0

The Idea and Question

I am looking for something that functions to what amounts to JavaScript injectection, but safer. This idea can be most effectively observed by your broswer's console and start noodling with something like document.getElementById('btnSubmit').value = 'I took over your button'; after a quick inspection of the site in question. I would effectively would like to amend an established website to a local machine for the purpose of pre-filling fields as an exercise of efficiency in a work process.

The Background

I am well aware of the issue of XSS, howerver, JavaScript seems to be the best candidate for accessing elements with a document read in by a browser, and JavaScript injection is the only feasible method of sort of accomplishing this idea, but that's just from my limited perspective. Many of the processes in question requires duplicate data input in more than one system where at least one of the data input sources is at least controllable by a proprietary server-side language. I am open to suggestion, however, I think the question itself is interesting.

Bergi
  • 630,263
  • 148
  • 957
  • 1,375
Chad Harrison
  • 2,836
  • 4
  • 33
  • 50
  • You might look into something like Selenium to automate field pre-filling. – Polyov Aug 09 '16 at 00:41
  • 1
    There are browser add-ons like GreaseMonkey or TamperMonkey that allow you to identify a particular page or set of pages and apply some Javascript to the every time your browser loads that page. – jfriend00 Aug 09 '16 at 00:42
  • I don't understand what you want to achieve. Is it you who does the injection? Is it you who serve the page? What should and what should not be possible to achieve via injection? – Oriol Aug 09 '16 at 00:42
  • @Oriol OP seem to be building yet-another-web-form-auto-filler... Similar to AutoIt maybe (http://stackoverflow.com/questions/24028901/how-to-fill-web-forms-automatically-in-autoit-script-using-firefox-instead-of-ie) – Alexei Levenkov Aug 09 '16 at 00:44
  • 3
    As others have mentioned, all this have been done before and all this is possible. It depends on your use-case. For example, at my current job we use phantom.js (a scriptable web browser) to take screenshots of 3rd party websites. There's everything from GreaseMonkey to Selenium to phantom.js to zombie.js. Most people use them for testing, some (mostly GreaseMonkey users) use them to customise websites (like SO) by adding features themselves and some (like Google) use them for web scraping javascript-heavy websites. – slebetman Aug 09 '16 at 00:45
  • It's a little more to it than just form filling. The intent is to couple this with some JQuery to help with validation to an external website for the purpose of auto filling information if possible. The "injection" would about to being the business logic related to the validation using local SQL server instances. – Chad Harrison Aug 09 '16 at 00:47
  • 2
    So you want to inject JS code to someone's page when you view it in your computer. Luckily for you JS is client side and runs in your PC, where you have full control. So you can just do it. I don't understand your safety concerns. – Oriol Aug 09 '16 at 00:52
  • Well then the question becomes how/when the injection should occur. I believe Internet Explorer's console isn't even defined unless it's open which presents the problem from a UX perspective. But as a workaround, IE can be invoked with a URL as an argument. Not sure if that's an effective injection point. – Chad Harrison Aug 09 '16 at 00:56
  • Also, there's no real safety concern on my own, but it's XSS issue is what I believe to be the heart of not having an external handle to the console of browser, or I just simply don't know how to get at it. – Chad Harrison Aug 09 '16 at 01:00
  • http://stackoverflow.com/questions/2656730/internet-explorer-console – Chad Harrison Aug 09 '16 at 01:07

0 Answers0