XSS - Capture all Mouse Clicks and Redirect: JS for Pentesters task 6 write up

Oct 25, 2014 • jsp, javascript, securitytube, xss

Writeup for task-6 for javascript for pentesters series by security-tube - Capturing mouse clicks and redirect

Till now, we have covered several challenge write up from Pentester Academy but this is the first time we are going to make use of  an event handler to get our task done. So basically what is an event Handler ? Let us say we have a situation in which we need to execute a function when the user clicks on a button in the webpage or hover over on something. In order to accomplish this, we can use JavaScript event Handlers.

JS for Pentesters task 6

Our objective is to Capture all Mouse Clicks and Redirect to http://PentesterAcademy.com. Let us see how can we approach to solve the problem. Basically what we need to do is simple. We need to see if user does any click on the webpage and if he does, we will redirect the page to Pentester Academy. Let us see how the payload looks:

    <script>
    function windowEvent(){
    window.location.replace("http://pentesteracademy.com");
    }
    window.captureEvents(Event.CLICK);
    window.onclick=windowEvent;
    </script>

Here, what we do is, we use the window.captureEvents(Event.CLICK) to see if the user made any clicks on the particular window.  Then what we do is that on the event of a click, we will call a function to execute (User defined function) called windowEvent. Inside the windowEvent function, we will use the window.location.replace() which will redirect the user to the webpage we specify. In short, when user clicks anywhere on the page, the function is triggered and the user is redirected to a new site.

Note:

1) While playing with XSS challenges, it is always recommended to use Mozilla Firefox because Google chrome has inbuilt XSS stopper which will stop us from executing arbitrary JavaScript code even if the page is vulnerable to XSS. So its strongly recommended to use Firefox instead of chrome.

2) You have to URL encode the payload before the injection via the url parameter or else this will fail to work

We hope that you really liked this challenge. If there is anything you didn’t understand or wanted to get more clarity, please comment down and we are more than happy to help. Also, if you get a better way of solving the challenge, please share it with us and we are happy to learn from our readers too. Happy pentesting..

Anirudh Anand

Product Security ♥ | CTF - @teambi0s | Security Trainer - @7asecurity | certs - eWDP, OSCP, OSWE