Conference:  Global AppSec Dublin 2023

Authors: Gil Cohen, Omri Inbar

2023-02-16

Two vulnerable websites which were found to be vulnerable to CRLF injection, caused Google Chrome to behave differently. This trigged an exciting research journey ending in finding weaknesses in reverse proxies, Chrome and other browsers as well as a new hacking technique named Frontend server hijacking or Frontjacking in short. Frontjacking combines CRLF injection, poorly configured servers and shared hosting, enables attackers to execute any reflected XSS and phishing related payloads while bypassing any defensive mechanisms including CSP (Content Security Policy), HttpOnly cookie attributes, WAFs (Web Application Firewalls), CORS (Cross Origin Resource Sharing) and HTTPS certificate validation.