Loop through Array
nodes = document.querySelectorAll('[id^=node]');
nodes.forEach((x, i) => x.dispatchEvent(new MouseEvent('mouseover', {'bubbles': true})));"
Resource: https://stackoverflow.com/questions/3010840/loop-through-an-array-in-javascript
Submit POST request without reloading page
As an added bonus, this will also print the response output to the DOM.
Do not run this in production - it has vulnerabilities in it.
<!doctype html>
<html lang="en">
<head>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<script>
$(document).ready(function () {
// Create a compute node for the specified email and
// return its public IP address.
function createCompute() {
// Handle the POST request and subsequent response data.
$.ajax({
type: "POST",
email: $("#email").val(),
url:
"https://awesomeendpoint.com?email=" + $("#userEmail").val() + "",
crossDomain: true,
xhrFields: {
withCredentials: true,
},
dataType: "text",
success: function (data, textStatus, xhr) {
if (textStatus === "success") {
$("#responseDiv").html("<p>" + data + "<br>");
}
},
error: function (data, textStatus, xhr) {
if (textStatus != "success") {
$("#responseDiv").html("<p>" + data.responseText + "<br>");
}
},
});
}
// Submit the createCompute Form
$("#createCompute").submit(function (event) {
// Prevent the form from submitting via the browser's default action.
event.preventDefault();
createCompute();
});
});
</script>
</head>
<body>
<!-- The form to specify parameters for building an ec2 instance for a user-->
<form id="createCompute">
<input id="userEmail" type="hidden" name="email" value="bob@gmail.com" />
<button type="submit" class="btn btn-default">Build compute node</button>
</form>
<!-- Output Div -->
<div id="responseDiv"></div>
</body>
</html>
Resources:
- How to send a POST request with JQuery
- How to send POST parameters in URL instead of the request body
- Fix parseerror by setting
dataTypeto"text"
Copy value to clipboard
Input the following into the chrome console to copy the token value to the clipboard:
var copyToken = token;
copy(copyToken);
Resource: https://timleland.com/how-to-copy-variable-from-chrome-dev-tools-console/
List application-specific globals
Copy and paste this into a devtools console:
{
const standardGlobals = new Set([
"window",
"self",
"document",
"name",
"location",
"customElements",
"history",
"locationbar",
"menubar",
"personalbar",
"scrollbars",
"statusbar",
"toolbar",
"status",
"closed",
"frames",
"length",
"top",
"opener",
"parent",
"frameElement",
"navigator",
"origin",
"external",
"screen",
"innerWidth",
"innerHeight",
"scrollX",
"pageXOffset",
"scrollY",
"pageYOffset",
"visualViewport",
"screenX",
"screenY",
"outerWidth",
"outerHeight",
"devicePixelRatio",
"clientInformation",
"screenLeft",
"screenTop",
"defaultStatus",
"defaultstatus",
"styleMedia",
"onsearch",
"isSecureContext",
"performance",
"onappinstalled",
"onbeforeinstallprompt",
"crypto",
"indexedDB",
"webkitStorageInfo",
"sessionStorage",
"localStorage",
"onabort",
"onblur",
"oncancel",
"oncanplay",
"oncanplaythrough",
"onchange",
"onclick",
"onclose",
"oncontextmenu",
"oncuechange",
"ondblclick",
"ondrag",
"ondragend",
"ondragenter",
"ondragleave",
"ondragover",
"ondragstart",
"ondrop",
"ondurationchange",
"onemptied",
"onended",
"onerror",
"onfocus",
"onformdata",
"oninput",
"oninvalid",
"onkeydown",
"onkeypress",
"onkeyup",
"onload",
"onloadeddata",
"onloadedmetadata",
"onloadstart",
"onmousedown",
"onmouseenter",
"onmouseleave",
"onmousemove",
"onmouseout",
"onmouseover",
"onmouseup",
"onmousewheel",
"onpause",
"onplay",
"onplaying",
"onprogress",
"onratechange",
"onreset",
"onresize",
"onscroll",
"onseeked",
"onseeking",
"onselect",
"onstalled",
"onsubmit",
"onsuspend",
"ontimeupdate",
"ontoggle",
"onvolumechange",
"onwaiting",
"onwebkitanimationend",
"onwebkitanimationiteration",
"onwebkitanimationstart",
"onwebkittransitionend",
"onwheel",
"onauxclick",
"ongotpointercapture",
"onlostpointercapture",
"onpointerdown",
"onpointermove",
"onpointerup",
"onpointercancel",
"onpointerover",
"onpointerout",
"onpointerenter",
"onpointerleave",
"onselectstart",
"onselectionchange",
"onanimationend",
"onanimationiteration",
"onanimationstart",
"ontransitionrun",
"ontransitionstart",
"ontransitionend",
"ontransitioncancel",
"onafterprint",
"onbeforeprint",
"onbeforeunload",
"onhashchange",
"onlanguagechange",
"onmessage",
"onmessageerror",
"onoffline",
"ononline",
"onpagehide",
"onpageshow",
"onpopstate",
"onrejectionhandled",
"onstorage",
"onunhandledrejection",
"onunload",
"alert",
"atob",
"blur",
"btoa",
"cancelAnimationFrame",
"cancelIdleCallback",
"captureEvents",
"clearInterval",
"clearTimeout",
"close",
"confirm",
"createImageBitmap",
"fetch",
"find",
"focus",
"getComputedStyle",
"getSelection",
"matchMedia",
"moveBy",
"moveTo",
"open",
"postMessage",
"print",
"prompt",
"queueMicrotask",
"releaseEvents",
"requestAnimationFrame",
"requestIdleCallback",
"resizeBy",
"resizeTo",
"scroll",
"scrollBy",
"scrollTo",
"setInterval",
"setTimeout",
"stop",
"webkitCancelAnimationFrame",
"webkitRequestAnimationFrame",
"chrome",
"caches",
"ondevicemotion",
"ondeviceorientation",
"ondeviceorientationabsolute",
"originAgentCluster",
"cookieStore",
"showDirectoryPicker",
"showOpenFilePicker",
"showSaveFilePicker",
"speechSynthesis",
"onpointerrawupdate",
"trustedTypes",
"crossOriginIsolated",
"openDatabase",
"webkitRequestFileSystem",
"webkitResolveLocalFileSystemURL",
]);
for (const key of Object.keys(window)) {
if (!standardGlobals.has(key)) {
console.log(key);
}
}
}
Send POST request
Input the following into the chrome console (after modifying the vars) to send a POST request with some data:
const url = "https://www.hackthebox.eu/api/invite/generate";
const method = "POST";
const requestData = {
title: "foo",
body: "bar",
userId: 1,
};
const headers = {
"Content-type": "application/json; charset=UTF-8",
};
fetch(url, {
method: method,
body: JSON.stringify(requestData),
headers: headers,
})
.then((res) => res.json())
.then(console.log);
Resource: https://www.codegrepper.com/code-examples/css/how+to+make+a+post+request+in+chrome+console
Wait for element at input XPath
function waitForElement(xpath) {
return new Promise((resolve) => {
var observer = new MutationObserver(() => {
if (
document.evaluate(
xpath,
document,
null,
XPathResult.FIRST_ORDERED_NODE_TYPE,
null,
).singleNodeValue
) {
resolve();
observer.disconnect();
}
});
observer.observe(document.body, {
childList: true,
subtree: true,
});
});
}
Click button with input text
// Function to handle clicking a button
function clickButtonWithInnerText(text) {
// Get all buttons
var buttons = document.querySelectorAll("button");
for (var i = 0; i < buttons.length; i++) {
// If the button's inner text matches the given text
if (buttons[i].innerText.toLowerCase() === text.toLowerCase()) {
// Click the button
buttons[i].click();
break;
}
}
}
Framework Detection
// Check React
function isReactLoaded() {
return window.React !== undefined;
}
// Check Vue
function isVueLoaded() {
return window.Vue !== undefined;
}
// Check Angular
function isAngularLoaded() {
return window.angular !== undefined;
}