Framebusting in the Wild A survey of framebusting

Скачать презентацию Framebusting in the Wild A survey of framebusting

e7231d184d7f589224bb62abab8ac8bf.ppt

Количество слайдов: 52

Framebusting in the Wild A survey of framebusting code used at popular sites Gustav Rydstedt, Elie Burzstein, Dan Boneh, Collin Jackson

What is frame busting?

What is frame busting? • HTML allows for any site to frame any URL with an IFRAME (internal frame) Ignored by most browsers

What is frame busting? • Frame busting are techniques for preventing framing by the framed site.

What is framebusting? Common frame busting code is made up of: • a conditional statement • a counter action if (top != self) { top. location = self. location; }

Why frame busting?

Primary: Clickjacking Jeremiah Grossman and Robert Hansen, 2008

Clickjacking 2. 0 (Paul Stone, BHEU ‘ 10) Utilizing drag and drop: Grab data off the page (including source code, form data) Get data into the page (forms etc. ) Fingerprint individual objects in the framed page

Survey • Idea: Grab frame busting from Alexa Top-500 and all US banks. Analyze code. • Used semi-automated crawler based on HTMLUnit. • Manual work to trace through obfuscated and packed code.

Obfuscation/Packing

Survey Sites Framebusting Top 10 60% Top 100 37% Top 500 14%

Survey Conditional Statements if (top != self) if (top. location != self. location) if (top. location != location) if (parent. frames. length > 0) if (window != top) if (window. top !== window. self) if (window. self != window. top) if (parent && parent != window) if (parent && parent. frames. length>0) if((self. parent&& !(self. parent===self))&& (self. parent. frames. length!=0))

Counter-Action Statements top. location = self. location top. location. href = document. location. href top. location. href = self. location. href top. location. replace(self. location) top. location. href = window. location. href top. location. replace(document. location) top. location. href = window. location. href top. location. href = "URL" document. write(’’) top. location = location top. location. replace(document. location) top. location. replace(’URL’) top. location. href = document. location top. location. replace(window. location. href) top. location. href = location. href self. parent. location = document. location parent. location. href = self. document. location top. location. href = self. location top. location = window. location top. location. replace(window. location. pathname) window. top. location = window. self. location set. Timeout(function(){document. body. inner. HTML=’’; }, 1); window. self. onload = function(evt){document. body. inner. HTML=’’; } var url = window. location. href; top. location. replace(url)

All frame busting code we found was broken.

Let’s check out some code.

Courtesy of Walmart if (top. location != location) { if(document. referrer && document. referrer. index. Of("walmart. com") == -1) { top. location. replace(document. location. href); } }

Error in Referrer Checking From http: //www. attacker. com/walmart. com. html Limit use of index. Of()… </p> </div> <div style="width: auto;" class="description columns twelve"><p><img class="imgdescription" title="Courtesy of if (window. self != window. top && !document. referrer. match( /https? :" src="http://present5.com/presentation/e7231d184d7f589224bb62abab8ac8bf/image-18.jpg" alt="Courtesy of if (window. self != window. top && !document. referrer. match( /https? :" /> Courtesy of if (window. self != window. top && !document. referrer. match( /https? : //[^? /]+. nytimes. com//)) { self. location = top. location; } </p> </div> <div style="width: auto;" class="description columns twelve"><p><img class="imgdescription" title="Error in Referrer Checking From http: //www. attacker. com/a. html? b=https: //www. nytimes. com/" src="http://present5.com/presentation/e7231d184d7f589224bb62abab8ac8bf/image-19.jpg" alt="Error in Referrer Checking From http: //www. attacker. com/a. html? b=https: //www. nytimes. com/" /> Error in Referrer Checking From http: //www. attacker. com/a. html? b=https: //www. nytimes. com/ <iframe src=“http: //www. nytimes. com”> Anchor your regular expressions. </p> </div> <div style="width: auto;" class="description columns twelve"><p><img class="imgdescription" title="Courtesy of if (self != top) { var domain = get. Domain(document. referrer); var" src="http://present5.com/presentation/e7231d184d7f589224bb62abab8ac8bf/image-20.jpg" alt="Courtesy of if (self != top) { var domain = get. Domain(document. referrer); var" /> Courtesy of if (self != top) { var domain = get. Domain(document. referrer); var ok. Domains = /usbank|localhost|usbnet/; var match. Domain = domain. search(ok. Domains); if (match. Domain == -1) { //frame bust </p> </div> <div style="width: auto;" class="description columns twelve"><p><img class="imgdescription" title="Error in Referrer Checking From http: //usbank. attacker. com/ <iframe src=“http: //www. usbank. com”>" src="http://present5.com/presentation/e7231d184d7f589224bb62abab8ac8bf/image-21.jpg" alt="Error in Referrer Checking From http: //usbank. attacker. com/ <iframe src=“http: //www. usbank. com”>" /> Error in Referrer Checking From http: //usbank. attacker. com/ <iframe src=“http: //www. usbank. com”> Don’t make your regular expressions too lax. </p> </div> <div style="width: auto;" class="description columns twelve"><p><img class="imgdescription" title="Strategic Relationship? Norweigan State House Bank http: //www. husbanken. no " src="http://present5.com/presentation/e7231d184d7f589224bb62abab8ac8bf/image-22.jpg" alt="Strategic Relationship? Norweigan State House Bank http: //www. husbanken. no " /> Strategic Relationship? Norweigan State House Bank http: //www. husbanken. no </p> </div> <div style="width: auto;" class="description columns twelve"><p><img class="imgdescription" title="Strategic Relationship? Bank of Moscow http: //www. rusbank. org " src="http://present5.com/presentation/e7231d184d7f589224bb62abab8ac8bf/image-23.jpg" alt="Strategic Relationship? Bank of Moscow http: //www. rusbank. org " /> Strategic Relationship? Bank of Moscow http: //www. rusbank. org </p> </div> <div style="width: auto;" class="description columns twelve"><p><img class="imgdescription" title="Courtesy of try{ A=!top. location. href }catch(B){} A=A&& !(document. referrer. match(/^https? : //[-az 09." src="http://present5.com/presentation/e7231d184d7f589224bb62abab8ac8bf/image-24.jpg" alt="Courtesy of try{ A=!top. location. href }catch(B){} A=A&& !(document. referrer. match(/^https? : //[-az 09." /> Courtesy of try{ A=!top. location. href }catch(B){} A=A&& !(document. referrer. match(/^https? : //[-az 09. ] *. google. (co. |com. )? [a-z] +/imgres/i))&& !(document. referrer. match(/^https? : //([^/]*. )? (myspace. com| myspace. cn| simsidekick. com| levisawards. com| digg. com)//i)); if(A){ //Framebust } </p> </div> <div style="width: auto;" class="description columns twelve"><p><img class="imgdescription" title="The people you trust might not frame bust Google Images does not framebust. " src="http://present5.com/presentation/e7231d184d7f589224bb62abab8ac8bf/image-25.jpg" alt="The people you trust might not frame bust Google Images does not framebust. " /> The people you trust might not frame bust Google Images does not framebust. </p> </div> <div style="width: auto;" class="description columns twelve"><p><img class="imgdescription" title="Referrer = Funky Stuff Many attacks on referrer: washing/changing Open redirect referrer changer HTTPS->HTTP" src="http://present5.com/presentation/e7231d184d7f589224bb62abab8ac8bf/image-26.jpg" alt="Referrer = Funky Stuff Many attacks on referrer: washing/changing Open redirect referrer changer HTTPS->HTTP" /> Referrer = Funky Stuff Many attacks on referrer: washing/changing Open redirect referrer changer HTTPS->HTTP washing Can be hard to get regular expression right (apparently) “Friends” cannot be trusted </p> </div> <div style="width: auto;" class="description columns twelve"><p><img class="imgdescription" title="Facebook Dark Layer " src="http://present5.com/presentation/e7231d184d7f589224bb62abab8ac8bf/image-27.jpg" alt="Facebook Dark Layer " /> Facebook Dark Layer </p> </div> <div style="width: auto;" class="description columns twelve"><p><img class="imgdescription" title="Courtesy of Facebook • Facebook deploys an exotic variant: if (top != self) {" src="http://present5.com/presentation/e7231d184d7f589224bb62abab8ac8bf/image-28.jpg" alt="Courtesy of Facebook • Facebook deploys an exotic variant: if (top != self) {" /> Courtesy of Facebook • Facebook deploys an exotic variant: if (top != self) { try { if (top. location. hostname. index. Of("apps") >= 0) throw 1; } catch (e) { window. document. write("<div style= 'background: black; opacity: 0. 5; filter: alpha(opacity = 50); position: absolute; top: 0 px; left: 0 px; width: 9999 px; height: 9999 px; z-index: 1000001' on. Click='top. location. href=window. location. href'> </div>"); } } </p> </div> <div style="width: auto;" class="description columns twelve"><p><img class="imgdescription" title="Facebook – Ray of Light! All Facebook content is centered! We can push the" src="http://present5.com/presentation/e7231d184d7f589224bb62abab8ac8bf/image-29.jpg" alt="Facebook – Ray of Light! All Facebook content is centered! We can push the" /> Facebook – Ray of Light! All Facebook content is centered! We can push the content into the ray of light outside of the div. <iframe width=“ 21800 px” height=” 2500 px” src =“http: //facebook. com”> <script> window. scroll. To(10200, 0 ) ; </script> </p> </div> <div style="width: auto;" class="description columns twelve"><p><img class="imgdescription" title="Facebook – Ray of Light! " src="http://present5.com/presentation/e7231d184d7f589224bb62abab8ac8bf/image-30.jpg" alt="Facebook – Ray of Light! " /> Facebook – Ray of Light! </p> </div> <div style="width: auto;" class="description columns twelve"><p><img class="imgdescription" title="Let’s move on to some generic attacks! " src="http://present5.com/presentation/e7231d184d7f589224bb62abab8ac8bf/image-31.jpg" alt="Let’s move on to some generic attacks! " /> Let’s move on to some generic attacks! </p> </div> <div style="width: auto;" class="description columns twelve"><p><img class="imgdescription" title="Courtesy of many if(top. location != self. location) { parent. location = self. location;" src="http://present5.com/presentation/e7231d184d7f589224bb62abab8ac8bf/image-32.jpg" alt="Courtesy of many if(top. location != self. location) { parent. location = self. location;" /> Courtesy of many if(top. location != self. location) { parent. location = self. location; } </p> </div> <div style="width: auto;" class="description columns twelve"><p><img class="imgdescription" title="Double Framing! framed 1. html framed 2. html <iframe src=“fframed 2. html”> <iframe src=“victim." src="http://present5.com/presentation/e7231d184d7f589224bb62abab8ac8bf/image-33.jpg" alt="Double Framing! framed 1. html framed 2. html <iframe src=“fframed 2. html”> <iframe src=“victim." /> Double Framing! framed 1. html framed 2. html <iframe src=“fframed 2. html”> <iframe src=“victim. com”> </p> </div> <div style="width: auto;" class="description columns twelve"><p><img class="imgdescription" title="Descendent Policy • Introduced in Securing frame communication in browsers. (Adam Barth, Collin Jackson," src="http://present5.com/presentation/e7231d184d7f589224bb62abab8ac8bf/image-34.jpg" alt="Descendent Policy • Introduced in Securing frame communication in browsers. (Adam Barth, Collin Jackson," /> Descendent Policy • Introduced in Securing frame communication in browsers. (Adam Barth, Collin Jackson, and John Mitchell. 2009) Descendant Policy A frame can navigate only it’s decedents. framed 1. html framed 2. html top. location = self. location is src=“victim. com”> always okay. <iframe src=“fframed 2. html”> <iframe </p> </div> <div style="width: auto;" class="description columns twelve"><p><img class="imgdescription" title="Location Clobbering if (top. location != self. location) { top. location = self. location;" src="http://present5.com/presentation/e7231d184d7f589224bb62abab8ac8bf/image-35.jpg" alt="Location Clobbering if (top. location != self. location) { top. location = self. location;" /> Location Clobbering if (top. location != self. location) { top. location = self. location; } If top. location can be changed or disabled this code is useless. But our trusted browser would never let such atrocities happen… right? </p> </div> <div style="width: auto;" class="description columns twelve"><p><img class="imgdescription" title="Location Clobbering IE 7: var location = “clobbered”; Safari: window. __define. Setter__("location", function(){}); top." src="http://present5.com/presentation/e7231d184d7f589224bb62abab8ac8bf/image-36.jpg" alt="Location Clobbering IE 7: var location = “clobbered”; Safari: window. __define. Setter__("location", function(){}); top." /> Location Clobbering IE 7: var location = “clobbered”; Safari: window. __define. Setter__("location", function(){}); top. location is now undefined. http: //code. google. com/p/ browsersec/wiki/Part 2#Arbitrary_ page_mashups_(UI_redressing) </p> </div> <div style="width: auto;" class="description columns twelve"><p><img class="imgdescription" title="Asking Nicely • User can manually cancel any redirection attempt made by framebusting code." src="http://present5.com/presentation/e7231d184d7f589224bb62abab8ac8bf/image-37.jpg" alt="Asking Nicely • User can manually cancel any redirection attempt made by framebusting code." /> Asking Nicely • User can manually cancel any redirection attempt made by framebusting code. • Attacker just needs to ask… <script> window. onbeforeunload = function() { return ”Do you want to leave Pay. Pal? "; } </script> <iframe src="http: //www. paypal. com"> </p> </div> <div style="width: auto;" class="description columns twelve"><p><img class="imgdescription" title="Asking Nicely " src="http://present5.com/presentation/e7231d184d7f589224bb62abab8ac8bf/image-38.jpg" alt="Asking Nicely " /> Asking Nicely </p> </div> <div style="width: auto;" class="description columns twelve"><p><img class="imgdescription" title="Not Asking Nicely • Actually, we don’t have to ask nicely at all. Most" src="http://present5.com/presentation/e7231d184d7f589224bb62abab8ac8bf/image-39.jpg" alt="Not Asking Nicely • Actually, we don’t have to ask nicely at all. Most" /> Not Asking Nicely • Actually, we don’t have to ask nicely at all. Most browser allows to cancel the relocation “programmatically”. var prevent_bust = 0 window. onbeforeunload = function() {kill_bust++ } set. Interval(function() { if (kill_bust > 0) { kill_bust -= 2; window. top. location = 'http: //no-content-204. com' } }, 1); <iframe src="http: //www. victim. com"> http: //coderrr. wordpress. com/2009/02/13/preventing-frame-busting-and-click-jacking-ui-redressing </p> </div> <div style="width: auto;" class="description columns twelve"><p><img class="imgdescription" title="Restricted zones • IE 8: <iframe security=“restricted” src=“http: //www. victim. com”> Javascript and Cookies" src="http://present5.com/presentation/e7231d184d7f589224bb62abab8ac8bf/image-40.jpg" alt="Restricted zones • IE 8: <iframe security=“restricted” src=“http: //www. victim. com”> Javascript and Cookies" /> Restricted zones • IE 8: <iframe security=“restricted” src=“http: //www. victim. com”> Javascript and Cookies disabled • Chrome (HTML 5): <iframe sandbox src=“http: //www. victim. com”> Javascript disabled (cookies still there) • IE 8 and Firefox: design. Mode = on (Paul Stone BHEU’ 10) Javascript disabled (more cookies) </p> </div> <div style="width: auto;" class="description columns twelve"><p><img class="imgdescription" title="Reflective XSS filters • Internet Explorer 8 introduced reflective XSS filters: http: //www. victim." src="http://present5.com/presentation/e7231d184d7f589224bb62abab8ac8bf/image-41.jpg" alt="Reflective XSS filters • Internet Explorer 8 introduced reflective XSS filters: http: //www. victim." /> Reflective XSS filters • Internet Explorer 8 introduced reflective XSS filters: http: //www. victim. com? var=<script> alert(‘xss’) If <script> alert(‘xss’); appears in the rendered page, the filter will replace it with <sc#pt> alert(‘xss’) </p> </div> <div style="width: auto;" class="description columns twelve"><p><img class="imgdescription" title="Reflective XSS filters Can be used to target frame busting (Eduardo Vela ’ 09)" src="http://present5.com/presentation/e7231d184d7f589224bb62abab8ac8bf/image-42.jpg" alt="Reflective XSS filters Can be used to target frame busting (Eduardo Vela ’ 09)" /> Reflective XSS filters Can be used to target frame busting (Eduardo Vela ’ 09) Original <script> if(top. location != self. location) //framebust </script> Request > http: //www. victim. com? var=<script> if (top Rendered <sc#pt> if(top. location != self. location) Chrome’s XSS auditor, same problem. </p> </div> <div style="width: auto;" class="description columns twelve"><p><img class="imgdescription" title="Is there any hope? Well, sort of… " src="http://present5.com/presentation/e7231d184d7f589224bb62abab8ac8bf/image-43.jpg" alt="Is there any hope? Well, sort of… " /> Is there any hope? Well, sort of… </p> </div> <div style="width: auto;" class="description columns twelve"><p><img class="imgdescription" title="X-Frames-Options (IE 8) • HTTP header sent on responses • Two possible values: DENY" src="http://present5.com/presentation/e7231d184d7f589224bb62abab8ac8bf/image-44.jpg" alt="X-Frames-Options (IE 8) • HTTP header sent on responses • Two possible values: DENY" /> X-Frames-Options (IE 8) • HTTP header sent on responses • Two possible values: DENY and SAMEORIGIN • On DENY, will not render in framed context. • On SAMEORIGIN, only render if top frame is same origin as page giving directive. </p> </div> <div style="width: auto;" class="description columns twelve"><p><img class="imgdescription" title="X-Frames-Options • Good adoption by browsers (all but Firefox, coming in 3. 7) •" src="http://present5.com/presentation/e7231d184d7f589224bb62abab8ac8bf/image-45.jpg" alt="X-Frames-Options • Good adoption by browsers (all but Firefox, coming in 3. 7) •" /> X-Frames-Options • Good adoption by browsers (all but Firefox, coming in 3. 7) • Poor adoption by sites (4 out of top 10, 000, survey by sans. org) • Some limitations: per-page policy, no whitelisting, and proxy problems. </p> </div> <div style="width: auto;" class="description columns twelve"><p><img class="imgdescription" title="Content Security Policy (FF) • Also a HTTP-Header. • Allows the site to specific" src="http://present5.com/presentation/e7231d184d7f589224bb62abab8ac8bf/image-46.jpg" alt="Content Security Policy (FF) • Also a HTTP-Header. • Allows the site to specific" /> Content Security Policy (FF) • Also a HTTP-Header. • Allows the site to specific restrictions/abilities. • The frame-ancestors directive can specifiy allowed framers. • Still in beta, coming in Firefox 3. 7 </p> </div> <div style="width: auto;" class="description columns twelve"><p><img class="imgdescription" title="Best for now (but still not good) <style>html { visibility: hidden }</style> <script> if" src="http://present5.com/presentation/e7231d184d7f589224bb62abab8ac8bf/image-47.jpg" alt="Best for now (but still not good) <style>html { visibility: hidden }</style> <script> if" /> Best for now (but still not good) <style>html { visibility: hidden }</style> <script> if (self == top) { document. Element. style. visibility = 'visible'; } else { top. location = self. location; } </script> </p> </div> <div style="width: auto;" class="description columns twelve"><p><img class="imgdescription" title="… a little bit more. These sites (among others) do framembusting… " src="http://present5.com/presentation/e7231d184d7f589224bb62abab8ac8bf/image-48.jpg" alt="… a little bit more. These sites (among others) do framembusting… " /> … a little bit more. These sites (among others) do framembusting… </p> </div> <div style="width: auto;" class="description columns twelve"><p><img class="imgdescription" title="… a little bit more. … but do these? " src="http://present5.com/presentation/e7231d184d7f589224bb62abab8ac8bf/image-49.jpg" alt="… a little bit more. … but do these? " /> … a little bit more. … but do these? </p> </div> <div style="width: auto;" class="description columns twelve"><p><img class="imgdescription" title="No, they generally don’t… Site URL Framebusting Facebook http: //m. facebook. com/ YES MSN" src="http://present5.com/presentation/e7231d184d7f589224bb62abab8ac8bf/image-50.jpg" alt="No, they generally don’t… Site URL Framebusting Facebook http: //m. facebook. com/ YES MSN" /> No, they generally don’t… Site URL Framebusting Facebook http: //m. facebook. com/ YES MSN http: //home. mobile. msn. com/ NO GMail http: //m. gmail. com NO Baidu http: //m. baidu. com NO Twitter http: //mobile. twitter. com NO Mega. Video http: //mobile. megavideo. com/ NO Tube 8 http: //m. tube 8. com NO Pay. Pal http: //mobile. paypal. com NO USBank http: //mobile. usbank. com NO First Interstate Bank http: //firstinterstate. mobi NO New. Egg http: //m. newegg. com/ NO Meta. Cafe http: //m. metacafe. com/ NO Ren http: //m. renren. com/ NO My. Space http: //m. myspace. com NO VKontakte http: //pda. vkontakte. ru/ NO Wells. Fargo https: //m. wf. com/ NO Ny. Times http: //m. nytimes. com Redirect E-Zine Articles http: //m. ezinearticles. com Redirect </p> </div> <div style="width: auto;" class="description columns twelve"><p><img class="imgdescription" title="Summary • All framebusting code out there can be broken across browsers in several" src="http://present5.com/presentation/e7231d184d7f589224bb62abab8ac8bf/image-51.jpg" alt="Summary • All framebusting code out there can be broken across browsers in several" /> Summary • All framebusting code out there can be broken across browsers in several different ways • Defenses are on the way, but not yet widely adopted • Relying on referrer is difficult • If JS is disabled, don’t render the page. • Framebust your mobile sites! </p> </div> <div style="width: auto;" class="description columns twelve"><p><img class="imgdescription" title="Questions? rydstedt@stanford. edu " src="http://present5.com/presentation/e7231d184d7f589224bb62abab8ac8bf/image-52.jpg" alt="Questions? rydstedt@stanford. edu " /> Questions? rydstedt@stanford. edu </p> </div> <div style="width: auto;" class="description columns twelve"><p><img class="imgdescription" title="" src="" alt="" /> </p> </div> </div> <div id="inputform"> <script>$("#inputform").load("https://present5.com/wp-content/plugins/report-content/inc/report-form-aj.php"); </script> </div> </p>  </div> </article> </section> <div class="three columns"> <div class="widget-entry"> <div id="sidebarrelated"> <div id="text-2" class="box_small box widget widget_text"><div class="crp_related crp_related_shortcode "><div class="gallery_entry_related"><a href="http://present5.com/1-survey-research-maria-lucia-barron-2/" ><img src="http://present5.com/wp-content/uploads/survey_research-180x135.jpg" alt="1 Survey Research Maria Lucia Barron 2" title="1 Survey Research Maria Lucia Barron 2" width="180" height="135" class="crp_thumb crp_featured" /></a><a href="http://present5.com/1-survey-research-maria-lucia-barron-2/" class="crp_title">1 Survey Research Maria Lucia Barron 2</a></div><div class="gallery_entry_related"><a href="http://present5.com/marketing-research-chapter-8-survey-data-collection-methods/" ><img src="http://present5.com/wp-content/uploads/part_8_-_survey_data_collection_methods-180x135.jpg" alt="Marketing Research Chapter 8 Survey data collection methods" title="Marketing Research Chapter 8 Survey data collection methods" width="180" height="135" class="crp_thumb crp_featured" /></a><a href="http://present5.com/marketing-research-chapter-8-survey-data-collection-methods/" class="crp_title">Marketing Research Chapter 8 Survey data collection methods</a></div><div class="gallery_entry_related"><a href="http://present5.com/initial-assessment-of-the-trauma-patient-%e2%80%a2/" ><img src="http://present5.com/wp-content/uploads/initial_assessment_of_the_trauma_patient2011-180x120.jpg" alt="INITIAL ASSESSMENT OF THE TRAUMA PATIENT •" title="INITIAL ASSESSMENT OF THE TRAUMA PATIENT •" width="180" height="135" class="crp_thumb crp_featured" /></a><a href="http://present5.com/initial-assessment-of-the-trauma-patient-%e2%80%a2/" class="crp_title">INITIAL ASSESSMENT OF THE TRAUMA PATIENT •</a></div><div class="gallery_entry_related"><a href="http://present5.com/horse-after-the-breastcollar-harness-the/" ><img src="http://present5.com/wp-content/uploads/horse_1-180x135.jpg" alt="Horse. After the breastcollar harness, the" title="Horse. After the breastcollar harness, the" width="180" height="135" class="crp_thumb crp_featured" /></a><a href="http://present5.com/horse-after-the-breastcollar-harness-the/" class="crp_title">Horse. After the breastcollar harness, the</a></div><div class="gallery_entry_related"><a href="http://present5.com/project-work-touchstone-3-making-a-survey/" ><img src="http://present5.com/wp-content/uploads/touchstone_3_project_1-180x135.jpg" alt="Project Work Touchstone 3 MAKING A SURVEY" title="Project Work Touchstone 3 MAKING A SURVEY" width="180" height="135" class="crp_thumb crp_featured" /></a><a href="http://present5.com/project-work-touchstone-3-making-a-survey/" class="crp_title">Project Work Touchstone 3 MAKING A SURVEY</a></div><div class="gallery_entry_related"><a href="http://present5.com/flora-ukraine-the-territory-of-ukraine-is/" ><img src="http://present5.com/wp-content/uploads/flora_and_fauna_of_ukraine-180x135.jpg" alt="Flora Ukraine The territory of Ukraine is" title="Flora Ukraine The territory of Ukraine is" width="180" height="135" class="crp_thumb crp_featured" /></a><a href="http://present5.com/flora-ukraine-the-territory-of-ukraine-is/" class="crp_title">Flora Ukraine The territory of Ukraine is</a></div><div class="gallery_entry_related"><a href="http://present5.com/ky-thuat-do-hoa-computer-graphics-gv-nguyen/" ><img src="http://present5.com/wp-content/uploads/k_thut_ha1-180x135.jpg" alt="KỸ THUẬT ĐỒ HỌA Computer Graphics GV: Nguyễn" title="KỸ THUẬT ĐỒ HỌA Computer Graphics GV: Nguyễn" width="180" height="135" class="crp_thumb crp_featured" /></a><a href="http://present5.com/ky-thuat-do-hoa-computer-graphics-gv-nguyen/" class="crp_title">KỸ THUẬT ĐỒ HỌA Computer Graphics GV: Nguyễn</a></div><div class="gallery_entry_related"><a href="http://present5.com/survey-200-people-20-no/" ><img src="http://present5.com/wp-content/uploads/mars_pet_care_97-180x135.jpg" alt="Survey 200 people: 20% — no" title="Survey 200 people: 20% — no" width="180" height="135" class="crp_thumb crp_featured" /></a><a href="http://present5.com/survey-200-people-20-no/" class="crp_title">Survey 200 people: 20% — no</a></div><div class="crp_clear"></div></div></div></div> </div> </div> </div> </div>  <footer id="footer"> <div class="container"> <div class="columns twelve">  <script type="text/javascript"></script> <script> $(window).load(function() { var owl = document.getElementsByClassName('owl-carousel owl-theme owl-loaded owl-drag')[0]; document.getElementById("owlheader").insertBefore(owl, null); $('#owlheader').css('display', 'inline-block'); }); </script> <script type="text/javascript"> var yaParams = {'typepage': '1000_top_300k', 'author': '1000_top_300k' }; </script>  <script type="text/javascript"> (function (d, w, c) { (w[c] = w[c] || []).push(function() { try { w.yaCounter32395810 = new Ya.Metrika({ id:32395810, clickmap:true, trackLinks:true, accurateTrackBounce:true, webvisor:true, params: yaParams }); } catch(e) { } }); var n = d.getElementsByTagName("script")[0], s = d.createElement("script"), f = function () { n.parentNode.insertBefore(s, n); }; s.type = "text/javascript"; s.async = true; s.src = "https://mc.yandex.ru/metrika/watch.js"; if (w.opera == "[object Opera]") { d.addEventListener("DOMContentLoaded", f, false); } else { f(); } })(document, window, "yandex_metrika_callbacks"); </script> <noscript><div><img src="https://mc.yandex.ru/watch/32395810" style="position:absolute; left:-9999px;" alt="" /></div></noscript>   <nav id="top-nav"> <ul id="menu-top" class="top-menu clearfix"> </ul> </nav> </div> </div> </footer> <script type='text/javascript'> /* <![CDATA[ */ var wpcf7 = {"apiSettings":{"root":"https:\/\/present5.com\/wp-json\/contact-form-7\/v1","namespace":"contact-form-7\/v1"},"recaptcha":{"messages":{"empty":"\u041f\u043e\u0436\u0430\u043b\u0443\u0439\u0441\u0442\u0430, \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u0442\u0435, \u0447\u0442\u043e \u0432\u044b \u043d\u0435 \u0440\u043e\u0431\u043e\u0442."}}}; /* ]]> */ </script> <script type='text/javascript' src='https://present5.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.1'></script> <script type='text/javascript' src='https://present5.com/wp-content/themes/sampression-lite/lib/js/jquery.shuffle.js?ver=4.9.10'></script> <script type='text/javascript' src='https://present5.com/wp-content/themes/sampression-lite/lib/js/scripts.js?ver=1.1'></script> <script type='text/javascript' src='https://present5.com/wp-content/themes/sampression-lite/lib/js/shuffle.js?ver=4.9.10'></script>  </body> </html>