Merge pull request phonedude#27 from antonrasmussen/main

Assignment 4 Completion - Anton Rasmussen
jim-ecker · Nov 10, 2024 · 5d7291d · 5d7291d
2 parents 88d0a47 + fc8430b
commit 5d7291d
Show file tree

Hide file tree

Showing 209 changed files with 8,821 additions and 0 deletions.
diff --git a/assignments/Rasmussen/4/README.md b/assignments/Rasmussen/4/README.md
diff --git a/assignments/Rasmussen/4/data/[email protected] b/assignments/Rasmussen/4/data/[email protected]
@@ -0,0 +1,100 @@
+4shared.com
+abcnews.go.com
+alibaba.com
+aliexpress.com
+aol.com
+apache.org
+apple.com
+arxiv.org
+biblegateway.com
+biglobe.ne.jp
+bloomberg.com
+booking.com
+britannica.com
+buzzfeed.com
+cambridge.org
+cnil.fr
+cnn.com
+cointernet.com.co
+com.com
+cpanel.net
+discord.com
+disqus.com
+doi.org
+drive.google.com
+dropbox.com
+ea.com
+elmundo.es
+espn.com
+feedburner.com
+forms.gle
+g.co
+get.google.com
+gfycat.com
+globo.com
+godaddy.com
+gofundme.com
+goo.ne.jp
+goodreads.com
+google.ru
+gravatar.com
+gsmarena.com
+guardian.co.uk
+hatena.ne.jp
+hindustantimes.com
+hp.com
+ign.com
+ikea.com
+imageshack.us
+independent.co.uk
+jhu.edu
+jstor.org
+justgiving.com
+latimes.com
+liberation.fr
+linkedin.com
+mailchimp.com
+marca.com
+naver.com
+news.com.au
+npr.org
+nytimes.com
+offset.com
+oup.com
+outlook.com
+ovhcloud.com
+people.com
+php.net
+pinterest.fr
+pl.wikipedia.org
+play.google.com
+playstation.com
+plos.org
+prezi.com
+pt.wikipedia.org
+reverbnation.com
+sakura.ne.jp
+samsung.com
+search.yahoo.com
+sina.com.cn
+spiegel.de
+support.google.com
+thefreedictionary.com
+theverge.com
+usgs.gov
+vistaprint.com
+walmart.com
+webmd.com
+webnode.page
+whitehouse.gov
+wikimedia.org
+wordpress.org
+wp.com
+www.gov.uk
+www.over-blog.com
+www.wix.com
+www.yahoo.com
+yadi.sk
+ytimg.com
+zendesk.com
+zippyshare.com
diff --git a/assignments/Rasmussen/4/data/ARASM002_test b/assignments/Rasmussen/4/data/ARASM002_test
@@ -0,0 +1,10 @@
+http://www.4shared.com
+http://www.abcnews.go.com
+http://www.alibaba.com
+http://www.aliexpress.com
+http://www.aol.com
+http://www.apache.org
+http://www.apple.com
+http://www.arxiv.org
+http://www.biblegateway.com
+http://www.biglobe.ne.jp
diff --git a/assignments/Rasmussen/4/frame-path-attack/attacker-page/attacker.html b/assignments/Rasmussen/4/frame-path-attack/attacker-page/attacker.html
@@ -0,0 +1,61 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <title>Cookie Security Demo - Attacker Page</title>
+    <style>
+        iframe {
+            width: 100%;
+            height: 200px;
+            border: 1px solid #ccc;
+        }
+        .result {
+            margin-top: 20px;
+            padding: 10px;
+            background-color: #f8f8f8;
+            border: 1px solid #ddd;
+        }
+        .stolen {
+            color: #d63031;
+            font-weight: bold;
+        }
+    </style>
+</head>
+<body>
+    <h1>Cookie Security Demo</h1>
+    <p>This page demonstrates how cookies can be stolen from an iframe when only using Path attribute.</p>
+
+    <h3>Vulnerable iframe:</h3>
+    <iframe src="/frame-path-attack/vulnerable-page" id="vulnerableFrame"></iframe>
+
+    <div class="result">
+        <h3>Stolen Cookies:</h3>
+        <pre id="cookieDisplay"></pre>
+    </div>
+
+    <script>
+    // Listen for messages from the iframe
+    window.addEventListener('message', function(event) {
+        if (event.data.type === 'cookies') {
+            const cookies = event.data.cookies;
+            let formattedCookies = '';
+
+            if (cookies) {
+                formattedCookies = cookies.split(';')
+                    .map(cookie => cookie.trim())
+                    .map(cookie => {
+                        if (cookie.includes('serverSecret')) {
+                            return `<span class="stolen">${cookie}</span>`;
+                        }
+                        return cookie;
+                    })
+                    .join('\n');
+            } else {
+                formattedCookies = 'No cookies found';
+            }
+
+            document.getElementById('cookieDisplay').innerHTML = formattedCookies;
+        }
+    });
+    </script>
+</body>
+</html>
diff --git a/assignments/Rasmussen/4/frame-path-attack/vulnerable-page/vulnerable.html b/assignments/Rasmussen/4/frame-path-attack/vulnerable-page/vulnerable.html
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <title>Cookie Security Demo - Vulnerable Page</title>
+</head>
+<body>
+    <h2>Vulnerable Page (iframe content)</h2>
+    <p>This page sets a cookie with only Path attribute protection.</p>
+    <script>
+        // Periodically send cookies to parent window
+        setInterval(() => {
+            window.parent.postMessage({
+                type: 'cookies',
+                cookies: document.cookie
+            }, '*');
+        }, 1000);
+    </script>
+</body>
+</html>
diff --git a/assignments/Rasmussen/4/frameable/4shared.com.html b/assignments/Rasmussen/4/frameable/4shared.com.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>4shared.com</title>
+    <style>
+        body {
+            font-family: Arial, sans-serif;
+            text-align: center;
+        }
+        iframe, .not-frameable {
+            width: 80%;
+            height: 600px;
+            border: 1px solid #ccc;
+            margin: 20px auto; /* Center the box */
+        }
+        .not-frameable {
+            display: flex;
+            align-items: center;
+            justify-content: center;
+            color: red;
+            font-size: 24px;
+        }
+        .bypass-demo h3 {
+        margin: 10px 0;
+        color: #666;
+        }
+        .bypass-demo iframe {
+            width: 100%;
+            height: 300px;
+            margin-bottom: 20px;
+        }
+
+    </style>
+</head>
+<body>
+    <h1>4shared.com</h1>
+    <iframe src="https://4shared.com" frameborder="0"></iframe>
+</body>
+</html>
diff --git a/assignments/Rasmussen/4/frameable/abcnews.go.com.html b/assignments/Rasmussen/4/frameable/abcnews.go.com.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>abcnews.go.com</title>
+    <style>
+        body {
+            font-family: Arial, sans-serif;
+            text-align: center;
+        }
+        iframe, .not-frameable {
+            width: 80%;
+            height: 600px;
+            border: 1px solid #ccc;
+            margin: 20px auto; /* Center the box */
+        }
+        .not-frameable {
+            display: flex;
+            align-items: center;
+            justify-content: center;
+            color: red;
+            font-size: 24px;
+        }
+        .bypass-demo h3 {
+        margin: 10px 0;
+        color: #666;
+        }
+        .bypass-demo iframe {
+            width: 100%;
+            height: 300px;
+            margin-bottom: 20px;
+        }
+
+    </style>
+</head>
+<body>
+    <h1>abcnews.go.com</h1>
+    <iframe src="https://abcnews.go.com" frameborder="0"></iframe>
+</body>
+</html>
diff --git a/assignments/Rasmussen/4/frameable/alibaba.com.html b/assignments/Rasmussen/4/frameable/alibaba.com.html
@@ -0,0 +1,47 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>alibaba.com</title>
+    <style>
+        body {
+            font-family: Arial, sans-serif;
+            text-align: center;
+        }
+        iframe, .not-frameable {
+            width: 80%;
+            height: 600px;
+            border: 1px solid #ccc;
+            margin: 20px auto; /* Center the box */
+        }
+        .not-frameable {
+            display: flex;
+            align-items: center;
+            justify-content: center;
+            color: red;
+            font-size: 24px;
+        }
+        .bypass-demo h3 {
+        margin: 10px 0;
+        color: #666;
+        }
+        .bypass-demo iframe {
+            width: 100%;
+            height: 300px;
+            margin-bottom: 20px;
+        }
+
+    </style>
+</head>
+<body>
+    <h1>alibaba.com</h1>
+
+                        <div class="bypass-demo">
+                            <h3>Original (Blocked):</h3>
+                            <iframe src="https://alibaba.com" frameborder="0"></iframe>
+                            <h3>Bypass using proxy:</h3>
+                            <iframe src="/proxy?url=https%3A%2F%2Falibaba.com" frameborder="0"></iframe>
+                        </div>
+</body>
+</html>
diff --git a/assignments/Rasmussen/4/frameable/aliexpress.com.html b/assignments/Rasmussen/4/frameable/aliexpress.com.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>aliexpress.com</title>
+    <style>
+        body {
+            font-family: Arial, sans-serif;
+            text-align: center;
+        }
+        iframe, .not-frameable {
+            width: 80%;
+            height: 600px;
+            border: 1px solid #ccc;
+            margin: 20px auto; /* Center the box */
+        }
+        .not-frameable {
+            display: flex;
+            align-items: center;
+            justify-content: center;
+            color: red;
+            font-size: 24px;
+        }
+        .bypass-demo h3 {
+        margin: 10px 0;
+        color: #666;
+        }
+        .bypass-demo iframe {
+            width: 100%;
+            height: 300px;
+            margin-bottom: 20px;
+        }
+
+    </style>
+</head>
+<body>
+    <h1>aliexpress.com</h1>
+    <div class="not-frameable">Website was not frameable</div>
+</body>
+</html>