Tests for address bar spoofing with window.open()

Main page

These tests make sense if native UIWebView's window.open() is overridden and if cross-tab document.write is supported.

The first half of these tests is related to switching focus between windows - this may be connected with one of the spoofing attacks tested on the next page. The second half is quite similar to UXSS tests - but take a look at address bar vs content.

Test case: Is window.focus() overridden?

If window.focus() is overridden, it may be potentially used for switching focus during spoofing attacks, quite handy.

If focus switched to original window after alerting the test result, window.focus() worked. I assume the alert was shown over www.example.com, if not then this test did not work as intended.

Test case: Does window.open().close() switch focus?

window.open().close() is an alternative to window.focus() sometimes.

If focus switched to original window after 2 seconds, window.open().close() can be used to switch focus (and popup blocking does not work, too).

Test case: Can window.open() be called multiple times on single user touch?

If two new windows were opened, it can. Also handy for hiding a window before we complete spoofing attack.

Test case: Does any popup blocker exist at all?

After your click, new window will be opened after 5 second delay. If it works, it seems there is no popup blocker in place.

Test case: document.write to http://www.example.com (immediate)

This is a basic attempt at address bar spoofing against HTTP site.

Test case: document.write to https://www.apple.com (immediate)

This is a basic attempt at address bar spoofing against SSL site.

Test case: document.write to https://www.apple.com (delayed)

In this test case, the attempt is delayed 5 seconds. The result may be different depending on whether the target website was previously cached locally or not.

Test case: document.write to https://www.apple.com (redirected through about:blank, 1ms)

Test case: document.write to https://www.apple.com (redirected through about:blank, 5s)

Please wait 5-6 seconds for the result.

The next page: tests for address bar spoofing in a single UIWebView.