Warning: possibly involves a set of programming bad practices to bypass security features.
We're developing a bundle of scripts that extract public information from some website. I use ViolentMonkey to inject scripts in the website, which uses Google's reCAPTCHA (see example).
To bypass it, I installed Buster: Captcha Solver, a very neat extension which places an icon on reCAPTCHA frames which, upon clicked, switches to audio solving mode and tries to transcribe the audio. It will fail every other attempt, but it's quite helpful.
The thing is: Buster detects reCAPTCHA is loaded - there doesn't seem to be enough a reason for it to require a user click. I wouldn't say it defeats the purpose, but I would rather have it run automatically. I even injected a pre-click which pops open the reCAPTCHA modal (and yes, it works), but I can't force-click Buster's icon because it is enclosed in a closed shadow DOM.
Buster basically uses shadowRoot.appendChild(), so I tried setting #run-at document-start and tampering with HTMLElement.prototype.attachShadow:
HTMLElement.prototype.attachShadow = function(args) {
return this;
};
This would theoretically make shadowRoot.appendChild() append the child directly to the node itself, but Buster is still able to attach the shadow DOM regardless. I believe overwriting HTMLElement.prototype will only work for the current global scope, and Buster is sandboxed in its own extension's environment. Had it worked, something like this would most likely be possible:
// and yeah, that's really all I'm trying to achieve
document.querySelector('.button-holder.help-button-holder')
.shadowRoot
.getElementById('solver-button')
.click();
I thought of compiling a modified version of Buster's source code in which I simply use .attachShadow({mode: 'open'}) so my scripts can finally access its button, but that'd be too much of a hassle right now. I also can but don't want to use tools outside of Chrome (like AutoHotkey) for this.
TL;DR
How can I programmatically click an element inside a closed shadow DOM with ViolentMonkey/TamperMonkey?
Related
I have a suspicion some users have toolbars, plugins, malware or something, which is running some javascript in their browser when visiting our site, and this javascript is messing up the functions on our pages.
Can my javascript see which javascripts have been loaded from other files, i.e. by http://some.site/script.js'> ?
Open the developer tools on your browser (usually with F12). Then check the network section/tab, it will list all resources loaded into the current document.
If you want to find scripts loaded by a page and you are not able to access the dev tools, you can search the DOM for script tags. This will only find scripts that were loaded by the DOM (which is quite typical). But it will not find scripts loaded through xhr requests and then eval-ed and it will not find scripts loaded by browser extensions.
But, this may still help you somewhat. You can do something like this:
console.log(window.document.getElementsByTagName("script"))
This will log all loaded scripts to the console. Alternatively, you can analyze this in the client and pop up a bright big warning message if you see something suspicious.
To capture other kinds of requests, you might be able to add a wrapper to the xhr send method, like this:
XMLHttpRequest.prototype.send = function () {
// do some checking of the request
// do the actual request
this.send();
}
I haven't tried this, so there may be some caveats, like I'm not sure if all browser engines allow you to redefine methods of built-in types. But it is worth trying out.
Your question is interesting but the motivation is wrong, IMO. What leads you to believe that "something" is messing up your JavaScript? Can you reproduce the issue? Even if some kind of bookmarklet is clobbering global JavaScript code, you (as a developer) have the ability to check for proper functionality and polyfill if needed.
If you look more closely at your code and why it's not doing what you expect, I expect that you're going to find that malware/toolbars/plugins are the not to blame.
Isolate the code that is failing and reproduce the behavior.
I'm working on a Safari extension now, but I haven't been able to find a way to access any of the extension's settings from within the start script. I can access them just fine from the end script by getting them from messages to the global.html file. However, when I try that in the start script, I never seem to get a response back from global.html. Does anyone know a solution to this? Or am I just overlooking something?
When you use a start script, you are injecting it and accessing that page's DOM. Rather than making calls against the SafariExtension class, you'll want to make them against the SafariContentExtension class. This is a relatively minor difference, but it makes all the difference when you are accessing extension functionality from an injected script rather than a global page.
EDIT: Since answering this question a couple of days ago, I've begun working on adding a custom settings page to my own Safari extension. It appears that you can only access the baseURI variable of your extension using the SafariContentExtension class. Apparently Apple won't give that class the same access as the full SafariExtension one.
I am trying to reverse-engineer a website I don't own, figuring out how some dumb "encryption" works, in order to be able to carry out some operations automatically, by taking the functionality outside the browser.
One of the files is of particular interest, let's call it javascript.js. It is linked in the HTML document like this
<script src="/javascript.js" type="text/javascript"></script>
I have
deobfuscated javascript.js
pretty-printed its code
My question is now, considering that I'm using venkman and firefox, how to replace the on-site obfuscated javascript.js with my own pretty-printed code, in order to learn how it works.
Any other tool beside venkman should do, as long as I can still step through the deobfuscated code.
Additional question (just in case I may come cross this related situation):
How to do the same if the javascript.js would be emdedded inline in the html code like <script>code</script>?
For those of you wondering about how legal this is, my question is not the first about reverse-engineering on SO: https://stackoverflow.com/questions/tagged/reverse-engineering
Apparently there's no problem with those questions, why should there be one with mine?
My objective is to understand the code AND my question is about the TOOLS, as in "where to point and click" or which tool could help me (if venkman cannot).
You could also always use an intercepting proxy (something like Paros) which will allow you to replace any part of the response any way you like. So when the browser requests the JS file, you can catch the response in Paros, replace the content with your version, and you're done. I often use Paros for other things where I need that interception or observation point, and it's pretty simple and quite numerous in its possible applications. It's basically just a matter of running it and setting your browser proxy settings to use a proxy at localhost on the port Paros is listening on. You can then tell Paros to actually stop and allow you to edit the request or response just by checking a couple of boxes. Hope that helps.
This is going to be very difficult, if not impossible, to do without using browser debugging / extension features like GreaseMonkey or Chrome's Extension API. The reason being that if you don't get involved in the page load sequence, the obfuscated code will already have been run, setting up JavaScript objects, event handlers, etc., etc. You'd have to ensure that your new script replaced those objects and event handlers, which would be complicated and difficult.
With GreaseMonkey or Chrome Extensions or similar on whatever browser you're using, I'd expect it to be possible to detect the page loading script X and replace it with your local script Y. These things run at that level, they get involved in the process.
But despite your goals being aboveboard, debugging on someone else's site is a bad idea. If you introduce a bug through the deobfuscation process, or in the process of trying to understand the code, well that may at least waste time at the other end. I wouldn't be happy with people trying to do it on a site I was running. (That said, a site should be able to handle anything a client throws at it, because you can't trust anything coming from the client side.)
Instead of debugging on their site, I'd probably do my best to record (via Firebug or Chrome/Safari's Dev Tools, etc.) a sample ajax interaction, and then set up a dummy page on my own local server that would simply echo that interaction, playback style. Then you can experiment to your heart's content without risking throwing weird stuff at the site in question. I'd consider it unethical for me to play around in that way with someone else's site, whether they should be able to handle it or not.
Way 1:
Export the web page that uses the code to your drive (I know for sure Opera, Firefox and Chrome supports this - ctrl+s - make sure to save all content). They download all linked content (css, scripts, images), and fix the url's so the downloaded ones are loaded instead. Then replace the javascript file you want to debug and open the downloaded html in a browser, say firefox with firebug, and start debugging. This should work unless the page is heavily ajaxified.
Way 2:
I've managed to get this working in Google Chrome (v8.0.552.215 - I need to update BTW) on a page that has no jQuery (for example w3c.org) - try it yourself, just copy paste it in the address bar and wait for the page to disappear :)
javascript:(eval("var script=document.createElement('script');script.src='http://code.jquery.com/jquery-1.4.4.min.js'; document.getElementsByTagName('head')[0].appendChild(script);window.setTimeout(\"$('body').fadeOut(5000);\", 2000)"));
The script shows up in the scripts section of the console (CTRL+SHIFT+J) and you can set breakpoints. So something like this should work (feel free to modify):
javascript:(eval("for (var allsuspects=document.getElementsByTagName('script'), i=allsuspects.length, oldfile=prompt('Remove script src:'); oldfile && i>=0; i--) if (allsuspects[i] && allsuspects[i].getAttribute('src')!=null && allsuspects[i].getAttribute('src').indexOf(oldfile)!=-1) allsuspects[i].parentNode.removeChild(allsuspects[i]);var script=document.createElement('script');script.src = prompt('Inject script src:');document.getElementsByTagName('head')[0].appendChild(script);"));
The script expanded and explained:
for (var allsuspects=document.getElementsByTagName('script'), i=allsuspects.length, oldfile=prompt('Remove script src:'); oldfile && i>=0; i--)
if (allsuspects[i] && allsuspects[i].getAttribute('src')!=null && allsuspects[i].getAttribute('src').indexOf(oldfile)!=-1)
allsuspects[i].parentNode.removeChild(allsuspects[i]); // remove old script
var script=document.createElement('script'); // inject new script
script.src = prompt('Inject script src:');
document.getElementsByTagName('head')[0].appendChild(script);
The script works only in Chrome (maybe in Safari too?). I've tried Firefox, IE and Opera, but none of them worked. I would guess that there might also be an issue if the file is not available online (if you use you use the 'file://').
UPDATE: also works in Chrome v8.0.552.224
I am looking into methods to inject javascript into any webpage loaded in the browser, so that I can traverse through the page's DOM. I use JQUERY for my scripting needs.
Method should work in all browsers.
I tried using IFRAME and adding some html into it, but I cant. Please suggest some ways.
Try using Greasemonkey: http://www.greasespot.net/. You can use it to execute custom scripts on page load for any website you want. You can find some basic tutorials here: http://wiki.greasespot.net/Tutorials.
I suggest to create a page with two iframes one to navigate to the designated website and other to get DOM Objects.
in the first one navigate to the site and then select its HTML and
append it in the body of the second Iframe.
iframe2.contentWindow.document.body.innerHTML = iframe1.contentWindow.document.body.innerHTML
then traverse the DOM Objects inside the second Iframe with your custom functions
There are a couple of approaches to solve this problem.
Using BookMarklet
You can create a simple bookmarklet which injects jQuery on the page and you can open Dev Console in your favorite browser and try out your DOM inspection using jQuery or whatever you want to try out.
Use Requestly Chrome Extension
You can use Requestly Script Rule to insert scripts on any webpage. Since your post mentions that you need jQuery, Requestly provides an option to include jQuery as well.
So with a simple click, you can write jQuery supported code without worrying about how jQuery will come in the page. Check these screenshots for reference :-
Script Rule Selection
Sample Script Supported by jQuery
Advantages
A Couple of advantages with using Requestly
You can share the script with other Users using the Requestly Share feature
jQuery is by default supported
After creating the rule, you can simply disable it once you are not using it.
Requestly is available on Firefox as well as Chrome so you can run your script cross-browser.
PS: This may be an older post but answering here because the question is still relevant.
Disclaimer: I am the founder of Requestly So you blame me if you don't like something.
You could create a bookmarklet (see http://en.wikipedia.org/wiki/Bookmarklet) which in turn can add a node to the page, with the src pointing to where your own javascript is located. Onde the script node gets added it will run.
You can find more details on http://www.johnvey.com/features/deliciousdirector/ under "how does it work?". This way you can have a bookmark in your bookmarks bar which, when click, will add your script to any page you happen to be on.
I'm using for Chrome TamperMonkey to add custom scripts for a specific web page which is as well awesome and I can really recommend it.
If I understand correctly, you want to execute a javascript code in any websites you are using in any browser. That means you have to go browser by browser different applications. In chrome supports extension same as firefox, edge, safari browsers supports add-ons. You can add the relevant extension to do that. I am using a scripting extension, that can run the given script whenever I open the page with same URL given in the script. Likewise you have to find different applications for different browsers.
You can't run Javascript on arbitrary Web pages that you do not control the content of. It would be a huge security hole if that were not true.
Think about it: you could run Javascript and wait for someone to log on to their internet banking and then do something with the characters input.
Take a look at jquery JSON and Wikipedia's JSON page.
Alternatively you can simply add a <script> tag to the document:
$("head").append('<script src="..." type="text/javascript"></script>');
This will load the javascript file.
I'm trying to find all instances of an advert on a website. The advert is in an iframe which is loaded by javascript (it doesn't appear at all if javascript is turned off). Detecting the advert itself is extremely simple, both the name of the flash file and the target of the href always contain a certain string.
What would be the best "starting point" for achieving this? At the moment I'm considering an Adobe AIR app, which could crawl the site and examine the DOM to find the ad, and would run javascript and load the content of the iframe. The other option I can think of is using Firefox as the platform (using maybe GreaseMonkey or Selenium? I don't really know how to leverage Firefox like this).
Does anyone know of anything suitable to build this, or have any suggestions on using Firefox to do it?
Extra details:
Being CPU intensive isn't really an issue, nor is anything depending on a browser being open. This doesn't need to run on a headless server, it will be running on a powerful desktop box. OS is also not an issue. It would be advantageous if the crawler loaded each page multiple times, as the advert is in rotation. While the crawler does need to execute the javascript and load the content of the iframe, it does not need to be able to display flash files.
An alternative to using a "browser as a crawler" is using HTMLUnit as the page says, it's:
HtmlUnit is a "GUI-Less browser for Java programs". It models HTML documents and provides an API that allows you to invoke pages, fill out forms, click links, etc... just like you do in your "normal" browser.
It has fairly good JavaScript support (which is constantly improving) and is able to work even with quite complex AJAX libraries, simulating either Firefox or Internet Explorer depending on the configuration you want to use.
I think You don't want a crawler. You are going to run it on a single page and not want it to look around the internet through links, right?
If so - You want to find something on the page with javascript on. You then just have to use javascript.
You'll need:
the site :)
correct rights to access its content - use greasemonkey for FF or user scripts in Opera
a code similar to this jQuery sampe:
finding stuff in iframes:
$('iframe').each(function(){
$(this).contents().find('object').each(function(){
if($(this).attr('name').match(/regex/)){
$(this).remove(); //or do whatever You want
}
});
});
caution: accessing iframe contents may differ in browsers and is influenced by time when You run the script
If the ad is only displayed when javascript is enabled, you are going to have a problem, as no crawler is going to be able to read the web page in that matter.
Is there something in the javascript code itself that could be a tipoff to where the add is displayed? If so, maybe you can check that.
I've tried similar stuff before, and I used BeautifulSoup in python, and it worked really well.