1

Occasionally I see links like the following (don't visit this on your main computer) that I am redirected to on Google. The back button will either redirect back to the page, or some other questionable content. These pages are almost always some scam or phishing attempt, and I wonder how exactly do they "disable" the back button functionality? I can long press the back button to view a long list of the same exact link (this is a screenshot on Imgur), and eventually the search page is listed at the bottom (omitted for my privacy).

How do websites pull this back button hijacking off? And why does it not appear on actual search history? Is there any way to recognize this happening in the browser backend?

Expectator
  • 171
  • 4
  • [Google is working on a fix to kill back button hijacking](https://www.zdnet.com/article/google-working-on-blocking-back-button-hijacking-in-chrome/). – defalt Jan 06 '19 at 10:42

1 Answers1

1

They do not "disable" back button functionality, there is HTML5 API to manipulate the browser history. The specified site uses this functionality as could be seen in https://your-luckychance.com/media/gambling/backbutton_gmb.js

Security-wise, there are certain limitations to this API, notably you can only add entries redirecting to the same origin.

As far as I know, there is no way to recognize this happening in the browser.

George Y.
  • 3,504
  • 2
  • 10
  • 15