Stuff & Nonsense

File injection and security breaking…..

I’ve just updated my dynamic proxy server in node.js to support file injection, and the stripping of headers that prevent loading targeted pages in iframes.  This may all sound very nefarious, but I actually require this functionality in a (super secret) project I’m working on….

So what can you do with this?  Well, the proxy server now allows you to inject any css or javascript files into a targeted page, so you can (for example) proxy amazon through this server and inject a css file that inverts all the images.  Or something.  I’m using it to load specific pages into an iframe, then use injected javascript to pull data out of the page by clicking on elements in the iframe.  Which is pretty nifty.

The proxy server is still a work in progress, and I need to get round to producing a package.json but feel free to clone the repository and have a play with it:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.