-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathindex.html
133 lines (114 loc) · 5 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
<!DOCTYPE html>
<html>
<head>
<!-- Putting this inline and at the top level
so that it gets executed as early as possible.
Same in iframe-webrtc-test.html -->
<script>globalThis.__capturedWebRTCObj = RTCPeerConnection;</script>
<meta charset="utf-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="styles.css" />
<!-- debugging -->
<script src="js/eruda.min.js"></script>
<script>eruda.init();</script>
<script src="webxdc.js"></script>
<script src="js/utils.js"></script>
</head>
<body>
<div class="card" id="realtime-output"></div>
<script src="js/realtime.js"></script>
<div class="card" id="cookies-output"></div>
<script src="js/cookies.js"></script>
<div class="card" id="storage-output"></div>
<script src="js/storage.js"></script>
<div class="card" id="uploads-output"></div>
<script src="js/uploads.js"></script>
<div class="card" id="import-export-output"></div>
<script src="js/import-export.js"></script>
<div class="card" id="unload-output"></div>
<script src="js/unload.js"></script>
<div class="card" id="navigator-output"></div>
<script src="js/navigator.js"></script>
<div class="card" id="update-api-output"></div>
<script src="js/update-api.js"></script>
<div class="card" id="races-output"></div>
<script src="js/races.js"></script>
<div class="card" id="wasm-output"></div>
<script src="js/wasm.js"></script>
<div class="card" id="camera-access"></div>
<script src="js/media-access.js"></script>
<iframe id="iframe-regular" style="display: none"></iframe>
<iframe id="iframe-allow-same-origin" sandbox="allow-same-origin" style="display: none"></iframe>
<div class="card" id="webrtc-output"></div>
<script src="js/webrtc.js"></script>
<iframe src="./iframe-webrtc-test.html" sandbox="allow-scripts" width="100%" height="200"></iframe>
<!-- DNS prefetch check, originally developed by Cure53
and distributed as "Cure53 Test App - DNS checker" app.
See https://delta.chat/en/2023-05-22-webxdc-security#dns-prefetching-marks-another-exploit. -->
<div class="dns-prefetch-output">
<header class="container">
<h2>DNS Prefetch</h2>
</header>
<div class="container">
<section>
<p>Usage instructions:</p>
<ol>
<li>
Navigate to
<a href="https://dig.pm/">https://dig.pm/</a>
and click Get Sub Domain.
</li>
<li>Input the subdomain from Step 1.</li>
<li>Click all 3 of the buttons.</li>
<li>Click Get Results on https://dig.pm/.</li>
<li>Observe the DNS lookup record.</li>
</ol>
<p>
Also see
<a href="https://public.opentech.fund/documents/XDC-01-report_2_1.pdf">the audit</a>
and
<a href="https://delta.chat/en/2023-05-22-webxdc-security">the blog post</a>.
</p>
</section>
<p>You can also utilize Wireshark, then https://dig.pm/ is not needed.</p>
<input
id="dns-prefetch-domain-input"
type="text"
placeholder="abc.example.com"
required
/>
<br>
<button
type="button"
onclick="dnsPrefetchUpdateLocation()"
>Update top.location</button>
<br>
<button
type="button"
onclick="dnsPrefetchAddIframe()"
>Add iframe</button>
<br>
<button
type="button"
onclick="dnsPrefetchAddPrefetch()"
>Add <link dns-prefetch></button>
<br>
<iframe id="dns-prefetch-frame"></iframe>
</div>
</div>
<script src="js/dns-prefetch.js"></script>
<div class="card">
<header class="container"><h2>Webxdc Status Update Tests</h2></header>
<div class="container">
<a href="./duplicated_updates_race.html">
Duplicated Status Updates Race Test
</a>
</div>
</div>
<div class="card" id="links-output"></div>
<script src="js/links.js"></script>
<div class="card" id="info-output"></div>
<script src="js/info.js"></script>
</body>
</html>