In this video we figure out how to do a popunder in Chrome version 59, by using a trick. Hopefully Chrome fixes this, because I resent this kind of advertisement.
PoC: https://liveoverflow.com/poc/popunder.html
————————————–
Twitter: https://twitter.com/LiveOverflow
Website: http://liveoverflow.com/
Subreddit: https://www.reddit.com/r/LiveOverflow/
Facebook: https://www.facebook.com/LiveOverflow/
Original source
Lopaki Siva
this guy sells a license for a js library that popunders chrome 🙁
a debugger statement triggers a breakpoint, bastards
cool i never knew about the pretty-print option
whats up with the "minified file," description?
etc host
is there a "professional" way to write rubbish code? Like how do I do it myself?
these calls are heavily obfuscated: window.open window.setTimeout createelement() and appendChild
these api calls
what is a deprecation warning?
Notification api was definitely suspicious to me to!
i tried to connect with my future self, my future self was in some sort of great pain
there were no iframes inside
whats going on with that chrome pdf viewer
I need to learn more about proxy objects
dynamically created iframe is simply a popup blocker bypass
alert stops and blocks everything
wow, that pdf was just a notification calling an alert
productforums.google.com
I LOVE base64
Lopaki Siva
edge_popunder how I hate you!
knighToFdemonS
Could a re-definition of the window.open function prevent you from analyzing the code? I'm thinking of:
– You are re-defining the critical functions
– JS files get loaded
– On loading the iframe the developer puts in a re-defining of the functions to standard (like window.open = window.open)
Then your initial re-defining of those functions would be set to normal again before executing the crucial code soooo….in the end your method would not work. Am I right?
Soulsteal Ninja
This video was awesome, I am a newbie to Js and code in general but not only did I learn a lot it was a cool idea no matter how nefarious it could be.
AbsoluteGuardian
I'm glad I found this channel. I'd love to see you work with more obfuscated code.
Mehmet Çağrı Arı
Wouldn't a simple js deobfuscator work? ;P
Overgreen
So… why is your computer name redstar-os???
deluxe sauce
Shit; I feel like im watching a rube goldberg machine.
Nope
Just checked, and it no longer seems to work. Now it just opens the new window in another tab.
BUFFDOENUT950
everytime I try to run php server on my local host after editing the hosts file I keep getting a 404 error
HABELFOC _
This is how publisher make extra money. Implement this tricky to make user less noticeable.
HABELFOC _
wow… what a tricky! awesome content keep it up! subbed!
Asdayasman
Please normalise your audio – the outro music was WAY too loud compared to your voice.
luca009 // l9
https://i.imgur.com/lr488yr.png << Easter Egg?
slap_my_hand
This is the exact reason why i hate javascript.
Henrry Pires
How did you manage to download the site and make it run on your machine?
Ziii Mr.
Очень интересно. Спасибо!
Brian Chandler
Enjoying vids like these and admire your thinking. I often learn some technique I never thought of trying. Keep'em up. 🙂
Michael O'Leary
Popunder never should be a thing less your a spy or hacker high jacking users
TkrZ
@LiveOverflow can you revisit this with his new, updated javascript please?
xorinzor
And they wonder why people started using adblockers. Well, it's precisely because of these reasons lol.
EDIT: Surely this could be easily fixed by not allowing JS to be executed in a PDF file? I can't really think of a single reason why you'd want to allow that anyway. Seems kinda like a Trojan Horse idea to me.
Rufis
cool
Giorgi Shalvashvili
i have i3wm, popunders are practically imposible for me
szach gr
Do you have in yours plans make some video about JSMiner crypto attack. Similar like pop up but there are no ads but script start run mining some cryptocurrency on our computer 😀 for example coin-hive
-
Just use Charles Proxy to modify the external site rather than creating a local copy