One Article Review
| Source |  Errata Security |
|---|---|
| Identifiant | 318953 |
| Date de publication | 2017-02-20 21:20:33 (vue: 2017-02-20 21:20:33) |
| Titre | Skillz: editing a web page |
| Texte | So one of the skillz you ought to have in cybersec is messing with web-pages client-side using Chrome's Developer Tools. Web-servers give you a bunch of HTML and JavaScript code which, once it reaches your browser, is yours to change and play with. You can do a lot with web-sites that they don't intend by changing that code.Let me give you an example. It's only an example -- touching briefly on steps to give you an impression what's going on. It's not a ground up explanation of everything, which you may find off-putting. Click on the images to expand them so you can see fully what's going on.Today is the American holiday called "Presidents Day". It's actually not a federal holiday, but a holiday in all 50 states. Originally it was just Washington's birthday (February 22), but some states choose to honor other presidents as well, hence "Presidents Day".Thus of us who donated to Donald Trump's campaign (note: I donated to all candidates campaigns back in 2015) received an email today suggesting that to honor Presidents Day, we should "sign a card" for Trump. It's a gross dis-honoring of the Presidents the day is supposed to commemorate, but whatever, it's the 21st century. Okay, let's say we want to honor the current President with a bunch of 🖕🖕🖕🖕 in order to point out his crassness of exploiting this holiday, and clicked on the URL [*], and filled it in as such (with multiple skin tones for the middle finger, just so he knows its from all of us): Okay, now we hit the submit button "Add My Name" in order to send this to his campaign. The only problem is, the web page rejects us, telling us "Please enter a valid name" (note, I'm changing font sizes in these screen shots so you can see the message): This is obviously client side validation of the field. It's at this point that we go into Developer Tools in order to turn it off. One way is to [right-click] on that button, and from the popup menu, select "Inspect", which gets you this screen (yes, the original page is squashed to the left-hand side): |
| Envoyé | Oui |
| Condensat | return this return true element function 2015 21st :okay :this :we ;from ;we above accepted actually add addmethod addmethod function again again:this all always american among amusing anything anyway are aren around asks back bad below bewildering birthday bottom briefly browser bunch but button call called campaign campaigns can candidates card censor century change changing checking choose chrome classic click clicked clicking client close code com commemorate conclusionso console contains country crassness ctrl current cybersec day developer didn different dis doesn doing don donald donaldtrump donate donated donations done down edit editing element else email emoji enough enter entire every everything example expand explanation exploiting expression:jquery february federal holiday field file files filled find finger flag fly foiled follow following font founders from fully function get gets give gives going got gross ground had hand have hence here his hit holiday honor honoring hopefully how html html5 icon ðÿâ€Â images impression input inspect instead intend isname its javascript jquery just know knows least left let like line located:if look lot lowercase making matches may meaning menu message messing middle misspelled more mucking multiple name near need new next not note note: nothing novalidate now obviously of ðÿ–•ðÿ–•ðÿ–•ðÿ–• off okay once one only open optional order original originally other ought ourselves out override page pages people play please point popped popup possible president presidents press previously problem professional pull purpose putting reached reaches received register registered registers regular rejected rejects remember: request response response:darn results returns right run say screen screenshot script scripts search see select selected send server servers shift shots should shown side sign single sites sizes skill skillz skillz: skin solution some source sources specifically squashed states step steps submit succeed successfully such suggesting supposed sure tab telling term test that them then therefore these those thought thus time today tones tools touching track trim true trump turn turned type typed undefined unicode unlike url used users using valid validates validation validation of validator value want washington way web webpage well went what whatever when where which who will window windows work would write you your yours zillion |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.