Created
November 19, 2019 17:45
-
-
Save Zemnmez/b5f231e4ff76031ac540b0a8651e6a96 to your computer and use it in GitHub Desktop.
attempt to recursively hook iframe postMessages (doesn't work due to browser security policies)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
((() => { | |
console.log("postMessage hook added"); | |
new MutationObserver((mutations, observer) => { | |
const flatten = (a,c) => a.concat(c); | |
const allNodes = mutations.filter(({ type }) => type == "childList") | |
.map(({ addedNodes }) => Array.from(addedNodes)).reduce(flatten, []); | |
allNodes | |
.forEach(parentNode => { | |
if (!parentNode.getElementsByTagName) return; | |
[...parentNode.getElementsByTagName("iframe")].forEach(iframe => { | |
let x = iframe.contentWindow.postMessage; | |
console.log("hooked", iframe); | |
iframe.contentWindow.postMessage = function(...a) { | |
console.log(`SEND to`, iframe, `${a}`); | |
x.apply(iframe, [...a]); | |
} | |
}) | |
}) | |
}).observe(document.documentElement, {childList: true, subtree: true }); | |
window.addEventListener("message", e => console.log(`RCV from`, e.origin, {...e})) | |
})(),false); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment