javascript:document.body.contentEditable='true'; document.designMode='on'; void 0
Just type that into the URL, then you can start editing the webpage you are viewing straight from the browser.
Wednesday, March 25, 2009
Editing webpages with JavaScript snippet
So, most of you will no doubt know that you can execute JavaScript from the URL bar and how useful it can be. For example, you could view the text is password fields which has proved to be useful on several occassions (alert document.form1.passwordField.text) . An interesting JS snippet I came across was:
Tuesday, March 10, 2009
Disable HtmlUnit logging
HtmlUnit is a pretty decent scriptable browser. I use it for developing alot of website scrapers and various bots. By default, the logging to the standard output stream is pretty verbose. A quick way to disable it programmatically is to add the following static initializer to your code:
static {
LogFactory.getFactory().setAttribute("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.NoOpLog");
}
Strings are immutable in Java. Really, Mr. Anderson?
Take a look at the following code, the output is not what you may expect ;)
//MindWarp.java
public class MindWarp
//MindWarp.java
public class MindWarp
{
public static void main(String[] args)
{
System.out.println(MR_ANDERSON);
}
private static final String MR_ANDERSON = "Adam, RIM Security Researcher";
private static final Warper warper = new Warper(); //The hackers class ;)
}
//Warper.java - Hacks the String object which is on the heap....
import java.lang.reflect.*;
public class Warper
public static void main(String[] args)
{
System.out.println(MR_ANDERSON);
}
private static final String MR_ANDERSON = "Adam, RIM Security Researcher";
private static final Warper warper = new Warper(); //The hackers class ;)
}
//Warper.java - Hacks the String object which is on the heap....
import java.lang.reflect.*;
public class Warper
{
private static Field stringValue;
static
private static Field stringValue;
static
{
try
{
stringValue = String.class.getDeclaredField("value"); //String has a private char [] called "value"
}
catch(NoSuchFieldException ex)
{
try
{
stringValue = String.class.getDeclaredField("value"); //String has a private char [] called "value"
}
catch(NoSuchFieldException ex)
{
//Should deploy a safety net here i.e enumerate a char[] incase the variable inside the String class is not called "value"
ex.printStackTrace();
}
if (stringValue != null) {
stringValue.setAccessible(true); // make field public ;)
}
}
public Warper() {
try {
ex.printStackTrace();
}
if (stringValue != null) {
stringValue.setAccessible(true); // make field public ;)
}
}
public Warper() {
try {
//String must be same length, otherwise IndexOutOfBoundsException
stringValue.set("Adam, RIM Security Researcher", "You have been hacked! ! ! ! !".toCharArray());
} catch(IllegalAccessException ex) {} // shhh
}
}
stringValue.set("Adam, RIM Security Researcher", "You have been hacked! ! ! ! !".toCharArray());
} catch(IllegalAccessException ex) {} // shhh
}
}
Subscribe to:
Posts (Atom)