XSS - Capture all Mouse Clicks and Redirect: JS for Pentesters task 6 write up
JS for Pentesters task 6
Our objective is to Capture all Mouse Clicks and Redirect to http://PentesterAcademy.com. Let us see how can we approach to solve the problem. Basically what we need to do is simple. We need to see if user does any click on the webpage and if he does, we will redirect the page to Pentester Academy. Let us see how the payload looks:
Here, what we do is, we use the window.captureEvents(Event.CLICK) to see if the user made any clicks on the particular window. Then what we do is that on the event of a click, we will call a function to execute (User defined function) called windowEvent. Inside the windowEvent function, we will use the window.location.replace() which will redirect the user to the webpage we specify. In short, when user clicks anywhere on the page, the function is triggered and the user is redirected to a new site.
2) You have to URL encode the payload before the injection via the url parameter or else this will fail to work
We hope that you really liked this challenge. If there is anything you didn’t understand or wanted to get more clarity, please comment down and we are more than happy to help. Also, if you get a better way of solving the challenge, please share it with us and we are happy to learn from our readers too. Happy pentesting..