mocyuto/createEnv.md

## createEnv.md

      
    Raw
  

              createEnv.md
            
          
    docker構築

dockerを起動した後、以下でnginxサーバを立ち上げる
$ docker run -d -p 80:80 --name webserver nginx
$ docker exec -it webserver /bin/bash

root@docker# apt-get install vim
root@docker# cd /usr/share/nginx/html
## 上記2ファイルを貼る
root@docker# vim index.html 
root@docker# vim iframe.html

localのhostsを書き換える

$ sudo vim /etc/hosts
127.0.0.1       localhost
↓
127.0.0.1       localhost, local.test.com, evil.com


## iframe.html
<script>
if (!document.cookie.split(';').filter((item) => {
    return item.indexOf('evil=') >= 0
}).length){
    document.cookie = "evil=google"+Math.random()+";max_age=60*60*24*365;expires=Fri, 31 Dec 9999 23:59:59 GMT";
}

if (!document.cookie.split(';').filter((item) => {
    return item.indexOf('evil2=') >= 0
}).length){
    document.cookie = "evil2=doubleclick"+Math.random();
}
document.cookie = "evil3=google"
function alertCookie() {
    alert(document.cookie);
};
function getCookie() {
   var iframe = document.createElement("iframe");
   iframe.setAttribute("src","http://local.com/index.html");
   iframe.id = "iframes";
   iframe.setAttribute("width","1");
   iframe.setAttribute("height","1");
   document.body.appendChild(iframe);
   var frame = document.getElementById("iframes");
   console.log(frame.contentDocument.cookie);
};
</script>
<body>
  <button onclick="alertCookie()">Show cookies</button>
  <button onclick="getCookie()">Show iframe cookies</button>
</body>

## index.html
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
<script>
if (!document.cookie.split(';').filter((item) => {
   return item.indexOf('name=') >= 0
}).length){
   document.cookie = "name=oeschger"+Math.random()+";max_age=60*60*24*365;expires=Fri, 31 Dec 9999 23:59:59 GMT";
}
document.cookie = "favorite_food=tripe;max_age=60*60*24*365";
function alertCookie() {
    alert(document.cookie);
}
</script>
</head>
<body>
  <h1>Welcome to iframe test page!</h1>
  <button onclick="alertCookie()">Show cookies</button>
  <br />
  <iframe src="http://evil.com/iframe.html" width="400" height="100"></iframe>
</body>
</html>
	<script>
	if (!document.cookie.split(';').filter((item) => {
	return item.indexOf('evil=') >= 0
	}).length){
	document.cookie = "evil=google"+Math.random()+";max_age=606024*365;expires=Fri, 31 Dec 9999 23:59:59 GMT";
	}

	if (!document.cookie.split(';').filter((item) => {
	return item.indexOf('evil2=') >= 0
	}).length){
	document.cookie = "evil2=doubleclick"+Math.random();
	}
	document.cookie = "evil3=google"
	function alertCookie() {
	alert(document.cookie);
	};
	function getCookie() {
	var iframe = document.createElement("iframe");
	iframe.setAttribute("src","http://local.com/index.html");
	iframe.id = "iframes";
	iframe.setAttribute("width","1");
	iframe.setAttribute("height","1");
	document.body.appendChild(iframe);
	var frame = document.getElementById("iframes");
	console.log(frame.contentDocument.cookie);
	};
	</script>
	<body>
	<button onclick="alertCookie()">Show cookies</button>
	<button onclick="getCookie()">Show iframe cookies</button>
	</body>
	<!DOCTYPE html>
	<html>
	<head>
	<title>Welcome to nginx!</title>
	<style>
	body {
	width: 35em;
	margin: 0 auto;
	font-family: Tahoma, Verdana, Arial, sans-serif;
	}
	</style>
	<script>
	if (!document.cookie.split(';').filter((item) => {
	return item.indexOf('name=') >= 0
	}).length){
	document.cookie = "name=oeschger"+Math.random()+";max_age=606024*365;expires=Fri, 31 Dec 9999 23:59:59 GMT";
	}
	document.cookie = "favorite_food=tripe;max_age=606024*365";
	function alertCookie() {
	alert(document.cookie);
	}
	</script>
	</head>
	<body>
	<h1>Welcome to iframe test page!</h1>
	<button onclick="alertCookie()">Show cookies</button>
	<br />
	<iframe src="http://evil.com/iframe.html" width="400" height="100"></iframe>
	</body>
	</html>