Skip to content

Instantly share code, notes, and snippets.

@YasserGersy

YasserGersy/Post.Message.html

Last active August 14, 2024 21:31
Show Gist options
  • Save YasserGersy/1fc77ff9b678fb5028a272a86c1d2ea1 to your computer and use it in GitHub Desktop.
Save YasserGersy/1fc77ff9b678fb5028a272a86c1d2ea1 to your computer and use it in GitHub Desktop.
Download ZIP
Post Message Hooker
Raw
Post.Message.html
<!DOCTYPE html>
<!-- Author Yasser Gersy @yassergersy v 2 -->
<html>
<head>
<meta charset="utf-8">
</head>
<script>
var last_message='';
var rcvd_msg_count=-2;
var current_receiver_path=''
var current_receiver_iframe =null;
var send_message_time_out=3000;
function rcv(ev){
rcvd_msg_count++;
if(rcvd_msg_count<1)
return ;
console.log("new message from "+ev.origin);
console.log(ev.data);
document.getElementById('mc').innerText='Messages '+rcvd_msg_count;
dx=JSON.stringify(ev.data);
/*var dx = ev.data;
if (typeof dx === 'string' || dx instanceof String)
dx=dx;
else
dx=JSON.stringify(ev.data);*/
//if(ev.data.toString()!=last_message){
var op = document.createElement('option');
op.value=last_message=dx;
op.innerText=ev.origin;
//op.setAttribute("onselect","viewdata(this);");
document.getElementById('listbox').add(op);
//}
}
window.addEventListener('message',rcv,false);
function clear_iframes(){
var iframes = document.querySelectorAll('iframe');
for (var i = 0; i < iframes.length; i++)
{
iframes[i].parentNode.removeChild(iframes[i]);
}
}
function viewdata(e){
document.getElementById('result').value=e.getAttribute('value');
}
function open_window(){
var v=document.getElementById("textboxarea").value;
console.log("Opeingin window for "+v);
window.open(v.toString(), 'child',false);// 'location=yes,height=70,width=20,scrollbars=yes,status=yes');
}
function open_iframe(i ) {
//var keep=document.getElementById("checkbox").checked;
if(i==0)
{
clear_iframes();
}
var x=document.getElementById("textboxarea").value;
var ifrm = document.createElement("iframe");
ifrm.setAttribute("src",x);
ifrm.style.width = "640px";
ifrm.style.height = "480px";
document.body.appendChild(ifrm);
}
function select(){
console.log('Displaying result');
var e = document.getElementById("listbox");
var strUser = e.options[e.selectedIndex].value;
document.getElementById('result').value=strUser.toString();
}
function send_to_window(){
console.log("Sending message via windo");
var tar=document.getElementById('tar').value;
var pay=document.getElementById('pay').value;
var to = send_message_time_out;
setTimeout(function(){
console.log('sending after ' +to);
var c= window.open(tar,"child");
c.postMessage(pay,"*");
}, to);
}
function send_to_iframe(){
console.log("Sending message via iframe");
var pay=document.getElementById('pay').value;
var tar=document.getElementById('tar').value;
if(current_receiver_iframe==null || current_receiver_path!=tar)
{
console.log('Creating new iframe to send a message to');
current_receiver_iframe = document.createElement("iframe");
current_receiver_iframe.setAttribute("src",tar);
current_receiver_iframe.style.width = "640px";
current_receiver_iframe.style.height = "480px";
current_receiver_path=tar;
document.body.appendChild(current_receiver_iframe);
}
setTimeout(send_message_time_out,function (){current_receiver_iframe.contentWindow.postMessage(pay,tar);});
}
function init(){
document.getElementById('to').value=send_message_time_out/1000;
}
</script>
<body style="margin:0 auto;" onload="init()"><center>
<h1>Post Message hooker</h1>
<div align="center"><h4>Send post messages</h4>
<br/> Target url<br/>
<textarea id="tar" rows="2" cols="100" ></textarea><br/> payload<br/>
<textarea id="pay" rows="4" cols="100"></textarea><br/>
<input type="button" onclick="send_to_window()" value="send in new window" />
<input type="button" onclick="send_to_iframe()" value="send in iframe" />
<input value="2" type="number" name="send message after " min="1" max="1000" id="to" onchange="send_message_time_out=this.value*1000">seconds
</div>
<hr/>
<div id='listnercontainer' >
Listen to messages </br>
url </br>
<textarea id='textboxarea' style="width:800;height:50"></textarea></br>
<input type='button' id='opw' value='open window' onclick='open_window();'/>
<input type='button' id='opif' value='open in main iframe' onclick='open_iframe(0);'/>
<input type='button' id='opnif' value='open in new iframe' onclick='open_iframe(1);'/>
<input type='button' id='clearif' value='clear all iframes' onclick='clear_iframes();'/>
<!--
<div style="border-style: groove;width:190"> keep old iframes
<input type="checkbox" id="checkbox" name="keep old iframes" value="keep old iframes">
<div>
-->
</center>
<hr/>
<div id='resultcontainer' style="text-align:center;" >
<div id="listboxcontainer" style="display:inline;resize: both;">
<div id='mc'>Messages</div>
<select name="sometext" id="listbox" size="20" style="width:400" onchange="select();" >
</select>
</div>
<div id="textresult" style="resize: both;overflow: auto;display:inline;resize: both;" >
<textarea autocomplete="off" id='result' style="width:800;height:100;margin:2%"></textarea></br>
</div>
</div>
<hr/> <center> Iframes will be here</center></br>
</div>
</body>
</html>
<!-- Backdooring a page
paste the following inside page to allow for custom code execution
<input value="exec" type="button" onclick="eval(document.getElementById('iev').value)" />
<textarea value="" id="iev"></textarea>
-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment