Websocket connections does not check iframe parents
RaulDoyensec opened this issue · 0 comments
RaulDoyensec commented
When the websocket is created, it does not check if it has a parent windows to check if its inside an iframe. For that reason, when exploiting XSS, it will create two different "hooked browsers", one of them will not be able to use visual mode.
Also, as the proxy works using iframes, those iframes will create also another "hooked browser".