-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathwelcome.html
120 lines (117 loc) · 4.63 KB
/
welcome.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<link
href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css"
rel="stylesheet"
integrity="sha384-1BmE4kWBq78iYhFldvKuhfTAU6auU8tT94WrHftjDbrCEXSU1oBoqyl2QvZ6jIW3"
crossorigin="anonymous"
/>
<script
src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"
integrity="sha384-ka7Sk0Gln4gmtz2MlQnikT1wXgYsOg+OMhuP+IlRH9sENBO0LRn5q+8nbTov4+1p"
crossorigin="anonymous"
></script>
<script async defer data-website-id="fb84ce8f-e144-4cd5-adc5-15e883546354" src="https://umami.gbsl.website/tell-me.js"></script>
</head>
<body>
<div class="container">
<h1 id="welcome"></h1>
<p>
Your Password seems <span id="pwState">not to be very safe!</span> (Your
password starts with: <code id="pwPart">...</code>)
</p>
<div class="accordion" id="accordion">
<div class="accordion-item">
<h2 class="accordion-header" id="headingOne">
<button
class="accordion-button"
type="button"
data-bs-toggle="collapse"
data-bs-target="#collapseOne"
aria-expanded="true"
aria-controls="collapseOne"
>
Exposed Data
</button>
</h2>
<div
id="collapseOne"
class="accordion-collapse collapse"
aria-labelledby="headingOne"
data-bs-parent="#accordion"
>
<div class="accordion-body">
<strong>This data would be exposed to WIFI Sniffers.</strong>
<div>
<pre>
<code id="exposed_data"></code>
</pre>
</div>
This data is not safed on any webserver and is stored only in your
browser. Either remove it by pressing the button below or reload
the page.
<form
action="index.html"
onsubmit="window.sessionStorage.clear()"
>
<button type="submit" class="btn btn-danger">
Clear Password
</button>
</form>
</div>
</div>
</div>
</div>
<form action="index.html" onsubmit="window.sessionStorage.clear()">
<button type="submit" class="btn btn-primary">Logout</button>
</form>
<img
id="hacker_img"
src="./Hacker_behind_PC_evil.svg"
class="rounded mx-auto d-block"
alt="Hacker"
/>
<a
class="btn btn-outline-secondary"
href="https://github.com/lebalz/insecure-login"
role="button"
>Source: <svg
xmlns="http://www.w3.org/2000/svg"
width="16"
height="16"
fill="currentColor"
class="bi bi-github"
viewBox="0 0 16 16"
>
<path
d="M8 0C3.58 0 0 3.58 0 8c0 3.54 2.29 6.53 5.47 7.59.4.07.55-.17.55-.38 0-.19-.01-.82-.01-1.49-2.01.37-2.53-.49-2.69-.94-.09-.23-.48-.94-.82-1.13-.28-.15-.68-.52-.01-.53.63-.01 1.08.58 1.23.82.72 1.21 1.87.87 2.33.66.07-.52.28-.87.51-1.07-1.78-.2-3.64-.89-3.64-3.95 0-.87.31-1.59.82-2.15-.08-.2-.36-1.02.08-2.12 0 0 .67-.21 2.2.82.64-.18 1.32-.27 2-.27.68 0 1.36.09 2 .27 1.53-1.04 2.2-.82 2.2-.82.44 1.1.16 1.92.08 2.12.51.56.82 1.27.82 2.15 0 3.07-1.87 3.75-3.65 3.95.29.25.54.73.54 1.48 0 1.07-.01 1.93-.01 2.2 0 .21.15.46.55.38A8.012 8.012 0 0 0 16 8c0-4.42-3.58-8-8-8z"
/>
</svg>
Github</a
>
</div>
<script>
console.log(window.sessionStorage);
window.onload = function () {
const user = JSON.parse(window.sessionStorage.getItem("user") || "{}");
const email = user.email || "Hacker";
const pw = user.pw || "...";
const img = document.getElementById("hacker_img");
if (email === "Hacker" && pw === "...") {
const pwState = document.getElementById("pwState");
img.setAttribute("src", "./Hacker_behind_PC.svg");
pwState.innerHTML = `to be very safe, since you did not enter any credentials, bravo!`;
}
const welcomeNode = document.getElementById("welcome");
welcomeNode.innerHTML = `Hello ${email}`;
const pwNode = document.getElementById("pwPart");
pwNode.innerHTML = `${pw.slice(0, -2)}...`;
const exposed_data = document.getElementById("exposed_data");
exposed_data.innerHTML = `\n${JSON.stringify(user, undefined, 2)}`;
};
</script>
</body>
</html>