Skip to content
/ BackButtonAbuse Public

This is a Proof of Concept on how the browser back button can be abused to mislead a user.

1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ToTheMax/BackButtonAbuse

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
fake-site
fake-site
 
 
README.md
README.md
 
 
home-evil.html
home-evil.html
 
 
home.html
home.html
 
 
page.html
page.html
 
 

Repository files navigation

BackButtonAbuse

This is a Proof of Concept on how the browser back button can be abused to mislead a user.

Use Case

  • The user visits for example google.com and finds a link to our page
  • The user clicks on the link, gets sent to our website, but then presses the browsers back button
  • The user thinks that he is back at google.com again, instead he is still on our (phishing?) page

Fixes

The trick works for most browsers, only Chrome fixed this by requiring the user to first do a user interaction (i.e. a mouseclick). Therefore this script checks whether the page was accessed through a Chrome browser and then creates a fake cookie popup to make the user click.

Try it yourself

Visit the demo here 👉 here 👈 and try to click the back button

Resources

About

This is a Proof of Concept on how the browser back button can be abused to mislead a user.

Topics

hacktoberfest

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages