exploit page 2 - Dave's Blog

Opera Speed Dial Code-less Hack for IE7

2007 Apr 17, 11:45Opera (the fifth most popular web browser) has a new feature named Speed Dial (video of it in action). Whenever you open a new tab you get your Speed Dial view which consists of nine thumbnails of user-settable pages. Its like a quick-favorites that appears every time you open a new tab. I think this is a neat idea and was considering how I might do that in IE7. The following is my hack-y and ugly but no coding required version of Speed Dial for IE7. I like my hack and I'm about to expound upon it in unnecessary detail so skip to the last paragraph if you're afraid of losing interest.

By default in IE7, whenever you open a new tab you navigate to 'about:Tabs'. As noted in wikipedia the result of navigation to 'about:Tabs' is determined by values in the registry. Specifically, values in the key in "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs". Usually this fact is exploited by malicious software to hijack "about:blank" and show you ads but we can hijack it too in order to display our Speed Dial-ish page.

Of course since this is a code-less hack we've got limited options on what to change 'about:Tabs' to display. It should have the following requirements.

1. Something local so that our 'about:Tabs' doesn't disappear when we go offline and so that its relatively fast.
2. The user should be able to modify its content.
3. Show links that the user uses.
4. Show thumbnails of those links
5. Provide easy to use drag and drop interaction and generally look cool.

Now, I use del.icio.us which allows me to store all of my favorites online and which provides RSS feeds that list my saved links. New in IE7 is an RSS platform that will, among other things, cache RSS feeds locally. So, by pointing about:Tabs to my del.icio.us feed 'http://del.icio.us/rss/sequelguy/quickreference' I get (1) from IE7's RSS support, and (2) and (3) from del.icio.us. Of course requirements (4) and (5) are missing but hey, I said this was ugly.

In summary, if you change the registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs!Tabs" to point to an RSS feed of your favorites you can get a hack-y version of Opera's Speed Dial. I should note that although its referenced on pages such as wikipedia changing your 'about:Tabs' URI in the manner I describe is not documented and not supported by Microsoft. There could be all kinds of horrible repercussions from this change of which I'm not aware. Yeah, actually you know what? Forget I said any of this. Pretend I never wrote it...browser technical hack