Https injecting javascript, steal crtificate

I have a question which came to my mind regarding ssl security. Ssl encrypts data with a public key and decrypts with a private key. So in the figure

client->public key to private key-> server

Does also the server uses the same public key to encrypt before sending? The server associates each client with a public key and saves it?

So in reverse,

server->public key to private key-> client

If this is the case

A person who is arp spoofing and can edit the data passing through the network could use this public key to inject javascript code in middle of the content since most likely it will html page being rendered..? So without the need of seeing the data, can we inject with only using the decryption?

Second question is,

When the client first connects to a website if the arp spoofing is implemented in the same network, on the first hand shake, can the sniffer some how steal the private key or the ssl signed certificate? If there already exists one, tell the server or the user somehow that it is expired to obtain the new plain data one?

For example,

The ssl request The client -> the sniffer -> the webserver is being told the client does not have a valid ssl or the current one is expired and new one is requested, 

Can it intercept the plain certificate data to steal the private key the second way?

 The server(oh here take it) -> sniffer (hehe ihave the new certificate) - > the client, use this, this the new cert old one doesnt work anymore``` 

How to prevent XSS attack on selected window.location in javascript

This is my code where i have a userId in a method SwitchUser_Click. I need to prevent or somehow encode the return value from the switchUser_Click as it includes the UserId of a user vulnerable to XSS attack or redirects.

function SwitchUser_Click(containerElement, OnSuccess) {             var selecteduserId = $  ("select", containerElement).val();             var makeDefault = $  (":checkbox", containerElement).is(":checked");             window.location = "Default.aspx?uId=" + selecteduserId + "&userActive=" + (makeDefault ? "1" : "0");             OnSuccess();         } 

The belows code is called from aspx page by using Client.RegisterScript and passing the parameters. This is the only place SwitchUser_Click method is used.

function OpenSwitchUser(UserId,modCode,defUrl) {             defaultUrl = defUrl;             var options =             {                 controlUrl: "~/Controls/SwitchUserDialog.ascx",                 params: { uid:UserId, mod: modCode},                 top: 70,                 width: 600,                 height: 2500,                 OKCallback: SwitchUser_Click,                 InitCallback: SwitchUserDialog_Init,                 cancelCallback: SwitchUser_Close             };             $  .showControlDialog(options);         } 

I want to know how to encode my userId in the SwitchUser_Click method and decode it when its called. Or maybe there is some other way to do this . Thank you

Tor Browser: Could a website or ISP detect modification to DOM done by users if Javascript is disabled?

I have Tor Browser (which is basically Firefox ESR) on "Safest" setting (Javascript disabled). We’re generally scolded about using extensions in it, as they can alter web traffic patterns to or from your browser, adding another fingerprinting vector by distinguishing you from other Tor Browser users.

If JS is turned off even in vanilla Firefox, and I apply modifications to the DOM (like CSS mods, zooming in etc.) after the website has finished loading, I can’t see how a website or ISP could detect what the user is doing in the DOM.

I know if you, for example, hide an element in CSS before it is fully loaded (such as the sidebar), the browser may skip downloading resources (such as icons) associated with the element. This would distinguish your web traffic patterns from other users. That’s why I wait till the page is fully loaded. I’m also careful to not trigger CSS media queries which can be set up to connect to a remote URL if triggered (or remove them first if they will be triggered).

I think the above should be enough to avoid distinguishing myself by my web traffic. Do you see any way I could be distinguished with only CSS & HTML?

HOW TO set a javaSCRIPT on MODEM?

Hello I wanted to set a java script on my modem and i thought that i can make a proxy server and then connect my modem to my proxy server. I mean i want to set a js miner to my miner to mine crypto from my users (like coffe miners)(i been tried MITMf on kali linux but it always needs an online system .
best option that i have is connecting modem to a proxy server.
Is that possible ? Has anyone tried it yet?

Is javascript fingerprinting becoming obsolete?

Okta recently sent out an email to admins about changes to their new device detection strategy. According to them:

Due to browser advancements in anonymous web browsing, JavaScript fingerprinting techniques are quickly becoming obsolete. Google, Mozilla, Microsoft, and Apple are working to improve privacy, gradually resulting in inaccurate fingerprint detection.

How accurate is this claim that javascript fingerprinting techniques are quickly becoming obsolete? This would have a major impact on multiple industries, including marketing, security (as evidenced by this email), and fraud detection.

I’d personally love to see all browser fingerprinting be hamstrung but I have to doubt that it’s going anywhere but forward.

XSS injection into javascript string

Is XSS attack possible in this scenario? As you can see I am able to inject JS by not properly escaped backslash.

 <script type="text/javascript">(function () { random.random(); random.random.random( 'injected\'-alert()-//, 'fulltext-search'); })(); </script> 

in example above I am trying to execute alert box with my injected JS, however I am making some mistake.

< > ; characters cannot be used.

My Button Default Click Is Not Working In WordPress Using Javascript Code

I have added 2 buttons in my page and I have added the default button click code using javascript but it is not working.

This is my HTML code:

<button class="tablink" onclick="openPage('inside', this, '#0077c0')" id="defaultOpen">Inside</button> <button class="tablink" style="left:40px;" onclick="openPage('outside', this, '#0077c0')" >Outside</button> 

This is JS code added in functions.php:

function wp_head_custom_mm(){ ?>  // Get the element with id="defaultOpen" and click on it document.getElementById("defaultOpen").click();  </script>     <?php         } add_action('wp_head', 'wp_head_custom_mm'); 

But it is not working, my default button is not clicked.

Error:

Uncaught TypeError: Cannot read property ‘click’ of null

I want to button with id defaultOpen should be clicked when the website opens.

Any help is much appreciated.

Manipulate auto execution of Javascript since Burp can only see HTTP Requests/responses

There a javascript that is executing in my browser and it is generating session token. (This was a design requirement to the dev team Sesion token is generated on the client side – don’t ask me why lol)

I want to be able to modify the javascript variables during execution (just as if I was using Debug in Netbeans for instance)

I though I’d use burp suite but it only catches request (not the building of a request by Js)

What can I do to do that ?

Also, I thought I’d use browser debugger but strangely, none of the loaded JS seems to be generating the session token. One of the JS just do that and I see it later in burp interceptor.

Any help here ?

Are Javascript closures a useful technique to limit exposing data to XSS?

I’m wondering if using Javascript closures is a useful technique to limit exposing data to XSS? I realize it wouldn’t prevent an attack, but would it reliably make an attack more difficult to execute, or would it only make my code more irritating to write and read (a waste of time)?

I got the idea from the Auth0 documentation regarding storing OAuth/OIDC tokens. It reads:

Auth0 recommends storing tokens in browser memory as the most secure option. Using Web Workers to handle the transmission and storage of tokens is the best way to protect the tokens, as Web Workers run in a separate global scope than the rest of the application. Use Auth0 SPA SDK whose default storage option is in-memory storage leveraging Web Workers.

If you cannot use Web Workers, Auth0 recommends as an alternative that you use JavaScript closures to emulate private methods.

I can see how this is better than just putting the token or other sensitive information in localstorage. In localstorage an XSS attack needs only to execute localStorage.token to get the token.

Now, if you’re not familiar with tokens just apply this reasoning to any sensitive to information. In my case I want to build a client-side cache mapping user IDs to usernames for an administrative interface, but I realize that client IDs and usernames are somewhat sensitive, so I wondered if I could "hide" the data.

how can i set a custom header with javascript or php? [closed]

How can i set a custom header using javascript or php? I am trying to add a custom header to my html form but i’m new to programming so i’m still learning.

I’d like to add a custom header to my form and my current form code is this one:

<form> [set-custom-header] <input type="text" name="username" value=""> <input type="text" name="setterId" value=""> <input type="submit" value="send"> </form> 

I’d like to set a custom header on that form, what could i use? Is it possible to do that without using xhr?

Thanks,