Cure53
_Note: This issue technically affects FreeDOM. Please move the issue if necessary._ Freedom.js uses Web workers to isolate freedom contexts from each other and prevent them from directly accessing the...
An attacker can effectively cause a full denial of service to a victim’s access to the Internet. The attacker can achieve this by offering access to the victim, and while...
The module `sas-rtc` is designed to authenticate uProxy connections by letting the users exchange and verify their SDP fingerprints. Because the full fingerprint is too long to exchange it by...
The following issue was discovered while attempting to build code in the uproxy-obfuscators _repository.Nodejs_, when searching for a module, will traverse the filesystem upwards until it finds the module. For...
The reliance on WebRTC makes the uProxy networking samples, and uProxy in general, follow a very clear traffic pattern sequence, which facilitates traffic identification, blocking and potentially other MiTM attacks....
Once the UDP connection and WebRTC handshake is successfully established, uProxy sends a great number of UDP packets which follow a predictable pattern: - Packet protocol: UDP (i.e. not DTLS)...
There are various data leaks in browsers that let websites determine the true IP address of visitors. As mentioned in the threat analysis doc, this can be used by a...
The files _rtc-to-net.ts_ and _socks-to-rtc.ts_ loop over an array that is received over the network as JSON - without checking that the array is not actually an object. By supplying...
HTTP responses with appropriate headers are kept in the browser cache even after uProxy has been turned off. If the uProxy-serving device performs a MitM attack on HTTP traffic of...
Heya, strangely, in this file, Flashbang cannot see the Flashvars. It needs to be noted, that other decompilers and tools have similar issues. http://s3.amazonaws.com/avlidienbrunn/wheres_the_xss.swf Can we specify what is happening...