Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Crazy need to ENABLE cross site scripting

Tags:

javascript

google-chrome

firefox

apache

xss

Yes, I need to enable cross site scripting for internal testing of an application I am working on. I would have used Chrome's disable-xss-auditor or disable-web-security switches, but it looks like they are no longer included in the chrome build:

http://src.chromium.org/svn/trunk/src/chrome/common/chrome_switches.cc

What I am basically trying to achieve is to have a javascript application running locally on pages served by Apache (also running locally) be allowed to run scripts from a resource running on another server on our network.

Failing a way to enable xss for Firefox, Chrome, or my least favourite - IE, would there be a way to run some kind of proxy process to modify headers to allow the xss to happen? Any quick way to use Apache mod rewrite or some such to do this?

Again, this is for testing only. In production, all these scripts run from the same server, so there isn't even a need to sign them, but during development and testing, it is much easier to work only on the parts of the application you are concerned with and not have to run the rest that requires an full-on application server setup.

like image 727
ogradyjd Avatar asked Mar 22 '12 12:03

ogradyjd

2 Answers

What are asking for isn't cross-site scripting (which is a type of security vulnerability in which user input (e.g. from the URL) is injected into the page in such a way that third party scripts could be added via a link).

If you just want to run a script on a different server, then just use an absolute URI.

<script src="http://example.com/foo.js"></script>

If you need to perform Ajax requests to a remote server, use CORS or run a proxy on the current origin.

Again, this is for testing only

Just for testing, look at Charles Proxy. It's Map Remote feature allows you to (transparently) forward some requests to a remote server (based on wild card URL matching).

like image 67
Quentin Avatar answered Oct 08 '22 17:10

Quentin

What you need is just a little passthrough service running on the first server that passes requests over to the second server, and returns the results it gets back from the second server.

You don't say what language the server side of your application is written in or what kind of data is passed to or returned from your service, so I can't be more specific than that, but it really should be about 15 lines of code to write the passthrough service.

like image 40
dj_segfault Avatar answered Oct 08 '22 17:10

dj_segfault
Sign in to Comment

Related questions

Returning an evenly "spaced" number of indexes from a large array.
Is there a way in Box2dWeb to output position.x of an object to console.log()?
Can I run an uppercase method on an object?
Get function name from inside itself
The equivalent to a content script in a Firefox extension?
Subtracting from div height in jQuery
Insert a node at a specific location in Ext.tree.panel
Access child window elements from parent window using Javascript
addEventListener not triggering when used in a Chrome extension
encodeURIComponent algorithm source code
How to scroll diagonally with jQuery or Javascript
Justify alignment of images in rows (ala Google Images)
parent.jQuery.fancybox.close(); from within Fancybox only closes Fancybox once
Firebug and Offset Calculations
Javascript template framework [closed]
When does the JS engine create a Garbage Collection Root?
Creating Input TextField at precise position on Canvas?
Chrome without the chrome? [closed]
Obtain the Actual Left,Top position of a rotated div
Call jQuery function from JavaScript [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!