1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Iframe Src Redirect Extraction

Discussion in 'Cloaking and Content Generators' started by merwiz, Nov 19, 2010.

  1. merwiz

    merwiz BANNED BANNED

    Joined:
    Nov 17, 2010
    Messages:
    18
    Likes Received:
    0
    Here is a question for all the great minds. I have thought of a new idea for something but not sure if this is even possible due to cross site restrictions.

    Basically lets say I create an iframe on siteA. On siteA I set the iframe src to siteB. When I goto siteA and it loads the iframe up, siteB does a redirect to siteC. Now on siteA is it possible to grab the siteC url as now the iframe src value has changed to siteC. Or because of cross domain restrictions, if I attempt to read the iframe src address, all that will return is siteB's address.

    Hope that is clear enough.
     
  2. JerrodMJames

    JerrodMJames Newbie

    Joined:
    Nov 27, 2010
    Messages:
    16
    Likes Received:
    2
    what do you mean by that? generating traffic using iframe?
     
  3. hyp959

    hyp959 Registered Member

    Joined:
    Feb 20, 2008
    Messages:
    53
    Likes Received:
    78
    Occupation:
    CEO
    you can use cookies for tracking.....
     
  4. iluvvegas

    iluvvegas Regular Member

    Joined:
    Apr 12, 2008
    Messages:
    320
    Likes Received:
    67
    Occupation:
    B2b lead generation, Digital marketing
    Location:
    Mountain View, California
    i think he means by this... i wrote a post earlier how this one site is generating off my browser...i am too trying to figure it out how they do it... i dont want to really get rid of it.. but learned how they do it... but it seems it does it by cookies...

    Code:
    http://www.blackhatworld.com/blackhat-seo/general-scripting-chat/257111-script-affected-my-firefox-browser.html
    
     
  5. Grizzy

    Grizzy Senior Member

    Joined:
    Nov 11, 2008
    Messages:
    919
    Likes Received:
    999
    Document.getElementById('yourframe').src will return siteB (no matter where it redirects to) and something like document.getElementById('yourframe').contentWindow.location.href will return a permission denied error in the console. Same origin policy prevents this becuase it would be a massive security hole. This shouldn't be possible, but of course no browser is perfect..