Full Address Bar Spoofing On Opera Mini Android

Patience is indeed* a virtue — bug bounty



Expected behavior


The Great Plot

Opera Software asking POC
<title>Not Opera</title>
function spoof()
var data = 'PGh0bWw+PGJvZHk+PGgxIGFsaWduPSJjZW50ZXIiPlRoaXMgaXMgZGVmaW5pdGVseSBub3QgT3BlcmEuPC9oMT48L2JvZHk+PC9odG1sPg=='; // base64 encoded html content

Validation or say, “Oh my god, I really found a valid bug, I can’t believe it!” moment

The bug was found valid, …ob..viously?!

The “arm-twisting”

Hello there? Anyone?

I ❤ Opera‘s Responsiveness

Translation: OMG! I am a genius!

Finally! The bug fix moment

Aftermaths & The End

The Hall of Fame

Opera Security Hall of Fame (HoF)



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Piyush Raj ~ Rex

Google Code-In C. Winner. GsOCer ‘19. Independent Security Researcher. Have hacked Medium, Mozilla, Opera & many more. Personal Website: https://0x48piraj.com