proof of retardation. "durrr, hide it with 1337speak HEX like a HAXOR does". You're like a child that sees adults do things and tries to mimic how they look without even the most basic understanding of what the point is.

    That didn't scare me.
  13. #13
    Ok, what if you hacked into the router and disabled the firewall and set it to passthrough and then used a port scanner to find out what ports the browser was running on and then flooded the ports with requests? That would at least freeze up the browser.
  14. #14
    Lanny Bird of Courage
    Originally posted by ⠀⠀⠀⠀⠀⠀ port scanner to find out what ports the browser was running on

    Continuing to demonstrate the lack of a basic understanding of how browsers, and networked computers in general, work.
  15. #15
    Originally posted by Lanny Continuing to demonstrate the lack of a basic understanding of how browsers, and networked computers in general, work.

    off topic but do you fingerprinting our browsers ?

    if not why cant images be uploaded without fingerprinting enabled.
  16. #16
    Originally posted by Lanny Continuing to demonstrate the lack of a basic understanding of how browsers, and networked computers in general, work.

    Settle down, kid.
  17. #17
    Sophie Pedophile Tech Support
    Originally posted by vindicktive vinny off topic but do you fingerprinting our browsers ?

    if not why cant images be uploaded without fingerprinting enabled.

    If you're concerned with browser fingerprints you need to change your headers, disable javascript and get a HTML5 Canvas blocker.

    Or just use Tor.
  18. #18
    Lanny Bird of Courage
    Originally posted by vindicktive vinny off topic but do you fingerprinting our browsers ?

    if not why cant images be uploaded without fingerprinting enabled.

    No and I’m not sure what “fingerprinting enabled” means. The only place you can upload images on the site is avatars.
  19. #19
    Originally posted by Sophie If you're concerned with browser fingerprints you need to change your headers, disable javascript and get a HTML5 Canvas blocker.

    Or just use Tor.

    yes im using tor and because of that i cant upload images. to this site or others.
  20. #20
    Originally posted by Lanny No and I’m not sure what “fingerprinting enabled” means. The only place you can upload images on the site is avatars.

    theres an option in mozilla browser to enable or disable this "fingerprinting" thing.

    and yes, theres a reason my avatar is blank after you deleted my avatar until now.
Jump to Top