For example if I'm on www.facebook and I want to inject a script to analyze their DOM? One way would be to open up the console and than use something like
document.createElement('script');
and then set the src attribute, etc.
Is this the best way to do it?
For example if I'm on www.facebook. and I want to inject a script to analyze their DOM? One way would be to open up the console and than use something like
document.createElement('script');
and then set the src attribute, etc.
Is this the best way to do it?
Share Improve this question asked Aug 19, 2013 at 19:25 api implementor - johnnyapi implementor - johnny 671 silver badge9 bronze badges 4- 1 @duffymo: In the console? – SLaks Commented Aug 19, 2013 at 19:26
- Define "best" - do you want to do this frequently, or just once? – Pekka Commented Aug 19, 2013 at 19:27
- @johnnysirocco SLaks is likely referencing a ment that was subsequently deleted. – Timothy Shields Commented Aug 19, 2013 at 19:30
- I would use Fiddler (fiddler2.). You can use it to modify content. – zkar Commented Aug 19, 2013 at 19:32
3 Answers
Reset to default 4If you are trying to inspect someone's DOM, it's probably easiest to use a JS console or debugger (if your browser offers it natively or as an add-on like firebug).
You could use a proxy server, like Burp or ZAP, to intercept responses from the website and inject your own JavaScript.
You could duplicate the site with a web crawler. You should get permission first, ensure that you don't violate the Terms of Service, and make sure you have lots of space. Then you can play with the site to your heart's content :)
As another alternative, you could use an engine like XSSshell, loading the website you want to examine in an XSSshell promised web browser, then loading the code you want to load into XSSshell.
Or, you could set up your own DNS server that specifies a local IP address for something like foo.facebook., but everything else as facebook.. Depending upon how FB manages their site (new HTTP headers, cookie paths) you may be able to run your JavaScript from your local server, while browsing FB.
If you really, really want to write code that executes in the context of the REAL website in question, not just a copy, and you don't care about violating laws, you'll need to find a cross site scripting vulnerability. That'd also let you load your own JavaScript into the target server's execution environment. I don't remend this one - at least, not if you don't legally own the target environment :)
I'd remend writing a browser plugin, as this is really the only way the browser allows code to just be "injected" into the page. There is a browser plugin, I think it's called "Better Facebook" or something similar, that does this, scans the DOM after the page is loaded and analyzes + modifies it (in order to make it "better")
http://developer.chrome./extensions/getstarted.html
https://developer.mozilla/en-US/docs/Building_an_Extension
http://www.techradar./us/news/internet/the-beginner-s-guide-to-greasemonkey-scripting-598247
You should check this Firefox addon:
https://addons.mozilla/pl/firefox/addon/greasemonkey/
It allows You to run your JavaScript code on websites.