-
Recent Posts
- Extending Burp Suite to solve reCAPTCHA
- Decrypting suhosin sessions and cookies.
- Clickjacking and XSS for reading autocomplete credentials.
- JavaScript and Daylight Savings for tracking users.
- Google TOTP Two-factor Authentication for PHP
- Exploit: PHPCaptcha / Securimage is not secure.
- Javascript keylogger in JQuery.
- Clickjacking and Phishing with help from the HTML5 JavaScript Sandbox
Recent Comments
Archives
Categories
Category Archives: JavaScript
Clickjacking and XSS for reading autocomplete credentials.
By combining Cross Site Scripting (XSS) with Clickjacking and JavaScript it is possible to extract passwords and data stored within the browsers Autocomplete cache. Autocomplete is a feature supported by all browsers to cache input field values – it can … Continue reading
JavaScript and Daylight Savings for tracking users.
Each country has their own timezone – although timezones are not generally unique variations in the offset can enable a website using JavaScript to pinpoint your location and operating system to an alarming degree of accuracy. Most countries time differs … Continue reading
Javascript keylogger in JQuery.
I needed to capture someone’s login credentials using cross site scripting. However I had 3 problems. Firstly there was no XSS on the login page, secondly the only XSS was reflected, meaning it only affected the current page and thirdly … Continue reading