Hacker News new | ask | show | jobs
Show HN: Iframetest.com (iframetest.com)
8 points by tonysurfly 255 days ago
3 comments
soulchild37 251 days ago
Good tool, but I am sure there will be a lot of bounty beggar who will use this tool to automate scanning for vulnerable small blogs / website for iFrame / clickjacking , and then send email to the website owner saying they have discovered "high impact security issue" and begging for bounty.
link
cadamsdotcom 249 days ago
I see you have invented the hammer.

Unfortunately I predict many people using it to clock one another over the head.

link
jdelman 251 days ago
This is cool. I noticed that, after testing a few URLs, hitting the back button in my browser popped some state to load the previous iframe URL, but the URL of the whole page itself didn't change. It would be nice if the URL had a query param to reflect the currently shown iframe URL.
link
tonysurfly 249 days ago
thanks, will add url param too
link
DoctorOW 251 days ago
> Client-Side Only: The iframe embedding test runs entirely in your browser. No URLs are sent to external servers.

Except isn't one of the tests through a proxy or whatever Webfuse is?

Also, what is Webfuse?

link
js4ever 251 days ago
Webfuse is the product secretly advertised in that iframe tester. It seems to be a solution to proxy and manipulate iframes
link
unsnap_biceps 251 days ago
Yes, it sends the url to webfuse.com for the proxy test and to a ws21.webfuse.com host for a session data that also contains the url. They also open a web socket to ws21.webfuse.com that also contains the url.

Ooh, and to example-org-p.webfuse.com to actually fetch the content for the proxy.

It's totally a lie that URLs are processed client-side only.

link
tonysurfly 249 days ago
We sell augmented web proxy - and this website was built to demonstrate one of the use case of Webfuse, embed anything.

Regarding the about section, it has not been updated after the first version, indeed proxy test isn't client side only.

link