IE/Edge - Loading insecure content without warnings




By using a simple server redirect and a document.write, we can load insecure content (coming from iFrames or any element) on Internet Explorer and Edge, bypassing the classic Mixed Content warning.

Top page in a secure page (https:), iframe does a server redirect to an insecure page (http).
Inside the insecure page we do a single document.write() and bingo!
Now we can freely use the iFrame load insecure content without warnings.

<iframe src="redir.php?URL=http://unsafe.cracking.com.ar"></iframe>
If you are on IE, you can also test the

Questions? Ping me on Twitter @magicmac2000