hacktricks/pentesting-web/xss-cross-site-scripting/other-js-tricks.md

# Vidokezo vingine vya JS & Habari muhimu

<details>

<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>

* Je, unafanya kazi katika **kampuni ya usalama wa mtandao**? Je, ungependa kuona **kampuni yako ikionekana katika HackTricks**? Au ungependa kupata ufikiaji wa **toleo jipya zaidi la PEASS au kupakua HackTricks kwa muundo wa PDF**? Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa kipekee wa [**NFTs**](https://opensea.io/collection/the-peass-family)
* Pata [**swag rasmi ya PEASS & HackTricks**](https://peass.creator-spring.com)
* **Jiunge na** [**💬**](https://emojipedia.org/speech-balloon/) [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **nifuatilie** kwenye **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Shiriki vidokezo vyako vya kudukua kwa kuwasilisha PRs kwenye** [**repo ya hacktricks**](https://github.com/carlospolop/hacktricks) **na** [**repo ya hacktricks-cloud**](https://github.com/carlospolop/hacktricks-cloud).

</details>

## Fuzzing ya Javascript

### Herufi Halali za Maoni ya JS
```javascript
//This is a 1 line comment
/* This is a multiline comment*/
#!This is a 1 line comment, but "#!" must to be at the beggining of the line
-->This is a 1 line comment, but "-->" must to be at the beggining of the line


for (let j = 0; j < 128; j++) {
for (let k = 0; k < 128; k++) {
for (let l = 0; l < 128; l++) {
if (j == 34 || k ==34 || l ==34)
continue;
if (j == 0x0a || k ==0x0a || l ==0x0a)
continue;
if (j == 0x0d || k ==0x0d || l ==0x0d)
continue;
if (j == 0x3c || k ==0x3c || l ==0x3c)
continue;
if (
(j == 47 && k == 47)
||(k == 47 && l == 47)
)
continue;
try {
var cmd = String.fromCharCode(j) + String.fromCharCode(k) + String.fromCharCode(l) + 'a.orange.ctf"';
eval(cmd);
} catch(e) {
var err = e.toString().split('\n')[0].split(':')[0];
if (err === 'SyntaxError' || err === "ReferenceError")
continue
err = e.toString().split('\n')[0]
}
console.log(err,cmd);
}
}
}
//From: https://balsn.tw/ctf_writeup/20191012-hitconctfquals/#bounty-pl33z

// From: Heyes, Gareth. JavaScript for hackers: Learn to think like a hacker (p. 43). Kindle Edition.
log=[];
for(let i=0;i<=0xff;i++){
for(let j=0;j<=0xfff;j++){
try {
eval(`${String.fromCodePoint(i,j)}%$£234$`)
log.push([i,j])
}catch(e){}
}
}
console.log(log)//[35,33],[47,47]
```
### Tabia Sahihi za Mstari Mpya za JS

Katika JavaScript, kuna tabia sahihi za mstari mpya ambazo zinaweza kutumika kwa ufanisi katika mashambulizi ya XSS (Cross-Site Scripting). Hapa chini ni orodha ya tabia hizo:

- `\n`: Inawakilisha mstari mpya.
- `\r`: Inawakilisha kurudi nyuma kwenye mwanzo wa mstari.
- `\u2028`: Inawakilisha Unicode Line Separator.
- `\u2029`: Inawakilisha Unicode Paragraph Separator.

Kwa kutumia tabia hizi sahihi za mstari mpya, unaweza kujaribu kuvunja usalama wa tovuti na kuingiza msimbo mbaya wa JavaScript. Ni muhimu kutambua kuwa tabia hizi zinaweza kutofautiana kulingana na jukwaa na mazingira ya utekelezaji wa JavaScript.
```javascript
//Javascript interpret as new line these chars:
String.fromCharCode(10) //0x0a
String.fromCharCode(13) //0x0d
String.fromCharCode(8232) //0xe2 0x80 0xa8
String.fromCharCode(8233) //0xe2 0x80 0xa8

for (let j = 0; j < 65536; j++) {
try {
var cmd = '"aaaaa";'+String.fromCharCode(j) + '-->a.orange.ctf"';
eval(cmd);
} catch(e) {
var err = e.toString().split('\n')[0].split(':')[0];
if (err === 'SyntaxError' || err === "ReferenceError")
continue;
err = e.toString().split('\n')[0]
}
console.log(`[${err}]`,j,cmd);
}
//From: https://balsn.tw/ctf_writeup/20191012-hitconctfquals/#bounty-pl33z
```
### Nafasi Halali za JS katika wito wa kazi

Unapojaribu kufanya mashambulizi ya XSS (Cross-Site Scripting), mara nyingi unahitaji kuingiza msimbo wa JavaScript ndani ya kificho cha HTML. Hata hivyo, kuna njia ambazo unaweza kutumia ili kuficha msimbo wako wa JavaScript ili usigunduliwe na filters au scanners.

Moja ya njia hizi ni kutumia nafasi halali za JavaScript katika wito wa kazi. Kwa kawaida, nafasi zote za ziada zinaondolewa wakati wa kuchanganua kificho cha JavaScript. Hata hivyo, kuna nafasi halali ambazo zinaweza kutumiwa bila kusababisha makosa.

Nafasi halali za JavaScript ni pamoja na:

- Nafasi ya kawaida: ` `
- Tab: `\t`
- Mstari mpya: `\n`
- Kurudi nyuma: `\r`
- Kichwa cha mshale: `\v`
- Kichwa cha mshale kilichopindika: `\f`
- Nafasi ya sifuri: `\u200b`

Unaweza kutumia nafasi hizi halali za JavaScript katika wito wa kazi ili kuficha msimbo wako wa JavaScript na kuepuka kugunduliwa na filters au scanners. Hii inaweza kuwa njia muhimu ya kufanikisha mashambulizi ya XSS.
```javascript
// Heyes, Gareth. JavaScript for hackers: Learn to think like a hacker (pp. 40-41). Kindle Edition.

// Check chars that can be put in between in func name and the ()
function x(){}

log=[];
for(let i=0;i<=0x10ffff;i++){
try {
eval(`x${String.fromCodePoint(i)}()`)
log.push(i)
}catch(e){}
}

console.log(log)v//9,10,11,12,13,32,160,5760,8192,8193,8194,8195,8196,8197,8198,8199,8200,8201,8202,813 232,8233,8239,8287,12288,65279
```
### **Herufi Halali za Kuzalisha Maneno**

The following characters can be used to generate strings:

- Alphabets: A-Z, a-z
- Numbers: 0-9
- Special characters: ! @ # $ % ^ & * ( ) - _ = + [ ] { } | \ : ; " ' < > , . ? / ` ~

---

Herufi zifuatazo zinaweza kutumika kuzalisha maneno:

- Herufi za alfabeti: A-Z, a-z
- Nambari: 0-9
- Herufi maalum: ! @ # $ % ^ & * ( ) - _ = + [ ] { } | \ : ; " ' < > , . ? / ` ~
```javascript
// Heyes, Gareth. JavaScript for hackers: Learn to think like a hacker (pp. 41-42). Kindle Edition.

// Check which pairs of chars can make something be a valid string
log=[];
for(let i=0;i<=0x10ffff;i++){
try {
eval(`${String.fromCodePoint(i)}%$£234${String.fromCodePoint(i)}`)
log.push(i)
}catch(e){}
}
console.log(log) //34,39,47,96
//single quote, quotes, backticks & // (regex)
```
### **Surrogate Pairs BF**

Tekniki hii haitakuwa na faida sana kwa XSS lakini inaweza kuwa na faida ya kuzunguka ulinzi wa WAF. Msimbo huu wa python unapokea kama kuingiza 2bytes na inatafuta jozi za mbadala ambazo zina byte ya kwanza kama byte ya mwisho ya jozi ya mbadala ya juu na byte ya mwisho kama byte ya mwisho ya jozi ya mbadala ya chini.
```python
def unicode(findHex):
for i in range(0,0xFFFFF):
H = hex(int(((i - 0x10000) / 0x400) + 0xD800))
h = chr(int(H[-2:],16))
L = hex(int(((i - 0x10000) % 0x400 + 0xDC00)))
l = chr(int(L[-2:],16))
if(h == findHex[0]) and (l == findHex[1]):
print(H.replace("0x","\\u")+L.replace("0x","\\u"))
```
Maelezo zaidi:

* [https://github.com/dreadlocked/ctf-writeups/blob/master/nn8ed/README.md](https://github.com/dreadlocked/ctf-writeups/blob/master/nn8ed/README.md)
* [https://mathiasbynens.be/notes/javascript-unicode](https://mathiasbynens.be/notes/javascript-unicode) [https://mathiasbynens.be/notes/javascript-encoding](https://mathiasbynens.be/notes/javascript-encoding)

### Kufanya Fuzzing kwa Itifaki ya `javascript{}:`
```javascript
// Heyes, Gareth. JavaScript for hackers: Learn to think like a hacker (p. 34). Kindle Edition.
log=[];
let anchor = document.createElement('a');
for(let i=0;i<=0x10ffff;i++){
anchor.href = `javascript${String.fromCodePoint(i)}:`;
if(anchor.protocol === 'javascript:') {
log.push(i);
}
}
console.log(log)//9,10,13,58
// Note that you could BF also other possitions of the use of multiple chars

// Test one option
let anchor = document.createElement('a');
anchor.href = `javascript${String.fromCodePoint(58)}:alert(1337)`;
anchor.append('Click me')
document.body.append(anchor)

// Another way to test
<a href="&#12;javascript:alert(1337)">Test</a>
```
### Kufanya majaribio ya URL

URL Fuzzing ni mbinu ya kufanya majaribio ya URL kwa kuingiza data isiyo halali au ya kipekee ili kugundua udhaifu katika programu ya wavuti. Mbinu hii inaweza kutumiwa kugundua mashimo ya usalama kama vile XSS (Cross-Site Scripting) na SQL injection.

Kuna njia kadhaa za kufanya majaribio ya URL kwa kutumia URL Fuzzing:

1. **Parameter Fuzzing**: Kwa kubadilisha thamani ya vigezo katika URL, unaweza kujaribu kugundua udhaifu. Kwa mfano, unaweza kubadilisha thamani ya vigezo kama "id" au "user" na kuingiza data isiyo halali kama herufi zisizo za kawaida au maandishi ya kipekee.

2. **Path Fuzzing**: Kwa kubadilisha sehemu ya njia ya URL, unaweza kujaribu kugundua udhaifu. Kwa mfano, unaweza kubadilisha sehemu ya njia kama "/admin" au "/profile" na kuingiza data isiyo halali au ya kipekee.

3. **Extension Fuzzing**: Kwa kubadilisha kipengee cha ugani wa faili katika URL, unaweza kujaribu kugundua udhaifu. Kwa mfano, unaweza kubadilisha ugani wa faili kama ".php" au ".html" na kuingiza ugani usio wa kawaida au wa kipekee.

Kwa kufanya majaribio ya URL kwa kutumia URL Fuzzing, unaweza kugundua udhaifu ambao unaweza kutumiwa na wadukuzi kutekeleza mashambulizi ya XSS au SQL injection. Ni muhimu kwa watengenezaji wa programu ya wavuti kufanya majaribio ya usalama kwa kutumia mbinu hii ili kugundua na kurekebisha udhaifu kabla ya kuwa katika hatari ya shambulio.
```javascript
// Heyes, Gareth. JavaScript for hackers: Learn to think like a hacker (pp. 36-37). Kindle Edition.

// Before the protocol
a=document.createElement('a');
log=[];
for(let i=0;i<=0x10ffff;i++){
a.href = `${String.fromCodePoint(i)}https://hacktricks.xyz`;
if(a.hostname === 'hacktricks.xyz'){
log.push(i);
}
}
console.log(log) //0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32

// Between the slashes
a=document.createElement('a');
log=[];
for(let i=0;i<=0x10ffff;i++){
a.href = `/${String.fromCodePoint(i)}/hacktricks.xyz`;
if(a.hostname === 'hacktricks.xyz'){
log.push(i);
}
}
console.log(log) //9,10,13,47,92
```
### Kufanya majaribio ya HTML

HTML fuzzing ni mbinu ya kujaribu kuvunja usalama wa tovuti kwa kuingiza data isiyo salama au isiyotarajiwa katika vitu vya HTML. Hii inaweza kusababisha matatizo kama vile XSS (Cross-Site Scripting) au matumizi mabaya ya vitu vya HTML.

Kuna njia kadhaa za kufanya majaribio ya HTML fuzzing:

1. **Kuingiza maandishi yasiyotarajiwa**: Jaribu kuingiza maandishi yasiyotarajiwa katika vitu vya HTML kama vile mashamba ya fomu, viungo, au maeneo ya maandishi. Kwa mfano, jaribu kuingiza herufi za kipekee, herufi za kigeni, au maandishi yasiyofaa.

2. **Kuingiza herufi maalum**: Jaribu kuingiza herufi maalum kama vile alama za punctuation, herufi za kipekee, au herufi za kigeni katika vitu vya HTML. Kwa mfano, jaribu kuingiza alama za punctuation kama vile ishara ya swali (?), ishara ya alama (!), au ishara ya nukta (.) katika maeneo ya maandishi.

3. **Kuingiza kanuni za JavaScript**: Jaribu kuingiza kanuni za JavaScript katika vitu vya HTML kama vile mashamba ya fomu au viungo. Hii inaweza kusababisha XSS (Cross-Site Scripting) ikiwa tovuti haijachuja au kuzuia kanuni za JavaScript zisizotarajiwa.

4. **Kuingiza vitambulisho vya HTML**: Jaribu kuingiza vitambulisho vya HTML visivyotarajiwa katika vitu vya HTML. Kwa mfano, jaribu kuingiza vitambulisho vya HTML kama vile <script>, <img>, au <iframe> katika maeneo ya maandishi.

Ni muhimu kukumbuka kuwa majaribio ya HTML fuzzing yanapaswa kufanywa kwa uangalifu na kwa idhini ya mmiliki wa tovuti. Kufanya majaribio haya bila idhini inaweza kuwa kinyume cha sheria na kusababisha madhara makubwa.
```javascript
// Heyes, Gareth. JavaScript for hackers: Learn to think like a hacker (p. 38). Kindle Edition.

// Fuzzing chars that can close an HTML comment

let log=[];
let div = document.createElement('div');
for(let i=0;i<=0x10ffff;i++){
div.innerHTML=`<!----${String.fromCodePoint(i)}><span></span>-->`;
if(div.querySelector('span')){
log.push(i);
}
}
console.log(log)//33,45,62
```
## **Uchambuzi wa sifa**

Zana ya **Hackability inspector** kutoka Portswigger inasaidia **uchambuzi** wa **sifa** za kitu cha javascript. Angalia: [https://portswigger-labs.net/hackability/inspector/?input=x.contentWindow\&html=%3Ciframe%20src=//subdomain1.portswigger-labs.net%20id=x%3E](https://portswigger-labs.net/hackability/inspector/?input=x.contentWindow\&html=%3Ciframe%20src=//subdomain1.portswigger-labs.net%20id=x%3E)

## **Faili za .map js**

* Mbinu ya kupakua faili za .map js: [https://medium.com/@bitthebyte/javascript-for-bug-bounty-hunters-part-2-f82164917e7](https://medium.com/@bitthebyte/javascript-for-bug-bounty-hunters-part-2-f82164917e7)
* Unaweza kutumia zana hii kuchambua faili hizi [https://github.com/paazmaya/shuji](https://github.com/paazmaya/shuji)

## "--" Uteuzi

Msimamizi wa kupunguza `--` pia ni uteuzi. Msimamizi huyu huchukua thamani na kisha hupunguza kwa moja. Ikiwa thamani hiyo sio nambari, itawekwa kama `NaN`. Hii inaweza kutumika kuondoa maudhui ya pembeni kutoka kwa mazingira.

![](<../../.gitbook/assets/image (553).png>)

![](<../../.gitbook/assets/image (554).png>)

## Mbinu za Kazi

### .call na .apply

Mbinu ya **`.call`** ya kazi hutumiwa kuendesha kazi.\
**Hoja ya kwanza** inayotarajiwa kwa chaguo-msingi ni **thamani ya `this`** na ikiwa **hakuna** kinachotolewa, **`window`** itakuwa thamani hiyo (isipokuwa **`strict mode`** inatumika).
```javascript
function test_call(){
console.log(this.value); //baz
}
new_this={value:"hey!"}
test_call.call(new_this);

// To pass more arguments, just pass then inside .call()
function test_call() {
console.log(arguments[0]); //"arg1"
console.log(arguments[1]); //"arg2"
console.log(this); //[object Window]
}
test_call.call(null, "arg1", "arg2")

// If you use the "use strict" directive "this" will be null instead of window:
function test_call() {
"use strict";
console.log(this); //null
}
test_call.call(null)

//The apply function is pretty much exactly the same as the call function with one important difference, you can supply an array of arguments in the second argument:
function test_apply() {
console.log(arguments[0]); //"arg1"
console.log(arguments[1]); //"arg2"
console.log(this); //[object Window]
}
test_apply.apply(null, ["arg1", "arg2"])
```
### Arrow functions

Arrow functions inaruhusu kuunda kazi kwa urahisi zaidi kwa mstari mmoja (ikiwa unawaelewa)
```javascript
// Traditional
function (a){ return a + 1; }
// Arrow forms
a => a + 100;
a => {a + 100};

// Traditional
function (a, b){ return a + b + 1; }
// Arrow
(a, b) => a + b + 100;

// Tradictional no args
let a = 4;
let b = 2;
function (){ return a + b + 1; }

// Arrow
let a = 4;
let b = 2;
() => a + b + 1;
```
Kwa hiyo, kazi nyingi za awali hazina maana kwa sababu hatuzihifadhi mahali popote ili tuweze kuzitumia. Kwa mfano, kuunda kazi ya `plusone`:
```javascript
// Traductional
function plusone (a){ return a + 1; }

//Arrow
plusone = a => a + 100;
```
### Kazi ya kufunga

Kazi ya kufunga inaruhusu kuunda **nakala** ya **kazi** na kubadilisha **kitu cha `this`** na **parameta** zilizotolewa.
```javascript
//This will use the this object and print "Hello World"
var fn = function ( param1, param2 ) {
console.info( this, param1, param2 );
}
fn('Hello', 'World')

//This will still use the this object and print "Hello World"
var copyFn = fn.bind();
copyFn('Hello', 'World')

//This will use the "console" object as "this" object inside the function and print "fixingparam1 Hello"
var bindFn_change = fn.bind(console, "fixingparam1");
bindFn_change('Hello', 'World')

//This will still use the this object and print "fixingparam1 Hello"
var bindFn_thisnull = fn.bind(null, "fixingparam1");
bindFn_change('Hello', 'World')

//This will still use the this object and print "fixingparam1 Hello"
var bindFn_this = fn.bind(this, "fixingparam1");
bindFn_change('Hello', 'World')
```
{% hint style="info" %}
Tafadhali kumbuka kwamba kwa kutumia **`bind`** unaweza kubadilisha kitu cha **`this`** ambacho kitatumika wakati wa kuita kazi.
{% endhint %}

### Kuvuja kwa nambari ya kazi

Ikiwa unaweza **kupata kifaa** cha kazi unaweza **kupata nambari** ya kazi hiyo
```javascript
function afunc(){
return 1+1;
}
console.log(afunc.toString()); //This will print the code of the function
console.log(String(afunc)); //This will print the code of the function
console.log(this.afunc.toString()); //This will print the code of the function
console.log(global.afunc.toString()); //This will print the code of the function
```
Katika kesi ambapo **kazi haina jina**, bado unaweza kuchapisha **msimbo wa kazi** kutoka ndani:
```javascript
(function (){ return arguments.callee.toString(); })()
(function (){ return arguments[0]; })("arg0")
```
Baadhi ya njia **za kubahatisha** za **kuchukua msimbo** wa kazi (hata maoni) kutoka kwa kazi nyingine:
```javascript
(function (){ return retFunc => String(arguments[0]) })(a=>{/* Hidden commment */})()
(function (){ return retFunc => Array(arguments[0].toString()) })(a=>{/* Hidden commment */})()
(function (){ return String(this)}).bind(()=>{ /* Hidden commment */ })()
(u=>(String(u)))(_=>{ /* Hidden commment */ })
(u=>_=>(String(u)))(_=>{ /* Hidden commment */ })()
```
## Kutoroka kwenye Sanduku - Kurejesha kipengele cha dirisha

Kipengele cha Dirisha kinawezesha kufikia kazi zilizofafanuliwa kimataifa kama vile onyo (alert) au tathmini (eval).

{% code overflow="wrap" %}
```javascript
// Some ways to access window
window.eval("alert(1)")
frames
globalThis
parent
self
top //If inside a frame, this is top most window

// Access window from document
document.defaultView.alert(1)
// Access document from a node object
node = document.createElement('div')
node.ownerDocument.defaultView.alert(1)

// There is a path property on each error event whose last element is the window
<img src onerror=event.path.pop().alert(1337)>
// In other browsers the method is
<img src onerror=event.composedPath().pop().alert(1337)>
// In case of svg, the "event" object is called "evt"
<svg><image href=1 onerror=evt.composedPath().pop().alert(1337)>

// Abusing Error.prepareStackTrace to get Window back
Error.prepareStackTrace=function(error, callSites){
2   callSites.shift().getThis().alert(1337);
3 };
4 new Error().stack

// From an HTML event
// Events from HTML are executed in this context
with(document) {
with(element) {
//executed event
}
}
// Because of that with(document) it's possible to access properties of document like:
<img src onerror=defaultView.alert(1337)>
<img src onerror=s=createElement('script');s.append('alert(1337)');appendChild(s)>
```
{% endcode %}

## Kuvunja kwenye ufikiaji wa thamani
```javascript
// Stop when a property in sessionStorage or localStorage is set/get
// via getItem or setItem functions
sessionStorage.getItem = localStorage.getItem  = function(prop) {
debugger;
return sessionStorage[prop];
}

localStorage.setItem = function(prop, val) {
debugger;
localStorage[prop] = val;
}
```

```javascript
// Stop when anyone sets or gets the property "ppmap" in any object
// For example sessionStorage.ppmap
// "123".ppmap
// Useful to find where weird properties are being set or accessed
// or to find where prototype pollutions are occurring

function debugAccess(obj, prop, debugGet=true){

var origValue = obj[prop];

Object.defineProperty(obj, prop, {
get: function () {
if ( debugGet )
debugger;
return origValue;
},
set: function(val) {
debugger;
origValue = val;
}
});
};

debugAccess(Object.prototype, 'ppmap')
```
## Upatikanaji wa Kivinjari cha Kiotomatiki kwa majaribio ya mizigo

Unapotafuta kwa njia ya kawaida ya kuingiza mizigo ya XSS kwenye wavuti, inaweza kuwa ngumu kujua ikiwa mizigo yako inafanya kazi vizuri au la. Kwa bahati nzuri, kuna njia ya kupata ufikiaji wa kivinjari cha kiotomatiki ili uweze kujaribu mizigo yako moja kwa moja.

Kuna zana kadhaa zinazopatikana ambazo zinaweza kukusaidia kufikia hili. Moja ya njia rahisi ni kutumia kivinjari cha kiotomatiki kama vile Selenium au Puppeteer. Zana hizi zinaweza kusanidiwa kufungua kivinjari, kuingia kwenye wavuti unayotaka kujaribu, na kutekeleza mizigo yako ya XSS kiotomatiki.

Kwa mfano, ikiwa unatumia Selenium na Python, unaweza kuandika skripti ambayo inafungua kivinjari, kuingia kwenye wavuti, na kuingiza mizigo yako ya XSS kwenye maeneo tofauti ya wavuti. Kisha, unaweza kuchambua majibu ya kivinjari ili kuona ikiwa mizigo yako inafanya kazi vizuri au la.

Kwa kutumia njia hii, unaweza kujaribu mizigo yako ya XSS kwa urahisi na kwa haraka, na kupata matokeo ya moja kwa moja kutoka kwa kivinjari. Hii inaweza kuwa njia yenye ufanisi zaidi ya kuhakikisha kuwa mizigo yako ya XSS inafanya kazi vizuri kabla ya kuitekeleza kwenye wavuti halisi.
```javascript
//Taken from https://github.com/svennergr/writeups/blob/master/inti/0621/README.md
const puppeteer = require("puppeteer");

const realPasswordLength = 3000;
async function sleep(ms) {
return new Promise((resolve) => setTimeout(resolve, ms));
}

(async () => {
const browser = await puppeteer.launch();
const page = await browser.newPage();
//Loop to iterate through different values
for (let i = 0; i < 10000; i += 100) {
console.log(`Run number ${i}`);
const input = `${"0".repeat(i)}${realPasswordLength}`;
console.log(`  https://challenge-0621.intigriti.io/passgen.php?passwordLength=${input}&allowNumbers=true&allowSymbols=true&timestamp=1624556811000`);
//Go to the page
await page.goto(
`https://challenge-0621.intigriti.io/passgen.php?passwordLength=${input}&allowNumbers=true&allowSymbols=true&timestamp=1624556811000`
);
//Call function "generate()" inside the page
await page.evaluate("generate()");
//Get node inner text from an HTML element
const passwordContent = await page.$$eval(
".alert .page-content",
(node) => node[0].innerText
);
//Transform the content and print it in console
const plainPassword = passwordContent.replace("Your password is: ", "");
if (plainPassword.length != realPasswordLength) {
console.log(i, plainPassword.length, plainPassword);
}

await sleep(1000);
}
await browser.close();
})();
```
<details>

<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>

* Je, unafanya kazi katika **kampuni ya usalama wa mtandao**? Je, ungependa kuona **kampuni yako ikionekana katika HackTricks**? Au ungependa kupata ufikiaji wa **toleo jipya zaidi la PEASS au kupakua HackTricks kwa muundo wa PDF**? Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa kipekee wa [**NFTs**](https://opensea.io/collection/the-peass-family)
* Pata [**swag rasmi ya PEASS & HackTricks**](https://peass.creator-spring.com)
* **Jiunge na** [**💬**](https://emojipedia.org/speech-balloon/) [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **nifuatilie** kwenye **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwenye** [**repo ya hacktricks**](https://github.com/carlospolop/hacktricks) **na** [**repo ya hacktricks-cloud**](https://github.com/carlospolop/hacktricks-cloud).

</details>