Basic Tutorial About Javascript Injection
Posted by Unknown on 15:55 with No comments
Basic Tutorial About Javascript Injection
Javascript injection allows you to change websites behavior without
refreshing or leaving it. It provides on spot interaction with the
source code of website from browser window. Javascript script might come
really handy when you are hacking basic websites. Javascript injection
allows you to alter the form values before sending it to server.
In Javascript injection, javascript codes are injected from address bar of the browser window. In this tutorial we’ll go through the basics of javascript injection, if you are javascript expert then it might be below your knowledge. However freshers might find it interesting and informative.
To command any javascript code to your browser you must inform it that its javascript. It can be done by adding “Javascript:”(without quotes) just before your code.
Below is the sample code to input in your browser.
After you complete the code, press enter, you’ll see the something similar to below:
In the code typed above, Javascript: is the protocol which you must type before initiating any javascript code snippet. Alert
is just the javascript function that gives alert box on the screen. ;
is the end of statement command that you have in every programming
language, like C, C++, PHP etc.
To have more clear vision about statement end symbol, refer to following example,
The alert() function is only used to get information from the website. For example to get form value, cookies etc.
This can be very useful if you are trying to hack basic websites. Cookies are set most in page login systems that might be helpful to get illegal access to the website’s administrator page.
For example in above image, you can see username and password set in cookies section which was revealed with the help of javascript injection.
If the website is not strong enough you can modify the username to administrator’s username and gain full access to the website.
To change the cookie value you can follow the syntax similar to below:
You can change any cookie value by applying syntax like above.
To change multiple cookies following pattern will help.
Changing cookie value allows you to confuse the website about your real details like username, log in status, and other dynamic values that are cookied.
Similarly you can change the form value and types. I’ll posting tutorial about form values using Javascript injection shortly. Meanwhile, you can practice with injections in several websites.
Hope this tutorial was informative.
In Javascript injection, javascript codes are injected from address bar of the browser window. In this tutorial we’ll go through the basics of javascript injection, if you are javascript expert then it might be below your knowledge. However freshers might find it interesting and informative.
To command any javascript code to your browser you must inform it that its javascript. It can be done by adding “Javascript:”(without quotes) just before your code.
Below is the sample code to input in your browser.
Javascript: alert("Welcome to HacksPC.com");
The above code is to be typed in browser address bar similar to image below:
After you complete the code, press enter, you’ll see the something similar to below:
To have more clear vision about statement end symbol, refer to following example,
javascript: alert("First message"); alert("second message"); alert("Third message");
It gives three separate windows with three different messages.The alert() function is only used to get information from the website. For example to get form value, cookies etc.
Javascript:alert(document.cookie);Above code example shows the cookies that are set in your browser by your current website.
This can be very useful if you are trying to hack basic websites. Cookies are set most in page login systems that might be helpful to get illegal access to the website’s administrator page.
For example in above image, you can see username and password set in cookies section which was revealed with the help of javascript injection.
If the website is not strong enough you can modify the username to administrator’s username and gain full access to the website.
To change the cookie value you can follow the syntax similar to below:
javascript:void(document.cookie="Cookie_name=Cookie_value");
“void” in simple terms applies the function without refreshing the
page. Literally, it means that the function won’t return any result.
javascript:void(document.cookie="username=user123"); alert(document.cookie);
The above code will change the cookie value and show the changed value.
You can change any cookie value by applying syntax like above.
To change multiple cookies following pattern will help.
javascript:void(document.cookie="username=user123"); void(document.cookie="password=pass123"); alert(document.cookie);
You can add multiple statements to do multiple tasks at once.Changing cookie value allows you to confuse the website about your real details like username, log in status, and other dynamic values that are cookied.
Similarly you can change the form value and types. I’ll posting tutorial about form values using Javascript injection shortly. Meanwhile, you can practice with injections in several websites.
Hope this tutorial was informative.
Categories: Sql injection
Posts
0 comments:
Post a Comment