Facebook is trying to block the developer console in Chrome
Some users after launching the Developer Tools in Chrome browser on Facebook receive a warning in capital letters: “Be careful! This browser feature is for developers only. ”
With the help of such a message, Facebook wants to prevent the execution of code in the console by illiterate users.
Auto-completion is also blocked.
')
It used to be that the browser console could not be blocked by the server, but Facebook is trying to do it. One of the developers of Facebook explains : this is an experiment that acts for a portion of the Facebook audience. The fact is that recently cases of self-XSS attacks on Facebook have become more frequent when an attacker using social engineering persuades Chrome users to run malicious code in the console. To do this, the user must literally press a couple of hotkeys (Ctrl + Shift + J) and Enter.
As shown in the video, the victim does the XSS himself. To protect poorly educated users, Facebook and trying to intercept the launch of the console by referring to
With the help of such a message, Facebook wants to prevent the execution of code in the console by illiterate users.
Auto-completion is also blocked.
')
It used to be that the browser console could not be blocked by the server, but Facebook is trying to do it. One of the developers of Facebook explains : this is an experiment that acts for a portion of the Facebook audience. The fact is that recently cases of self-XSS attacks on Facebook have become more frequent when an attacker using social engineering persuades Chrome users to run malicious code in the console. To do this, the user must literally press a couple of hotkeys (Ctrl + Shift + J) and Enter.
As shown in the video, the victim does the XSS himself. To protect poorly educated users, Facebook and trying to intercept the launch of the console by referring to
console._commandLineAPI . Object.defineProperty(console, '_commandLineAPI', { get : function() { throw 'Nooo!' } }) Source: https://habr.com/ru/post/212329/
All Articles