I got to take a quick look at some Safari stuff at work a few days ago, and came away with a few notes that I thought might interest people about Safari:
Cross-Site Cooking works the same way as it does in Firefox 2.0, namely it
works just as the RFC describes and we can set cookies for .co.uk, .com.au,
etc.
HttpOnly is not supported.
Safari parses Set-Cookie headers like the RFC says, which means that cookies
are comma separated (no other browsers seem to do this), which means that in
ASP.NET and JSP, when you use the framework's method of setting cookies and
you let the user control the value, they can inject arbitrary cookies by
specifying something like ", arbitrary_name=arbitrary_value" as the cookie
value.
Referers are not leaked from https to http, but are leaked from one https
site to another https site.
The safari cache (at lest on windows) is an SQLite database where all the
data is double hex encoded; it looks something like X'aabbccddeeff, etc, and
when you strip the first two chars and decode it you get another blob which
looks identical to the first one, which you then need to decode the same way
and you get an XML document with the data, I wrote this dodgy PHP function
to do the conversion for me: (you need to call it twice on the blob you
extract from the database)
function decode_blob ($blob) {
$ret = "";
for ($i=2,$c=strlen($blob);$i<$c;$i+=2) {
$ret .= chr(hexdec ($blob[$i].$blob[$i+1]));
}
return $ret;
}
On the iPhone (emulator at least; I didn't get to use an actual iPhone), the
last character of the password field is shown before you type the next one
in (and untill the field loses focus); this makes sense since it's hard to
type on iPhones, but it's still curious.
Safari on the iPhone (emulator, again) doesn't seem to actually close, so
unless you close the emulator (I'm assuming this is equivalent to turning
off your iPhone; if that's even possible), all session cookies persist.
Hope that helps someone.
Posted by kuza55
[Ph4nt0m] <http://www.ph4nt0m.org/>
[Ph4nt0m Security Team]
<http://blog.ph4nt0m.org/> [EMAIL PROTECTED]
Email: [EMAIL PROTECTED]
PingMe:
<http://cn.pingme.messenger.yahoo.com/webchat/ajax_webchat.php?yid=hanqin_wu
hq&sig=9ae1bbb1ae99009d8859e88e899ab2d1c2a17724>
=== V3ry G00d, V3ry Str0ng ===
=== Ultim4te H4cking ===
=== XPLOITZ ! ===
=== #_# ===
#If you brave,there is nothing you cannot achieve.#
--~--~---------~--~----~------------~-------~--~----~
要向邮件组发送邮件,请发到 [email protected]
要退订此邮件,请发邮件至 [EMAIL PROTECTED]
-~----------~----~----~----~------~----~------~--~---
<<inline: image001.gif>>
