IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [web-browser]

A web browser is an application which uses HTTP and related protocols to retrieve HTML and XML data from servers. As the web has become a critical source of information and communication, web browsers have become a critical component in information request, transfer and management.

1603 questions
0
votes
3 answers

How can clicking on a URI infect a host?

I watched a generic information security awareness presentation earlier, in which all that was required for the presenter to penetrate an organisation (with a meterpreter/reverse shell), was for someone on the inside to click, or type (or otherwise…
voices
  • 1,649
  • 7
  • 22
  • 36
0
votes
1 answer

Secure authentication on SPA/Javascript application with “remember me” support

I have 3 website projects as follows; identity.example.com (asp.netcore + IdentityServer4) api.example.com (asp.netcore webapi) www.example.com (asp.netcore + aurelia) I am able to authenticate the user using SPA user-agent using implicit grant…
Hasan
  • 101
  • 4
0
votes
1 answer

Distinguishing Between Brute force and Crawlers in error reporting

I have been receiving a great many emails recently reporting issues within my website that, when gone back and looked up, have been reported as being Brute force attacks. Upon further inspection of their location. I have noticed a great deal of them…
Joshua
  • 157
  • 5
0
votes
2 answers

Restore session in Firefox

Restore session in Firefox What does this mean, is it related to the session concept which is stored on the web server? If I stop the computer with my web-app, and then start it again before the timeout set on the session on the server expires,…
Anyname Donotcare
  • 265
  • 2
  • 8
0
votes
1 answer

Download webcrawler output from Dirbuster

Hello security experts, I've made a wordlist to search some content on a specific webserver. DirBuster found a list of 500 images, is there a way to download them all on my computer. Kind regards
user3657270
  • 3
  • 1
0
votes
1 answer

Do I still use HTTPS when I search from the URL bar in Firefox?

If I go to the homepage of the search engine I use, I can see the green lock to the left of the URL bar which indicates that I use HTTPS. Then when I input a search query in the box on the homepage, I get results, still over HTTPS. But I also set it…
user136370
  • 41
  • 2
0
votes
1 answer

Which URL schemes are dangerous (XSS exploitable)?

I know that a blacklist approach to URL filtering isn't the most secure, but let's say that in addition to this filtering we're also rewriting all untrusted links to go through a redirect page that warns the user about the risks, and that we're…
Changaco
  • 101
  • 5
0
votes
2 answers

How to mimick malicious activity in a network?

I'm trying to setup a VM that will try to mimick malicious web browsing behavior. It should download malware and just get infected. There are a lot of open source threat intel feeds with bad IPs and URLs. Is there a way to have it visit malicious…
Bilal
  • 1
0
votes
1 answer

Implementation of a FREE web filter

I just want some advice for the implementation of a web filter for a school network. Just want to block some contents and url. A free tool should be fine I guess. Any recommendations? Thanks!
FrozenButcher
  • 121
  • 1
  • 6
0
votes
1 answer

Does Google Chrome read the contents of screen

Lately I noticed that whenever I'm reading an article and I want to search something I read there, as I'm typing the keyword, Chrome autofills it. For example, I was reading a reddit post and someone mentioned the game Dungeons and Dragons. I opened…
Neerkoli
  • 123
  • 4
0
votes
1 answer

Theoretical and practical limits on adblocking

Not sure if this is the right SE, feel free to migrate if necessary. My question is simple: the only way for a web server to detect if you are adblocking is to see if the ads were actually served, since once they're client-side it's trivial to just…
Elliot Gorokhovsky
  • 496
  • 3
  • 12
0
votes
0 answers

From where can I get latest security bug fixes list/details implemented by web browsers?

Every now and then a new vulnerability is discovered in web browsers. Some get fixed with time, some don't (maybe because of dependencies). From where can I get the report of latest bugs fixed or pending?
mfs
  • 531
  • 1
  • 6
  • 9
0
votes
2 answers

Why are all cookies with same name included when asked by server? Doesn't it raise cookie's integrity violation chances?

Cookies are set and stored as a name/domain/path to value attributes mapping, but only name-value pairs are presented to both JavaScript and web servers. This asymmetry allows cookies with the same name but different domain and/or path scopes to be…
mfs
  • 531
  • 1
  • 6
  • 9
0
votes
1 answer

Browser hijacked on Debian

Seems someone has setup something in my system. I have several ports on localhost sending outbound communications. When in Firefox I type web.whatsapp.com for whatsapp web, I get a browser re-direct. Anybody knows some good approach about cleaning…
MarkSkayff
  • 109
  • 3
0
votes
1 answer

What exactly are the keys doing in a Certificate?

I'm reading up on web security. And I'm a bit lost at a few places. First stage is the Hello phase. The client sends a message to the server telling the server, I will use these versions of SSL, and cipher suites. First question is, how exactly do…
christopher clark
  • 137
  • 5
1 2 3
99
100