gif89a ajax binary hacks
DESCRIPTION
GIF89a Ajax Binary Hacks. - How to break same-origin-policy -. id:TAKESAKO Cybozu Labs, Inc. . Ajax GIF89a. How to break same-origin-policy. (Parallelize cross-domain access). GIF89a Binary Image Object for AJAX communications Protocol. - PowerPoint PPT PresentationTRANSCRIPT
GIF89a Ajax Binary HacksGIF89a Ajax Binary Hacks
id:TAKESAKO
Cybozu Labs, Inc.
- How to break same-origin-policy -
How to break same-origin-policy.(Parallelize cross-domain access)
Ajax GIF89a
GIF89a Binary Image Objectfor AJAX communications Protocol
How to cross-domain access by AjaxHow to cross-domain access by Ajax
1. XMLHttpRequest(XHR) + Local proxy XHR doesn’t support cross-domain access. Local Proxy (breaks crossd-omain access)
Performance problem (proxy overhead)Security problem (open proxy)
2. Flash + crossdomain.xml e.g. SocketJS implementation
3. JSONP <script src=“*.js?callback=func”></script>
4. GIF89a Binary Image Object Parallelize cross-domain access
(1)(1)
XMLHttpRequest(XHR) + Local proxyXMLHttpRequest(XHR) + Local proxy
XHRdoesn’t support cross-domain access.
Local Proxybreaks cross-domain access.
ProblemPerformance problem
(proxy overhead…)
Security problem(open proxy…)
(2)(2)
Flash Player’s cross-domain-policyFlash Player’s cross-domain-policy
http://server/crossdomain.xml
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
(3)(3)
about JSONPabout JSONP
<script src=“http://example.com/data.json?jsonp=callback” />
callback( { foo: 'This is foo.', bar: 'This is bar.', moe: 'This is moe.'} );
function callback(data) { // … do action}
Response data
(1) Define JS callback function
(2) Create a script’s element by JavaScript/DOM
(3) Response from Server
(4)(4)
GIF89a cross-domain access protocolGIF89a cross-domain access protocol
<img src=“null.gif?q=param" onload=“callback(this.width)">
function callback(data) { //… do action}
(1) Define JS callback function (likes JSONP)
(2) New Image Object
CGI is OKhttp://example.com/webapi/null.gif?q=foobar
GIF Image size!
return 2 x 16 = 32bit (over cross-domain)return 2 x 16 = 32bit (over cross-domain)
Server Side program (Perl example)
#!/usr/bin/perluse strict;use warnings;
sub create_gif { my $size = pack "S2", @_; return "GIF89a$size\xf0\x00\x00\x00\x00\x00\xff\xff\xff," . "\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02L\x01\x00;";}
print "Content-Length: 35\n";print "Content-Type: image/gif\n\n";binmode(*STDOUT);print create_gif(65535, 65535);
1;
Classical C example for old typeClassical C example for old type
#include <stdio.h>
#define print_gif_head() do { \ printf( \ "Content-Length: 35\n" \ "Content-Type: image/gif\n" \ "\n"); \ } while (0)
#define print_gif_body(x,y) do { \ putchar('G'); \ putchar('I'); \ putchar('F'); \ putchar('8'); \ putchar('9'); \ putchar('a'); \ putchar(0xff & (x)); \ putchar(0xff & (x >> 8)); \ putchar(0xff & (y)); \ putchar(0xff & (y >> 8)); \ putchar(0xf0); \ putchar(0x00); \ putchar(0x00); \ putchar(0x00); \ putchar(0x00); \ putchar(0x00); \ putchar(0xff); \ putchar(0xff); \ putchar(0xff); \
putchar(','); \ putchar(0x00); \ putchar(0x00); \ putchar(0x00); \ putchar(0x00); \ putchar(0x01); \ putchar(0x00); \ putchar(0x01); \ putchar(0x00); \ putchar(0x00); \ putchar(0x02); \ putchar(0x02); \ putchar('L'); \ putchar(0x01); \ putchar(0x00); \ putchar(';'); \} while (0)
int main(){ print_gif_head(); print_gif_body(65535, 65535);}
It works!
GIF89a - Cross browser techniqueGIF89a - Cross browser technique
+-----------------------+| +-------------------+ || | GIF Signature | || +-------------------+ || +-------------------+ || | Screen Descriptor | || +-------------------+ || +-------------------+ || | Global Color Map | || +-------------------+ ||- GIF Terminator -|+-----------------------+
+-----------------------+| +-------------------+ || | GIF Signature | | 5byte (GIF89a)| +-------------------+ || +-------------------+ || | Screen Descriptor | | 7 byte (width x height)| +-------------------+ || +-------------------+ || | Global Color Map | | 6 byte (2 colors)| +-------------------+ || +-------------------+ || | IMAGE DESCRIPTOR | | 15 byte (1 x 1)| +-------------------+ ||- GIF Terminator -| 1 byte (;)+-----------------------+
20 byte 35 byte
IE cannot load only GIF header.
Good old days technology for AJAX 2.0Good old days technology for AJAX 2.0
GIFGIF87a( 1987-)GIF89a( 1989-)
XMLW3C( 1998-)
JSONRFC4627( 2006-)
20 yearsago…
Binary LOVE