Name	Name	Last commit message	Last commit date
parent directory ..
README.md	README.md
install.js	install.js
install_serviceworker.py	install_serviceworker.py
poc.html	poc.html
sw.js	sw.js
sw_config_overleaf.js	sw_config_overleaf.js
sw_include.js	sw_include.js

Name

Last commit message

Last commit date

install.js

install_serviceworker.py

poc.html

sw.js

sw_config_overleaf.js

sw_include.js

Overleaf Session Swapping (fixed)

The lack of the state parameter in the Overleaf implementation of OAuth 2.0 with Google introduced known vulnerabilities. In particular it was possible to mount a session-swapping attack through a CSRF on the Google Oauth2 callback page at /users/auth/google_oauth2/callback. A PoC attack can be found in the poc.html file.

The vulneability have been reported to Overleaf developers, that acknowledged the vulnerability and fixed the issue by adding the state parameter.

Monitor

mitmproxy -p 8080 -s install_serviceworker.py

The proxy rewrites the <head> element of every page in the overleaf.com origin to inject the following script tag

<script src="install.js"></script>

The install.js script installs the service worker monitor on the Overleaf scope.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

Overleaf Session Swapping (fixed)

Monitor

FilesExpand file tree

overleaf

Directory actions

More options

Directory actions

More options

Latest commit

History

overleaf

Folders and files

parent directory

README.md

Overleaf Session Swapping (fixed)

Monitor