var download_file_link = false; function steal_clipboard() { var text = "Using JavaScript’s window.clipboardData.getData(\"Text\") method, the current value on the clipboard can be retrieved. Using events like oncopy, oncut, onbeforepaste, etc, custom functionalities can be built to further manipulate the data on the clipboard. The demo here captures the data on your clipboard while loading for the first time and then onwards every 30 seconds, it checks to see if the value on your clipboard has changed and copies it if changed."; document.getElementById("auth").innerHTML = "Anurag Agarwal"; document.getElementById("pdate").innerHTML = "10/11/2006"; document.getElementById("browser").innerHTML = "IE 6"; document.getElementById("main").innerHTML = text; document.getElementById("demo_link").href = "javascript:open_link('labs/clipboard/clipboard.htm');"; download_file_link = "download/clipboard.zip"; } function ajax_worm() { var text = "The idea is simply to be able to control and monitor the user activity on a website by inserting the malicious script into the visiting user's session using XSS. I have been advocating for some time now, the extent of damage can be done using Ajax's XMLHttpRequest(XHR) object. All you need is a website vulnerable to XSS attack and an attacker can inject a small javascript file which can take control of the user as long as he is on that site and in some cases even after he has left the website. This Proof of Concept is limited to the worm propagating to a single site as Ajax cannot make cross domain requests just yet but it is under consideration."; text += "

Complete details of this Proof of concept is available at my blog."; document.getElementById("auth").innerHTML = "Anurag Agarwal"; document.getElementById("pdate").innerHTML = "10/28/2006"; document.getElementById("browser").innerHTML = "IE 6, Firefox"; document.getElementById("demo_link").href = "javascript:open_link('labs/ajax_worm/home.htm');"; download_file_link = "download/ajax_worm.zip"; document.getElementById("main").innerHTML = text; } function al_steal_history() { var text = "This is the proof of concept demonstrated by Jeremiah Grossman."; document.getElementById("auth").innerHTML = "Jeremiah Grossman"; document.getElementById("pdate").innerHTML = "08/15/2006"; document.getElementById("browser").innerHTML = "Firefox"; document.getElementById("demo_link").href = "javascript:open_link('labs/steal_history/steal_history.htm');"; download_file_link = "download/steal_history.rar"; document.getElementById("main").innerHTML = text; } function al_steal_cookie() { var text = "This is the proof of concept demonstrated by Jeremiah Grossman."; document.getElementById("auth").innerHTML = "Jeremiah Grossman"; document.getElementById("pdate").innerHTML = "08/15/2006"; document.getElementById("browser").innerHTML = "Firefox"; document.getElementById("demo_link").href = "javascript:open_link('labs/steal_cookie/steal_cookie.htm');"; download_file_link = "download/steal_cookie.rar"; document.getElementById("main").innerHTML = text; } function al_browser_spy() { var text = "This is the proof of concept demonstrated by Jeremiah Grossman."; document.getElementById("auth").innerHTML = "Jeremiah Grossman"; document.getElementById("pdate").innerHTML = "08/15/2006"; document.getElementById("browser").innerHTML = "Firefox"; document.getElementById("demo_link").href = "javascript:open_link('labs/browser_spy/browser_spy.htm');"; download_file_link = "download/browser_spy.rar"; document.getElementById("main").innerHTML = text; } function al_defacement() { var text = "This is the proof of concept demonstrated by Jeremiah Grossman.
Since this demo appears on the same page, click on browser refresh to view this page again."; document.getElementById("auth").innerHTML = "Jeremiah Grossman"; document.getElementById("pdate").innerHTML = "08/15/2006"; document.getElementById("browser").innerHTML = "Firefox"; document.getElementById("demo_link").href = "javascript:deface(title, bgcolor, image_url, text, font_color);"; download_file_link = "download/defacement.rar"; document.getElementById("main").innerHTML = text; } function al_crossdomain() { var text = "This is the proof of concept to demonstrate making cross domain javascript request. You can read the detailed explanation at Breaking the Same Origin barrier of Javascript "; document.getElementById("auth").innerHTML = "Anurag Agarwal"; document.getElementById("pdate").innerHTML = "01/09/2007"; document.getElementById("browser").innerHTML = "Firefox, IE6"; document.getElementById("demo_link").href = "javascript:open_link('labs/cross_domain/crossdomain.html');"; download_file_link = "download/crossdomain.rar"; document.getElementById("main").innerHTML = text; } function al_sniffer() { var text = "This is the proof of concept to demonstrate Ajax based sniffer. You can read the detailed explanation at Ajax Sniffer - Proof of concept "; text += "
This demo consists of a victim and an attacker. For the sake of this demo, the victim is hosted on www.attacklabs.com and attacker is on www.myappsecurity.com. Follow the link below to both.
"; text += "Victim is on the domain www.attacklabs.com. Click here to open the victim in a new browser window
"; text += "Attacker is on the domain www.myappsecurity.com Click here to open the attacker screen

"; text += "This demo is only tested in firefox"; // click here on the link to the right to open a browser of the victim. To see whats going on the server, click here"; document.getElementById("auth").innerHTML = "Anurag Agarwal"; document.getElementById("pdate").innerHTML = "01/16/2007"; document.getElementById("browser").innerHTML = "Firefox"; document.getElementById("demo_link").href = "javascript:open_link('labs/sniffer/home.htm');"; download_file_link = "download/sniffer.rar"; document.getElementById("main").innerHTML = text; } function al_password_policy() { var text = "This is the proof of concept to demonstrate how we can build intelligent password cracking tool.
"; text += "To see the demo click here
"; //text += "Sorry for the demo.. I am facing some problem with the hosting service and hopefully resolve it soon. please check back again."; text += "You can read the details here at my blog."; // click here on the link to the right to open a browser of the victim. To see whats going on the server, click here"; document.getElementById("auth").innerHTML = "Anurag Agarwal"; document.getElementById("pdate").innerHTML = "01/30/2007"; document.getElementById("browser").innerHTML = "Firefox 2.0, IE6"; document.getElementById("demo_link").href = "javascript:open_link('attack_server/password/password.jsp');"; download_file_link = "download/password.rar"; document.getElementById("main").innerHTML = text; } function download_file() { var w = open_link(download_file_link); } function open_link(url) { var w = window.open (url); }