• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Capturing info. inside iframe

 
Neeraj Vij
Ranch Hand
Posts: 315
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I have deployed a webapplication 'CaptureIframe' on Tomcat 6. Inside that application, I have a page capture.jsp which opens an iframe with user selected sites.

For example -

There will be list box on capture.jsp containing 'n number of' sites like {google.com, yahoo.com etc.}.

On selection of google.com, iframe on capture.jsp will open google.com.

now is it possible to track what the user has done on google.com either thorugh javascript or tomcat sever logs ?

Thanks,
Neeraj.

 
Sebastian Janisch
Ranch Hand
Posts: 1183
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't think there is. The page in the iframe is independent from yours, you can neither manipulate it's content nor monitor it.
 
Sean Clark
Rancher
Posts: 377
Android Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey,

No you can't do that, I think it is a cross-domain security precaution.

Stops people from spoofing sites (such as a bank login) and then reading the data from the page or my login details as I typed them in.
 
Neeraj Vij
Ranch Hand
Posts: 315
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think it's possible. maybe through caching of webcontent or javascript key/mouse events.

I think every request is routed and cached inside the proxy web server before reaching the app server {but not sure}


Few years back I was working on a production support project. I was asked to fix this problem where my web application was getting opened inside iframe of different domain application. Information typed inside the iframe was getting logged inside the third party website. It was revealed during security testing.

I put a javascript code inside header jsp to breakout of iframe, if my application was opening inside an iframe.I was able to found several scripts on google for detecting and iframe and breaking out of it.

Earlier I did not bother to ask, how the information was getting logged

Neeraj
 
Neeraj Vij
Ranch Hand
Posts: 315
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
till now able to find out scripts for breaking out of <iframe>, but unable to find the reason why do people need to break out of iframe if there is no security concern from it

any pointers will be a great help.
 
Ankit Garg
Sheriff
Posts: 9519
22
Android Google Web Toolkit Hibernate IntelliJ IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Doesn't look like a Servlet problem to me. I'll move it to the HTML and Javascripts forum.
 
Eric Pascarello
author
Rancher
Posts: 15385
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why would people want to break out of frames?

Would you want your site to look like it is part of someone else's site?


There is no way to track the user's actions in another domain with JavaScript. Your email and bank account are happy that is the case.

Eric

 
Neeraj Vij
Ranch Hand
Posts: 315
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This might work in case we want to cache through proxy server

http://www.ibm.com/developerworks/websphere/library/techarticles/0512_guminy/0512_guminy.html


I found few javascripts samlpe scripts on google, which can capture key and mouese events using javascript inside iframe, even if iframe website is from a different domain. But those sample were claiming to be working in few browsers only.

Regards,
Neeraj.
 
Eric Pascarello
author
Rancher
Posts: 15385
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you remove all of the security from your browser adn become a hackers dream, you can monitor anything you want in the iframe.

If you proxy everything, the pages may not work like they are supposed too.

Eric
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic