Re: can u read selected text in an iframed google page?!?!?!
- From: shimmyshack <matt.farey@xxxxxxxxx>
- Date: Wed, 27 Jun 2007 01:52:56 -0700
On Jun 27, 4:19 am, joj...@xxxxxxxxx wrote:
wow!
thank you shimmyshack.
that was pretty clear. but i still do have a couple questions (please
excuse my novice-ness).
you said:
<<
You just have to get that code in there, normally you would do it
using XSS, but you can do it if you run a local proxym which adds a
bit of code as the html markup passes by, for certain URLs
do you recommend i go with xss instead of the proxy method (i mean, am
i making this too hard)?
I would go with either a proxy, or greasemonkey more probably.
otherwise, if i run a local proxy, does that mean my google iframe is
now within same domain as parent document (and so i can access
whatever i want inside that iframe)?
see below, although they are on different domains, the proxy allows
modification of markup as it passes by (you must somehow program your
proxy to inject markup as needed - fiddlertool allows this) this new
markup would be a script to gather data, and an iframe where to post
the data.
you said:
<<
The script gathers the required info from the google page, and then
sends it either as a post to an injected iframe (within the google
iframe) of via the query string of an image or whatever.
after i have injected the script to retrieve the info, i'm still not
sure how to get that info back out of the google iframe. i see you
mentioned posting it to an injected iframe, but i don't see how the
info in that iframe can be retrieved?
thanks again for all your help,
jojoba
well you must run a webserver somewhere with a php page that accepts a
POST payload
ideally this will be on the same domain as the parent frame
so
<?php
var_dump( $_POST );
//shove the data into mysql (or whatever)
?>
the javascript you inject into the google markup /is/ on the same
domain as the google data of course so it has the right to gather
data.
<script type="text/javascript">
//grab data you want from google
//fill out a form
//(which you have also injected)
//with the data gathered
//now post this form to the iframe
//(also injected)
//the action of the form dictates
//where the post payload goes
//it will be the url of the above php script
//you then put that data in mysql or whatever.
</script>
now that you have the data on your server in mysql, you can retrieve
it using ajax or whatever from the parent frame of the same domain.
It is perfectly possible to post data to a different domain, thats the
kind of thing that you do all the time. People use this method for
instance to post to watchfire prefilling the form out, or it is used
to track users on some stats sites. You can use it to gradually
collect data from an entire site as you browse. Greasemonkey is cool
for this, or chickenfoot, asit will do the browsing for you as well.
You might want all the lat/lons from somewhere or whatever, nothing
sinister I hope! Do no dr. evil. 1 milleeon dollars
.
- References:
- can u read selected text in an iframed google page?!?!?!
- From: jojoba
- Re: can u read selected text in an iframed google page?!?!?!
- From: shimmyshack
- Re: can u read selected text in an iframed google page?!?!?!
- From: jojoba
- Re: can u read selected text in an iframed google page?!?!?!
- From: shimmyshack
- Re: can u read selected text in an iframed google page?!?!?!
- From: jojoba
- can u read selected text in an iframed google page?!?!?!
- Prev by Date: Re: floating menu and different IE and FF behaviour
- Next by Date: Re: clearing cache
- Previous by thread: Re: can u read selected text in an iframed google page?!?!?!
- Next by thread: Firefox option indentation
- Index(es):
Relevant Pages
|
