What is UI Redressing?

Redressing leverages features of html5 to call the history.replaceState or history.pushState functions to the browser. These functions allow a script to re-write what is presented in the URL bar after a page has loaded.

A script, rewrites the url presented in the address bar after loading the page. I'll let that sink in for a minute.

I first came across this method randomly on swisskyrepo's xss injection GitHub page.

From the example on the swisskyrepo's page history.replaceState() is leveraged to replace the page with a /login. Note: history.pushState() could also be used.

When the script is ran the url bar will be re-written from:

http://dvwa/vulnerabilities/xss_r/?name=yogi#

to something a bit more devious

http://dvwa/login

So what? Whats the big deal, the url is re-written but the page is still the page it should be. Right? Maybe, unless the page gets changed with the document.body.innerHTML property...