0

I've been trying to break this up for a few hours now but with no success... I am pretty desperate now :(

I am doing penetration testing for a company and I need to bypass this frame killer JS:

'

<style/>body{display:none;}</style>
<script>
  if (self.location === top.location) {
    var theBody = document.getElementsByTagName('body')[0];
    theBody.style.display = "block";
  } else {
    if(self.location.hostname===top.location.hostname)
    {   
        //allow framing if it's in same domain
        var theBody = document.getElementsByTagName('body')[0];
        theBody.style.display = "block";
    }
    else
    {
        top.location=self.location;
    }
  }  
</script>`

Thank you.

Adhikar Patil
  • 33
  • 6
  • You can try to add this `window.onunload = window.onbeforeunload = function() { return 'are you sure?'; }` to the top frame, so it will display a prompt box that will allow you to cancel the redirect from the child – Alon Eitan May 25 '16 at 12:39
  • Thanks @AlonEitan , but the content of body tag is disabled using `body{display:none;}` this code . Is it possible to override that style from top window? – Adhikar Patil May 26 '16 at 05:16
  • You can try - after the the iframe has been loaded - run this `$('iframe').contentDocument.body.style.display = 'block'` – Alon Eitan May 26 '16 at 14:32
  • take a look on this - http://stackoverflow.com/questions/12199797/why-is-iframe-contentwindow-null this is how you should get to the body of the iframe from the top window and change its style – Alon Eitan May 30 '16 at 08:43
  • have you try that at you side? because it's not working at my side – Adhikar Patil Jun 21 '16 at 12:27
  • Sorry, this is way too delayed conversation for me. Good luck – Alon Eitan Jun 21 '16 at 12:29
  • Ok, Thanks for all your effort – Adhikar Patil Jun 22 '16 at 12:55

0 Answers0