historydumper.htm

AttackAPI提供简单而直观的web可编程接口

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
	<head>
		<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
		<link rel="stylesheet" href="styles/screen.css" type="text/css"/>
		<script src="scripts/jquery.js" type="text/javascript"></script>
		<script src="scripts/init.js" type="text/javascript"></script>
		<title>title</title>
	</head>
	<body>
		<h1 id="header">title</h1>
		<ul id="navigation"></ul>
		
		<div class="message">The following technique bypasses in a clever way the browser security model in order to dump user's history.</div>
		<form>
			<label for="links">links</label><br/>
			<textarea name="links" cols="50" rows="10">http://www.google.com
http://mail.google.com
http://www.yahoo.com
http://www.gnucitizen.org
http://www.securityfocus.com
http://www.nba.com</textarea><br/>
			<label for="result">result</label><br/>
			<textarea name="result" cols="50" rows="10"></textarea><br/>
			<input name="lazyDump" value="Lazy Dump" type="button"/>
			<input name="reset" value="Reset" type="button"/>
		</form>
		
		<script src="../lib/AttackAPI/AttackAPI.js" type="text/javascript"></script>
		<script src="../lib/AttackAPI/HistoryDumper.js" type="text/javascript"></script>
		<script type="text/javascript">
			$('input[@name="lazyDump"]').click(function () {
				var form = $(this).parent().get(0);
				var links = form.links.value.split("\n");
				AttackAPI.HistoryDumper.lazyDump(function (link, status) {
					form.result.value += link + ' ' + status + "\n";
				}, links);
			});
			
			$('input[@name="reset"]').click(function () {
				$(this).parent().get(0).result.value = '';
			});
		</script>
		
		<p id="footer"><a href="http://www.gnucitizen.org">GNUCITIZEN</a> &copy; 2006 all rights reserved</p>
	</body>
</html>