Product Launch
anonymous
8 points
8 comments
Posted3 months agoActive3 months ago
Show HN: Iframetest.com
iframetest.comiframe testingweb development toolssecurity testing
Discussion (8 comments)
Showing 8 comments
> Client-Side Only: The iframe embedding test runs entirely in your browser. No URLs are sent to external servers.
Except isn't one of the tests through a proxy or whatever Webfuse is?
Also, what is Webfuse?
3 months ago
We sell augmented web proxy - and this website was built to demonstrate one of the use case of Webfuse, embed anything.
Regarding the about section, it has not been updated after the first version, indeed proxy test isn't client side only.
3 months ago
Yes, it sends the url to webfuse.com for the proxy test and to a ws21.webfuse.com host for a session data that also contains the url. They also open a web socket to ws21.webfuse.com that also contains the url.
Ooh, and to example-org-p.webfuse.com to actually fetch the content for the proxy.
It's totally a lie that URLs are processed client-side only.
3 months ago
Webfuse is the product secretly advertised in that iframe tester. It seems to be a solution to proxy and manipulate iframes
This is cool. I noticed that, after testing a few URLs, hitting the back button in my browser popped some state to load the previous iframe URL, but the URL of the whole page itself didn't change. It would be nice if the URL had a query param to reflect the currently shown iframe URL.
3 months ago
thanks, will add url param too
Good tool, but I am sure there will be a lot of bounty beggar who will use this tool to automate scanning for vulnerable small blogs / website for iFrame / clickjacking , and then send email to the website owner saying they have discovered "high impact security issue" and begging for bounty.
3 months ago
I see you have invented the hammer.
Unfortunately I predict many people using it to clock one another over the head.