javascript - What is the easiest way to inject a script in to someone else's domain? -
for example if i'm on www.facebook.com , want inject script analyze dom? 1 way open console , use like
document.createelement('script');
and set src attribute, etc.
is best way it?
if trying inspect someone's dom, it's easiest use js console or debugger (if browser offers natively or add-on firebug).
you use proxy server, burp or zap, intercept responses website , inject own javascript.
you duplicate site web crawler. should permission first, ensure don't violate terms of service, , make sure have lots of space. can play site heart's content :)
as alternative, use engine xssshell, loading website want examine in xssshell compromised web browser, loading code want load xssshell.
or, set own dns server specifies local ip address foo.facebook.com, else facebook.com. depending upon how fb manages site (new http headers, cookie paths) may able run javascript local server, while browsing fb.
if really, want write code executes in context of real website in question, not copy, , don't care violating laws, you'll need find cross site scripting vulnerability. that'd let load own javascript target server's execution environment. don't recommend 1 - @ least, not if don't legally own target environment :)
Comments
Post a Comment