<summary><strong>htARTE (HackTricks AWS Red Team Expert)</strong><ahref="https://training.hacktricks.xyz/courses/arte"><strong>tlhIngan Hol</strong></a><strong>!</strong></summary>
* **Do you work in a cybersecurity company**? **Do you want to see your company advertised in HackTricks**? **or do you want to have access to the latest version of the PEASS or download HackTricks in PDF**? **Check the SUBSCRIPTION PLANS**!
* **Discover The PEASS Family**, **our collection of exclusive NFTs**
* **Get the official PEASS & HackTricks swag**
* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) **Discord group** or the **telegram group** or **follow** me on **Twitter** 🐦**@carlospolopm**.
* **Share your hacking tricks by submitting PRs to the hacktricks repo and hacktricks-cloud repo**.
The technique discussed here involves understanding the behavior and interaction of two primary cache types: the **back/forward cache (bfcache)** and the **disk cache**. The bfcache, which stores a complete snapshot of a page including the JavaScript heap, is prioritized over the disk cache for back/forward navigations due to its ability to store a more comprehensive snapshot. The disk cache, in contrast, stores resources fetched from the web without including the JavaScript heap, and is utilized for back/forward navigations to reduce communication costs. An interesting aspect of the disk cache is its inclusion of resources fetched using `fetch`, meaning accessed URL resources will be rendered by the browser from the cache.
By default, Puppeteer disables bfcache, aligning with conditions listed in Chromium's documentation. One effective method to disable bfcache is through the use of `RelatedActiveContentsExist`, achieved by opening a page with `window.open()` that retains a reference to `window.opener`.
2. Execute `open("http://spanote.seccon.games:3000/api/token")`, which results in a server response with a 500 status code.
3. In the newly opened tab, navigate to `http://spanote.seccon.games:3000/`. This action caches the response of `http://spanote.seccon.games:3000/api/token` as a disk cache.
4. Use `history.back()` to navigate back. The action results in the rendering of the cached JSON response on the page.
For further details on bfcache and disk cache, references can be found at [web.dev on bfcache](https://web.dev/i18n/en/bfcache/) and [Chromium's design documents on disk cache](https://www.chromium.org/developers/design-documents/network-stack/disk-cache/), respectively.
<summary><strong>htARTE (HackTricks AWS Red Team Expert)</strong><ahref="https://training.hacktricks.xyz/courses/arte"><strong>tlhIngan Hol</strong></a><strong>!</strong></summary>
* **Do you work in a cybersecurity company**? **Do you want to see your company advertised in HackTricks**? **or do you want to have access to the latest version of the PEASS or download HackTricks in PDF**? **Check the SUBSCRIPTION PLANS**!
* **Discover The PEASS Family**, **our collection of exclusive NFTs**
* **Get the official PEASS & HackTricks swag**
* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) **Discord group** or the **telegram group** or **follow** me on **Twitter** 🐦**@carlospolopm**.
* **Share your hacking tricks by submitting PRs to the hacktricks repo and hacktricks-cloud repo**.
