9b/jSneak
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
Simple PoC of JavaScript delivery based on timed token. Page generated contains no JavaScript unless a valid token is supplied. If the token is correct then the JavaScript source reference is added to the page which is then executed making an AJAX request back to the server for the true JavaScript payload. == Proposed use == Delivery of Javascript in a more obscure way. == Benefits == 1) Javascript does not need to be referenced on the initial load making the page appear normal. 2) JavaScript snatcher is buried in jquery minified code and executed on load making it appear normal or less obvious. 3) Payload deliver is injected into the page through basic DOM manipulation without refresh. 4) DOM elements are capable of being deleted upon payload execution making them invisible on the live site. 5) User is redirected upon payload execution making investigation annoying.
About
Deliver JavaScript Payload on AJAX Call
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published