So what’s wrong with my breakpoint? or placing a debugger command? Why don’t these work? I mean, any javascript code that is intended to execute under this event executes perfectly fine - whether it’s console.log(), tItem() or any other standard action. So I set a breakpoint where the code that is supposed to be fired by the unload event is, and reloaded the page to allow my Google Chrome Browser stop at this breakpoint of mine letting me debug it.įor those of you who have enough javascript experience, the following will not shock you at all: the browser ignored my breakpoint completely and reloaded the page normally. This was where I had to debug to be able to tell whether I found something interesting here or not. There is a specific one that I have reasons to believe that might be vulnerable to a serious XSS exploitation.Īt some point in the process, I realized that the part that might be vulnerable to XSS is executed by an unload event listener that was registered by some javascript code in the website. To “The Trick To Successfully Debug unload/ beforeunload EventĪs I often do, I was looking for potential vulnerabilities in well known websites and web applications. Tl dr - if you’re only here for the trick of how to set a breakpoint andĪctually debug ** unload and beforeunload event listeners, go straight
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |