Wednesday, March 25, 2009

Editing webpages with JavaScript snippet

So, most of you will no doubt know that you can execute JavaScript from the URL bar and how useful it can be. For example, you could view the text is password fields which has proved to be useful on several occassions (alert document.form1.passwordField.text) . An interesting JS snippet I came across was:

javascript:document.body.contentEditable='true'; document.designMode='on'; void 0

Just type that into the URL, then you can start editing the webpage you are viewing straight from the browser.

Tuesday, March 10, 2009

Disable HtmlUnit logging

HtmlUnit is a pretty decent scriptable browser. I use it for developing alot of website scrapers and various bots. By default, the logging to the standard output stream is pretty verbose. A quick way to disable it programmatically is to add the following static initializer to your code:

   static {
        LogFactory.getFactory().setAttribute("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.NoOpLog");
    }

Strings are immutable in Java. Really, Mr. Anderson?

Take a look at the following code, the output is not what you may expect ;)

//MindWarp.java
public class MindWarp 
{
  public static void main(String[] args)
  {
    System.out.println(MR_ANDERSON);
  }
  private static final String MR_ANDERSON = "Adam, RIM Security Researcher";
  private static final Warper warper = new Warper();
//The hackers class ;)
}


//Warper.java - Hacks the String object which is on the heap....
import java.lang.reflect.*;

public class Warper 
{
  private static Field stringValue;
  
static 
{
    try
    {
      stringValue = String.class.getDeclaredField("value");    
//String has a private char [] called "value"
    }
    catch(NoSuchFieldException ex)
    {
//Should deploy a safety net here i.e enumerate a char[] incase the variable inside the String class is not called "value"
        ex.printStackTrace(); 
    }
    if (stringValue != null) {
      stringValue.setAccessible(true); // make field public ;)
    }
  }
  public Warper() {
    try {
//String must be same length, otherwise IndexOutOfBoundsException
      stringValue.set("Adam, RIM Security Researcher", "You have been hacked! ! ! ! !".toCharArray()); 
    } catch(IllegalAccessException ex) {} // shhh
  }
}