I'm developing a robot click protection. Of course, it is far from perfect. It is just an extra layer of security as the main protection involves server side log analysis.
Have you any ideas how I could use javascript to detect a fake click fired using javascript? And also, how could a user simulate a perfect, realistic and undetectable human click using javascript?
Related
I'm trying to figure out a way to perform a trusted event programmatically in the browser.
https://developer.mozilla.org/en-US/docs/Web/API/Event/isTrusted
I know it says it's a readonly event but I figure there must be some sort of work around if the user really wants it. After all the browser/frontend is entirely client side so you should be able to manipulate it yourself if you so choose (via some option in the browser etc)
I came across this answer https://stackoverflow.com/a/53488689/3097821 but I can't figure out to to implement it.
It can either be a click or a keyboard event.
Can anybody help me out on this?
Web content cannot generate a trusted event under any circumstances -- that is the whole point. Some actions don't care if an event is trusted or not (clicking a link, for example), but some do need to distinguish between a legitimate user-triggered event and a synthetic one create by untrusted web content.
Web Extensions are assumed to be working on the user's behalf, so they are allowed to create trusted events.
I am creating a WordPress website for a client. This website offers support for victims of abuse, and my client wishes for a "panic" button on the website that, when clicked, either:
a) sends the user to a specified website (for example google.com) and then erases the history of the Back button
b) opens a specified website in a new tab (which eliminates the Back button issue) and then closes the current one.
I tried adding a simple button like this:
<button onclick="window.close();">Close</button>
But then I get this in the console:
[Warning] Can't close the window since it was not opened by JavaScript
If this is not possible to do by using Javascript, are there any other ways I can go about doing it?
Not possible.
The problem you're up against is that the browser doesn't allow Javascript to control things like opening and closing tabs, and rightly so. A web page really shouldn't be able to access or control things outside of its tab, this is a concept called sandboxing. Web pages are free to play in their own sandbox, but aren't allowed to know about or change things outside their sandbox. "Browser history" and "Other tabs" are both outside your web page's sandbox.
It's not that this is impossible in JavaScript, it's going to be impossible for any well designed browser, full stop. It's not a question of what technology you could use to accomplish this, it's a behavior that's explicitly prohibited by design. If you could do this on a major browser, you would probably be offered a bug bounty. Imagine what a malicious actor could do with the ability to modify the history in the back button, or to close other tabs.
Beyond that, I'm concerned about the approach that your employer is taking. Abusers are often more technically savvy than their victims, and a "panic button" like that won't even affect the browser's overall history, let alone defeat any advanced monitoring like spyware, or a fancy router's DNS monitoring. Victims of abuse should be discouraged from using devices or networks they believe are compromised and should seek help through trusted and secure channels of communication. I'm troubled that any sort of "panic button" functionality could create a false sense of security for a user that is not security-savvy.
I am making a web app similar to instagram and i want to detect and call a function whenever a user takes the screenshot, is their any way to implement this with javascript?
Currently, there is no way to handle a screenshot event through javascript. The screenshot functionality of phones simply has no connection to the browser.
I'm working on a javascript based web application. I have a webpage which has nothing but a button. When I click this button, it pulls data from another website and stores it in my Mongo database.
I need to automate this button click. That is, even without opening the website and clicking the button, the 'pulling data from another website and storing it in my database' should happen.
I literally do nothing but click a single button. So I believe this can be made automated and run automatically without human intervention at regular interval. (example: I need this process done everyday at 6 PM). Is this possible at all?
P.S: I've heard of Selenium but it isn't clear whether selenium would do this. Even if that's the case, I can't seem to use the tool. I was able to download a '.jar' file but it doesn't even open.
Appreciate any help!
You can almost certainly automated the click of a button with selenium, however, selenium works by opening a web browser and then interacting with different items as if it were a person. This would work, although it may be more resource intensive than you want.
Have you though about setting up the data pull to run via a console command/something else, which you could then automate without dealing with a GUI?
How do services such as Clicktale (and other heatmapping sites) report time on page and mouse movements etc back to their servers using one javascript file?
I understand Google Analytics does it via a gif image but that is only called once. How do you constantly send data back? (Can't use ajax because of cross site scripting limitations).
Cheers, Tim
Take a look at NodeJS, it's an event driven javascript I/O library. Some impressive things have been done with it. See this example which tracks mouse movements and distributes the activity.