mixed-content – WindowsTechs.com

Possibility of using content disposition header to bypass CORB?

Posted on July 14, 2022 by patrick jason

Consider a response with the following headers:
Content-Type: application/json;charset=UTF-8
Content-Disposition: attachment;filename=text.txt

where Content-Disposition appears first, I am able to use the content-disp in my favor as a CSR… Continue reading Possibility of using content disposition header to bypass CORB?→

Shoul I consider <a href></a> as dangerous mixed passive content?

Posted on February 21, 2021 by Maicake

From mozilla

Mixed passive/display content is content served over HTTP that is
included in an HTTPS webpage, but that cannot alter other portions of
the webpage. For example, an attacker could replace an image served
over HTTP with an ina… Continue reading Shoul I consider <a href></a> as dangerous mixed passive content?→

Is the HTTPS lock sign displayed if reasources are loaded from insecure sites?

Posted on January 31, 2021 by SRaj

We all know that if you visit a secure site which uses https, all modern browsers will show a padlock sign if it has a CA certified certificate. My questions are:

Suppose there is an image loaded in the page from an insecure site (for exa… Continue reading Is the HTTPS lock sign displayed if reasources are loaded from insecure sites?→

Browser Watch: Google Chrome to Block HTTP Downloads

Posted on February 11, 2020 by Jay Thakkar

Starting mid-2020, you won’t be able to download certain files on Chrome — here’s why Time after time, we’ve witnessed browser giants making security-related decisions that have a significant impact…
The post Browser Watch: G… Continue reading Browser Watch: Google Chrome to Block HTTP Downloads→

is passive mixed content actually exploitable?

Posted on May 31, 2019 by Tomi Begher

i see everywhere posts of people saying mixed content like images could lead to an attacker replacing the images beeing loaded from http to https, however i couldn’t exploit this after hours testing different mitm tools. Does… Continue reading is passive mixed content actually exploitable?→

Can an img with src=http be intercepted to insert onerror attribute to execute JS?

Posted on November 17, 2018 by Avery235

If a webpage contains <img src=”http://example.com” />, can a MITM attack intercept the http trafffic and return something like a” onerror=”alert(1), so that it turns the img into <img src=”a” onerror=”alert(1)” /&gt… Continue reading Can an img with src=http be intercepted to insert onerror attribute to execute JS?→

How do I let users point to their own images, yet avoid Mixed Content warnings?

Posted on June 6, 2018 by Joshua Fox

I allow users of my webapp to provide a URL for their own images. They can also provide CSS which may contain URLs to images.

If these URLs are HTTP then the browser does not show the padlock in the URL bar.

What is the best practice for… Continue reading How do I let users point to their own images, yet avoid Mixed Content warnings?→

what is content collaboration applications

Posted on April 29, 2018 by bshailendra

I just want to know the term content collaboration
applications. Anyone please answer with some example.

Regards

Shailendra

Continue reading what is content collaboration applications→

Should I be concerned about Wayback Machine trying to load scripts from unauthenticated sources?

Posted on July 8, 2017 by Steven Vascellaro

I regularly use Wayback Machine to help find archived versions of webpages that have been taken down or are other otherwise unavailable.

While using the site, I noticed a peculiar warning in Google Chrome’s address bar.

F… Continue reading Should I be concerned about Wayback Machine trying to load scripts from unauthenticated sources?→

Mixed content call every second in chrome

Posted on January 27, 2017 by Hansie

I have been getting this error in my chrome console every second and all the websites are loading very slow.

Following is the error:

(unknown) Mixed Content: The page at 'https://www.google.co.in/?gws_rd=ssl' was loaded over HTTPS, but requested an insecure prefetch resource 'http://pcmxud24uq53ja.api.bigduang.net:6532/?qi8iweaz9yem=Vm0wd2VFMUdiRmRpU…UxbFdVbFpYYlVaVVVqRmFTRlpITVhOaFZscHpZMFpTVjFaV2NGTmFSRVpEVld4Q1ZVMUVNRDA9'. This content should also be served over HTTPS.
_0x1A16F
(unknown) Mixed Content: The page at 'https://www.google.co.in/?gws_rd=ssl' was loaded over HTTPS, but requested an insecure prefetch resource 'http://y0ltydw1.api.bigduang.net:6532/?h857qw7tasnhsyzobvpp=Vm0wd2QyVkZNVWR…QxUXhjRlpYYlVaVFRWaENTbGRyV210aFZrcFdZMFpTVjFaV2NGTmFSRVpEVld4Q1ZVMUVNRDA9'. This content should also be served over HTTPS.
_0x1A16F
api.jollywallet.com/affiliate/client?dist=336&sub=brow_gr:795 Uncaught TypeError: this.add_pc is not a function
    at Object.tbView.isInBlackList (api.jollywallet.com/affiliate/client?dist=336&sub=brow_gr:795)
    at Object.tbView.start (api.jollywallet.com/affiliate/client?dist=336&sub=brow_gr:1076)
    at api.jollywallet.com/affiliate/client?dist=336&sub=brow_gr:1119
ocra1-2w3auu9iq9yw.stackpathdns.com/deal_worker.js?Y2lkPTEyMzY0N2ZlOTRjM2Fm…9dHJ1ZSZvcHNpbWlsYXI9dHJ1ZQ==&subid=yk_brow_gr&name=greatdeals&email=:1296 d1=google.co.in
ocra1-2w3auu9iq9yw.stackpathdns.com/deal_worker.js?Y2lkPTEyMzY0N2ZlOTRjM2Fm…9dHJ1ZSZvcHNpbWlsYXI9dHJ1ZQ==&subid=yk_brow_gr&name=greatdeals&email=:1306 d2=google.
/C:/Users/ham13/AppData/Local/Bigflat/User%20Data/ChromeDefaultData/Extensions/gomekmidlodglbbmalcneegieacbdmki/12.0.163_1/common/scripts/ial.js:1072 checkLinks called
VM77:3 Mixed Content: The page at 'https://www.google.co.in/?gws_rd=ssl' was loaded over HTTPS, but requested an insecure prefetch resource 'http://xy47ksr31xhnimnomw.api.bigduang.net:6532/?u8qaykk36qid=Vm0weE1GbFdiR…RHRlRiR1J5V2tjNWFGWnJjRmRaTUZwVFZqRmFWMk5HVG1GU1JWcEVWbGQ0UTFaVk1VVk5SREE5'. This content should also be served over HTTPS.
_0x1A16F @ VM77:3
VM77:3 Mixed Content: The page at 'https://www.google.co.in/?gws_rd=ssl' was loaded over HTTPS, but requested an insecure prefetch resource 'http://u2sde2fga8ftl.api.bigduang.net:6532/?eom5=Vm0wd2QyVkZNVWRpUm1ScFVtMV…JrdFRSbHBJVFZjNWFGSXhXbmxXTW5oVFZqRmFWMk5HVG1GU1JWcEVWbGQ0UTFaVk1VVk5SREE5'. This content should also be served over HTTPS.
_0x1A16F @ VM77:3
VM77:3 Mixed Content: The page at 'https://www.google.co.in/?gws_rd=ssl' was loaded over HTTPS, but requested an insecure prefetch resource 'http://rkarg7.api.bigduang.net:6532/?mn8qr2qb6jzwy=Vm0xMFlWbFdWWGhXYmtwUFZs…pGTmxiRnBJWlVVNWFGSXhXbmxXTW5SVFZqRmFWMk5HVG1GU1JWcEVWbGQ0UTFaVk1VVk5SREE5'. This content should also be served over HTTPS.
_0x1A16F @ VM77:3
VM77:3 Mixed Content: The page at 'https://www.google.co.in/?gws_rd=ssl' was loaded over HTTPS, but requested an insecure prefetch resource 'http://ijrzgmoo.api.bigduang.net:6532/?mhdv8salt3htz9=Vm0wd2QyVkZNVWRpUm1Sc…JGV1NuSlRiR2hXWVd0d1QxcEVSbUZTVmtwelZHeEthR1ZyV2tSV1ZWcFNaREZDVWxCVU1EMD0='. This content should also be served over HTTPS.
_0x1A16F @ VM77:3
VM77:3 Mixed Content: The page at 'https://www.google.co.in/?gws_rd=ssl' was loaded over HTTPS, but requested an insecure prefetch resource 'http://u6qkz3a7nfdndgj1zct.api.bigduang.net:6532/?mf1dxbb49rvx=Vm0xMFlWbFdW…VtVnNVbGhsUjBaVFRXdGFTbGRyV2t0aFZscHpZMFpTVjFaV2NGTmFSRVpEVld4Q1ZVMUVNRDA9'. This content should also be served over HTTPS.
_0x1A16F @ VM77:3
VM77:3 Mixed Content: The page at 'https://www.google.co.in/?gws_rd=ssl' was loaded over HTTPS, but requested an insecure prefetch resource 'http://gj1jldlrkswnhj3h.api.bigduang.net:6532/?g7wa1b9elcr=Vm0wd2QyVkZNVWRp…UxbFdjRmhsUjBaVFRWWndlbFpITVc5aFZrcFdZMFpTVjFaV2NGTmFSRVpEVld4Q1ZVMUVNRDA9'. This content should also be served over HTTPS.
_0x1A16F @ VM77:3
VM77:3 Mixed Content: The page at 'https://www.google.co.in/?gws_rd=ssl' was loaded over HTTPS, but requested an insecure prefetch resource 'http://pysih.api.bigduang.net:6532/?dzq32luupunex73=Vm0weE1GbFdiRmRXV0doWFl…VsZFhiR1J5VjJzNWFGWnJjRmRaTUZwVFZqRmFWMk5HVG1GU1JWcEVWbGQ0UTFaVk1VVk5SREE5'. This content should also be served over HTTPS.
_0x1A16F @ VM77:3
VM77:3 Mixed Content: The page at 'https://www.google.co.in/?gws_rd=ssl' was loaded over HTTPS, but requested an insecure prefetch resource 'http://vv4zue2wuyte9x.api.bigduang.net:6532/?di13l681nf9gx2=Vm0wd2QyVkZNVWR…VWMGFGSXhXbnBXTW5SdlZqRkplbUZJUmxWV2JIQllWbXBHYTJOc1duTlRiR1JUVFRBd01RPT0='. This content should also be served over HTTPS.
_0x1A16F @ VM77:3
VM77:3 Mixed Content: The page at 'https://www.google.co.in/?gws_rd=ssl' was loaded over HTTPS, but requested an insecure prefetch resource 'http://v4ify3tug15.api.bigduang.net:6532/?xclb75k51ppr9pj37=Vm0weE1GbFdiRmR…RIZGxiRnBJWlVkMGFGWnJjRmRaTUZwVFZqRmFWMk5HVG1GU1JWcEVWbGQ0UTFaVk1VVk5SREE5'. This content should also be served over HTTPS.
_0x1A16F @ VM77:3
VM77:3 Mixed Content: The page at 'https://www.google.co.in/?gws_rd=ssl' was loaded over HTTPS, but requested an insecure prefetch resource 'http://c65nuibyw1te8eqwt9n.api.bigduang.net:6532/?en3bju1v=Vm0xMFlWbFdWWGhX…FZeVJqWldiRkpXWWxSRmQxUnJXbUZTTWtaSldrZHdhVkpWY0ZSV1ZWcFNaREZDVWxCVU1EMD0='. This content should also be served over HTTPS.
_0x1A16F @ VM77:3
VM77:3 Mixed Content: The page at 'https://www.google.co.in/?gws_rd=ssl' was loaded over HTTPS, but requested an insecure prefetch resource 'http://cf613f76vb.api.bigduang.net:6532/?xjmcewv4s3npj3=Vm0xMFlWbFdWWGhXYmt…RHRlRiR1J5VjIwNWFGWnJjRmRaTUZwVFZqRmFWMk5HVG1GU1JWcEVWbGQ0UTFaVk1VVk5SREE5'. This content should also be served over HTTPS.
_0x1A16F @ VM77:3
VM77:3 Mixed Content: The page at 'https://www.google.co.in/?gws_rd=ssl' was loaded over HTTPS, but requested an insecure prefetch resource 'http://uqhxc.api.bigduang.net:6532/?o8z7b=Vm0weE1GbFdiRmRXV0doWFltdHdVRlpzV…IwNXNjRVZTYlVaVFZtdGFlbFpITVhOaFZrcFdZMFpTVjFaV2NGTmFSRVpEVld4Q1ZVMUVNRDA9'. This content should also be served over HTTPS.
_0x1A16F @ VM77:3
VM77:3 Mixed Content: The page at 'https://www.google.co.in/?gws_rd=ssl' was loaded over HTTPS, but requested an insecure prefetch resource 'http://yahd7lulk.api.bigduang.net:6532/?qafaccb2amy=Vm0xMFlWbFdWWGhXYmtwUFZ…JGV1NsVmlTRTVhVmtWS1dGUnRlR0ZTTVhCSldrZHdhVkpWY0ZSV1ZWcFNaREZDVWxCVU1EMD0='. This content should also be served over HTTPS.
_0x1A16F @ VM77:3
VM77:3 Mixed Content: The page at 'https://www.google.co.in/?gws_rd=ssl' was loaded over HTTPS, but requested an insecure prefetch resource 'http://t6jhzpo.api.bigduang.net:6532/?sun25pfgzajm=Vm0weE1GbFdiRmRXV0doWFlt…UxZEdVbFZTYlVaVVVsUldXbGRyV2xkaFZrcFdZMFpTVjFaV2NGTmFSRVpEVld4Q1ZVMUVNRDA9'. This content should also be served over HTTPS.
_0x1A16F @ VM77:3
VM77:3 Mixed Content: The page at 'https://www.google.co.in/?gws_rd=ssl' was loaded over HTTPS, but requested an insecure prefetch resource 'http://umnqu7relhmhz53ywt.api.bigduang.net:6532/?kcskhlfcvuv=Vm0weE1GbFdiRm…5qU0hCYVRVWktTRlpxUm1GV01rNUhWRzFHVTFKV2NFVldiR1EwVVRGYVZrMVZWazVTUkVFNQ=='. This content should also be served over HTTPS.
_0x1A16F @ VM77:3
VM77:3 Mixed Content: The page at 'https://www.google.co.in/?gws_rd=ssl' was loaded over HTTPS, but requested an insecure prefetch resource 'http://jwqedfrux9u.api.bigduang.net:6532/?zj3c08zebnaydr=Vm0wd2VFMUdiRmRpUm…pGTmxiRnBJWlVjNWFGWnJjRmRaTUZwVFZqRmFWMk5HVG1GU1JWcEVWbGQ0UTFaVk1VVk5SREE5'. This content should also be served over HTTPS.
_0x1A16F @ VM77:3
VM77:3 Mixed Content: The page at 'https://www.google.co.in/?gws_rd=ssl' was loaded over HTTPS, but requested an insecure prefetch resource 'http://t9qi9atcxld43t671dn.api.bigduang.net:6532/?uh1oj55u=Vm0wd2VFMUdiRmRp…JGV1NsVmlSbEpXWWtad1dGUnRlR0ZUUlRWWVkwWkNWMkV3Y0ZSV1ZWcFNaREZDVWxCVU1EMD0='. This content should also be served over HTTPS.
_0x1A16F @ VM77:3
VM77:3 Mixed Content: The page at 'https://www.google.co.in/?gws_rd=ssl' was loaded over HTTPS, but requested an insecure prefetch resource 'http://qkx9xjbvuvz976k.api.bigduang.net:6532/?cq9rwrvo7uw=Vm0wd2VFMUdiRmRpU…VtVnNVbGhsUjBaVFZtdHdlbFpITVhkaFZrcFdZMFpTVjFaV2NGTmFSRVpEVld4Q1ZVMUVNRDA9'. This content should also be served over HTTPS.
_0x1A16F @ VM77:3
VM77:3 Mixed Content: The page at 'https://www.google.co.in/?gws_rd=ssl' was loaded over HTTPS, but requested an insecure prefetch resource 'http://ebitgx6.api.bigduang.net:6532/?f84q8k0b1fz=Vm0weE1GbFdiRmRXV0doWFltd…FsV1NsVldiR2hXWWtkUmQxUnRlR0ZUUlRGWldrWk9hR1ZyV2tSV1ZWcFNaREZDVWxCVU1EMD0='. This content should also be served over HTTPS.
_0x1A16F @ VM77:3
VM77:3 Mixed Content: The page at 'https://www.google.co.in/?gws_rd=ssl' was loaded over HTTPS, but requested an insecure prefetch resource 'http://tvoi8lz.api.bigduang.net:6532/?u5vansw954kzykbu=Vm0xMFlWbFdWWGhXYmtw…VrZFhiR1J5VjJzNWFGWnJjRmRaTUZwVFZqRmFWMk5HVG1GU1JWcEVWbGQ0UTFaVk1VVk5SREE5'. This content should also be served over HTTPS.
_0x1A16F @ VM77:3
VM77:3 Mixed Content: The page at 'https://www.google.co.in/?gws_rd=ssl' was loaded over HTTPS, but requested an insecure prefetch resource 'http://gszbpf7etztjho172.api.bigduang.net:6532/?to4p5zu=Vm0weE1GbFdiRmRXV0d…RHRlRiR1J5V2toa2FGWnJjRmRaTUZwVFZqRmFWMk5HVG1GU1JWcEVWbGQ0UTFaVk1VVk5SREE5'. This content should also be served over HTTPS.
_0x1A16F @ VM77:3
VM77:3 Mixed Content: The page at 'https://www.google.co.in/?gws_rd=ssl' was loaded over HTTPS, but requested an insecure prefetch resource 'http://baku7dpri9qiej.api.bigduang.net:6532/?hifb=Vm0weE1GbFdiRmRXV0doWFltd…UxbFdVbGRYYlVaVVVqRmFTRlpIZUd0aFZrcFdZMFpTVjFaV2NGTmFSRVpEVld4Q1ZVMUVNRDA9'. This content should also be served over HTTPS.
_0x1A16F @ VM77:3
VM77:3 Mixed Content: The page at 'https://www.google.co.in/?gws_rd=ssl' was loaded over HTTPS, but requested an insecure prefetch resource 'http://ugiylr28dmd.api.bigduang.net:6532/?qtdika=Vm0wd2VFMUdiRmRpUm1SWFYwZG…FaWFJqWldiRkpXWVd0R00xcFZXbUZTTWtaSldrWmthR1ZyV2xSV1ZWcFNaREZDVWxCVU1EMD0='. This content should also be served over HTTPS.
_0x1A16F @ VM77:3
VM77:3 Mixed Content: The page at 'https://www.google.co.in/?gws_rd=ssl' was loaded over HTTPS, but requested an insecure prefetch resource 'http://w6njricdbc.api.bigduang.net:6532/?cn8s82r8h3nu13=Vm0weE1GbFdiRmRXV0d…UxbFdVbFpYYlVaVFRWZFNlbFpITVhkaFZrcFdZMFpTVjFaV2NGTmFSRVpEVld4Q1ZVMUVNRDA9'. This content should also be served over HTTPS.
_0x1A16F @ VM77:3
VM77:3 Mixed Content: The page at 'https://www.google.co.in/?gws_rd=ssl' was loaded over HTTPS, but requested an insecure prefetch resource 'http://nyxoiel.api.bigduang.net:6532/?q8off1zdzkg=Vm0weE1GbFdiRmRXV0doWFltd…QxUXhjRlpYYlVaVFRWaENTbGRyWkhOaFIxWnlWbXBhVjFaV2NGTmFSRVpEVld4Q1ZVMUVNRDA9'. This content should also be served over HTTPS.
_0x1A16F @ VM77:3
VM77:3 Mixed Content: The page at 'https://www.google.co.in/?gws_rd=ssl' was loaded over HTTPS, but requested an insecure prefetch resource 'http://hw6iodr8op78.api.bigduang.net:6532/?x259dwy3xlq=Vm0weE1GbFdiRmRXV0do…JGV1NsVldiR2hXWVd0d1UxUlZXbUZTVmtaelZHeFNhR1ZyVmpaV1ZWcFNaREZDVWxCVU1EMD0='. This content should also be served over HTTPS.
_0x1A16F @ VM77:3
VM77:3 Mixed Content: The page at 'https://www.google.co.in/?gws_rd=ssl' was loaded over HTTPS, but requested an insecure prefetch resource 'http://e5rmqndhprme8ehktqk.api.bigduang.net:6532/?wu5zfkf4ft3977lkpzo=Vm0wd…RHRmxiRnBJWlVaa2FGSXhXbmxXYlhCaFZqRmFWMk5HVG1GU1JWcEVWbGQ0UTFaVk1VVk5SREE5'. This content should also be served over HTTPS.
_0x1A16F @ VM77:3
VM77:3 Mixed Content: The page at 'https://www.google.co.in/?gws_rd=ssl' was loaded over HTTPS, but requested an insecure prefetch resource 'http://m3weq5jtmaxeq1p7r.api.bigduang.net:6532/?g6aorjimyvcy2y3kb3=Vm0wd2VF…ZaWFJqWldiR2hXWVd0R05GUnRlR0ZUUjFKSFZHeE9hVkpWY0ZSV1ZWcFNaREZDVWxCVU1EMD0='. This content should also be served over HTTPS.
_0x1A16F @ VM77:3

I could see some of my userdata also been fetched by below call:

    Uncaught TypeError: this.add_pc is not a function
    at Object.tbView.isInBlackList (api.jollywallet.com/affiliate/client?dist=336&sub=brow_gr:795)
    at Object.tbView.start (api.jollywallet.com/affiliate/client?dist=336&sub=brow_gr:1076)
    at api.jollywallet.com/affiliate/client?dist=336&sub=brow_gr:1119
ocra1-2w3auu9iq9yw.stackpathdns.com/deal_worker.js?Y2lkPTEyMzY0N2ZlOTRjM2Fm…9dHJ1ZSZvcHNpbWlsYXI9dHJ1ZQ==&subid=yk_brow_gr&name=greatdeals&email=:1296 d1=google.co.in
ocra1-2w3auu9iq9yw.stackpathdns.com/deal_worker.js?Y2lkPTEyMzY0N2ZlOTRjM2Fm…9dHJ1ZSZvcHNpbWlsYXI9dHJ1ZQ==&subid=yk_brow_gr&name=greatdeals&email=:1306 d2=google.
/C:/Users/ham13/AppData/Local/Bigflat/User%20Data/ChromeDefaultData/Extensions/gomekmidlodglbbmalcneegieacbdmki/12.0.163_1/common/scripts/ial.js:1072 checkLinks called.

Is this an error caused from chrome extension or my PC being hacked? How to solve this?

Continue reading Mixed content call every second in chrome→