I am doing research on Same origin Policy for work project
It appears same origin policy is very strong policy and can not be broken?
I have tested iframes, CSS history url hack as possible ways to break it.
I was wondering if any ideas on possible tests I could perform whether they would work or not on testing the same origin policy. Is there a simple tutorial on how to do DNS rebinding perhaps in a virtual netkit environment?
Thanks
First of all you should mater what the Same Origin Policy(SOP) entails, and the Browser Secuirty Handbook is a great resource for that.
That being said there are plenty of ways that websites revoke the protection given to them by the SOP. XSS is a good example, because this can be used to access data on another domain, a good example of this is the samy worm.
Cross-Site Request Forgery attacks are not prevented by the SOP. The idea is that you can send requests, but you can't read the response. In this attack the request is causing a side effect, like changing a user's password.
Clickjacking is another example of a flaw where events(mouse move events, click events, keystroke events) are passed to another domain and can cause problems.
Then people intentually bypass the SOP, CORS and JSONP is a good example. There is also flash's crossdomain.xml file.
And last but not least, SOP bypass vulnerabilities are incredibly common in browsers..