What's new
By:
Filters
Runion

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Run the JS from button, like it would be in a bookmark.

B

bigguapo

Light Weight
Депозит
$0
Hello!

I need the victim to open a specific website and then open the JS code that will be stored in a bookmark. The other, better option that im not sure if possible is the JS button that will open a URL, but within that url area will be javascript. When i run the code below it cuts of the "javascript:" part and leaves only "alert('Hello Cocksucker!')". I know there is many people who work with XSS. Does someone here knows how to make this JS run?

<button onclick="openSite()">Open Site</button>

<script>
function openSite() {
window.open("javascript:alert('Hello Cocksucker!');", "_blank");
}
</script>
 
you can't redirect them to raw javascript, otherwise you would be seeing browser malware left and right and would make the sandboxing pointless.

your best option is to social engineer them with a landing page into dragging your code into their bookmark tab and then running it from there if they are on a desktop. there are plenty of these malicious bookmarks landing pages appearing on maldvertisments already and you could easily copy the html/css and modify it to your needs.

for mobile, you would need to instruct them how to add raw javascript into their bookmarks. keep this javascript small and obfuscated by having it call out to retrieve the full script from an online source.
Последнее редактирование: 24.06.2023
 
You must log in or register to reply here.
Top