Enjoy the power of Greasemonkey!!!. The same old WebPages that you used to see will reappear with all the enhancements. Get a lifetime subscription to VPN Unlimited for all your devices with a one-time purchase from the new Gadget Hacks Shop , and watch Hulu or Netflix without regional restrictions, increase security when browsing on public networks, and more.
Installing Greasemonkey: Open Firefox web browser to install the Greasemonkey add-on. Please enable JavaScript to watch this video. Each item in this collection is an object, representing a single stylesheet.
Each stylesheet object has a collection of rules, and methods to add new rules or remove existing rules. The insertRule method takes two parameters. The first is the CSS rule to insert, and the second is the positional index of the rule before which to insert the new rule:.
You can also delete individual rules by using the deleteRule method. It takes a single parameter, the positional index of the rule to remove. The following code will remove the first rule, which we just inserted with insertRule :. The property names of individual styles are not always obvious. But there are exceptions. The float property is set with elmModify. There is no easy way to set multiple properties at once. In regular JavaScript, you can set multiple styles by calling the setAttribute method to the style attribute to a string:.
Firefox contains a little-known but powerful feature called XPath. Many hacks work on a collection of elements. Without XPath, you would need to get a list of elements for example, with document. With XPath expressions, you can find exactly the elements you want, all in one shot, and then immediately start working with them.
To execute an XPath query, use the document. If you want to search the entire web page, pass in document. But you can also search just a part of the page. If you want a collection of elements, use XPathResult. If you want to find a single element, use XPathResult. More on this in a minute, too. I rarely use this, but it can be useful if you want to conditionally concatenate the results of multiple XPath queries.
The document. You can iterate through the snapshot or access its items in any order. The snapshot is static, which means it will never change, no matter what you do to the page. You can even delete DOM nodes as you move through the snapshot.
To get the number of items in the snapshot, use snapResults. To access a particular item, you need to call snapshotResults. Here is the skeleton of a script that executes an XPath query and loops through the results:.
You can use XPath to search for specific elements. You can also test for the presence of an attribute, regardless of its value. The following query finds all elements with an accesskey attribute. Not impressed yet? You can also do combinations of attributes. This query finds all images with a width of 36 and a height of By using more advanced XPath syntax, you can actually find elements that are contained within other elements. This code finds all the links that are contained in a paragraph whose class is g.
Finally, you can find a specific element by passing XPathResult. XPath is, quite literally, a language all its own. Like regular expressions, XPath can make your life easier, or it can make your life a living hell. Remember, you can always get what you need eventually with standard DOM functions such as document.
Edit a user script and see your changes immediately. Changes to these installed files take effect immediately, as soon as you refresh the page.
This makes the testing cycle quick, because you can edit your partially written script, save changes, and refresh your test page to see the changes immediately. Before you can take advantage of live editing, you need to set up file associations on your system, so that double-clicking a.
Control-click a. In the Open With section, select your text editor from the drop-down menu, or select Other…to find the editor program manually. Click Change All to permanently associate your editor with. Right-click a. Select your favorite text editor from the list, or click Browse to find the editor application manually. Select a script from the pane on the left and click Edit. If your file associations are set up correctly, this should open the user script in your text editor.
The first time you do this on Windows, you will get a warning message, explaining that you need to set up your file associations, as shown in Figure The reason for the warning is that, by default, Windows is configured to execute.
Once the user script opens in your text editor, you can make any changes you like to the code. As soon as you make a change and save it, you can switch back to Firefox and refresh your test page to see the effect of your change. Switch to your editor, make another change, switch back to Firefox, and refresh. During live editing , you can change only the code of a user script, not the configuration parameters in the metadata section.
If you want to change where the script runs, use the Manage User Scripts dialog. Save a backup somewhere else for safekeeping. Learn the subtle art of Greasemonkey debugging. Since JavaScript is an interpreted language, errors that would otherwise cause a compilation error such as misspelled variables or function names can only be caught when they occur at runtime.
In the JavaScript Console window, click Clear to remove the old errors from the list. If your user script is crashing or otherwise misbehaving, you will see the exception displayed in JavaScript Console. If your user script is crashing, JavaScript Console will display an exception and a line number.
Due to the way Greasemonkey injects user scripts into a page, this line number is not actually useful, and you should ignore it. It is not the line number within your user script where the exception occurred. What next? Such messages should be taken out before release, but they are enormously helpful in debugging.
Plus, watching the console pile up with log messages is much more satisfying than clicking OK over and over to dismiss multiple alerts. After logging to JavaScript Console, the user script will continue executing normally.
Messages logged in Javascript Console are not limited to characters. Plus, lines in JavaScript Console wrap properly, so you can always scroll down to see the rest of your log message.
Go nuts with logging! In JavaScript Console, you can right-click Mac users Control-click on any line and select Copy to copy it to the clipboard. You can get details on each HTML element, attribute, and text node. You can explore all the scriptable properties of an object. DOM Inspector is included with the Firefox installation program, but depending on your platform, it might not installed by default.
It allows you to right-click on any element—a link, a paragraph, even the page itself—and open DOM Inspector with that element selected. From there, you can inspect its properties, or see exactly where it fits within the hierarchy of other elements on the page.
One last note: DOM Inspector does not follow you as you browse. JavaScript Shell is a bookmarklet that allows you to evaluate arbitrary JavaScript expressions in the context of the current page.
You install it simply by dragging it to your links toolbar. Then you can visit a web page you want to work on, and click the JavaScript Shell bookmarklet in your toolbar. The JavaScript Shell window will open in the background. Think of it as a command line for the DOM. You can enter any JavaScript expressions or commands, and you will see the output immediately. You can even make changes to the page, such as creating a new element document.
Your changes are reflected in the original page. One feature of JavaScript Shell that is worth special mention is the props function. Methods and properties that are specific to link elements such as the blur and focus methods, and the href and hreflang properties are listed first, followed by methods and properties shared by all types of nodes such as the insertBefore method.
Again, this is the same information that is available in DOM Inspector—but with more typing and experimenting, and less pointing and clicking. If you open JavaScript Shell and then navigate somewhere else in the original window, JavaScript Shell will get confused. Add images to web pages without hitting a remote server. A user script is a single file.
Greasemonkey does not provide any mechanism for bundling other resource files, such as image files, along with the JavaScript code. While this might offend the sensibilities of some purists who would prefer to maintain separation between code, styles, markup, and media resources, in practice, it is rarely a problem for me.
Instead of posting the image to a web server and having your user script fetch it, you can embed the image data in the script itself by using a data : URL. A data : URL allows you to encode an image as printable text, so you can store it as a JavaScript string.
Firefox will display the image without sending a separate request to any remote server. This user script runs on all pages. It uses an XPath query to find web bugs : 1 x 1-pixel img elements that advertisers use to track your movement online. The script filters this list of potential web bugs to include only those images that point to a third-party site, since many sites use 1 x 1-pixel images for spacing in table-based layouts.
There is no way for Greasemonkey to eliminate web bugs altogether; by the time a user script executes, the image has already been fetched. But we can make them more visible by changing the src attribute of the img element after the fact. The image data is embedded in the script itself. You will see a web bug made visible, as shown in Figure The graphic of the spider does not come from any server; it is embedded in the user script itself.
This makes it easy to distribute a graphics-enabled Greasemonkey script without worrying that everyone who installs it will pound your server on every page request. Learn the history of Greasemonkey security and how it affects you now. Once upon a time, there was a security hole. This is not your standard fairy tale. Stay with me. Version 0. It initialized a set of API functions as properties of the global window object, so that user scripts could call them.
Then, it determined which user scripts ought to execute on the current page based on the include and exclude parameters. JavaScript running in a browser is not simply a scripting language. The browser sets up a complex object hierarchy for scripts to manipulate the web page, and a complex event model to notify scripts when things happen. This leads directly to the first security hole.
When Greasemonkey 0. Consider a web page with the following JavaScript code. Keep in mind, this is not a user script; this is just regular JavaScript code that is part of the web page in which user scripts are executing. Whenever Greasemonkey 0.
The remote page could get a complete copy of every user script that executed on the page, and do whatever it wanted with that information. The most powerful feature of Greasemonkey is not that it allows you to inject your own scripts into third-party web pages. User scripts can actually do things that regular unprivileged JavaScript cannot do, because Greasemonkey provides a set of API functions specifically for user scripts:.
Store a script-specific value in the Firefox preferences database. You can see these stored values by navigating to about:config and filtering on greasemonkey. Retrieve a script-specific value from the Firefox preferences database. User scripts can only access values that they have stored; they cannot access values stored by other user scripts, other browser extensions, or Firefox itself.
This last API function is obviously the most powerful. It is also the most useful, because it allows user scripts to integrate data from different sites. See Chapter JavaScript code that comes with a regular web page cannot do this. There is an XMLHttpRequest object that has some of the same capabilities, but for security reasons, Firefox intentionally restricts it to communicating with other pages on the same web site.
All of this brings us to the second security hole. Greasemonkey 0. Using the watch method, available on every JavaScript object, the web page would wait for Greasemonkey 0. When Greasemonkey assigned the window. The user script would execute as usual, and Greasemonkey would clean up after itself by removing the API functions from the window object. But the damage had already been done.
Security experts call this a privilege escalation attack. In effect, Greasemonkey 0. This is disturbing by itself, but it is especially dangerous when coupled with leaking API functions to remote page scripts. All of these problems in Greasemonkey 0. The solution is to set up a safe environment where we can execute user scripts. An attacker can use variety of methods in order to steal your facebook authentication cookies depending upon the network he is on, If an attacker is on a hub based network he would just sniff traffic with any packet sniffer and gain access to victims account.
If an attacker is on a Switch based network he would use an ARP Poisoning request to capture authentication cookies, If an attacker is on a wireless network he just needs to use a simple tool called firesheep in order to capture authentication cookie and gain access to victims account.
In the example below I will be explaining how an attacker can capture your authentication cookies and hack your facebook account with wireshark. Step 5 — After 10minutes stop the packet sniffing by going to the capture menu and clicking on Stop. Step 6 — Next set the filter to http.
Now open up Facebook. Step 10 — Now refresh your page and viola you are logged in to the victims facebook account. Mozzila Firefox Users: 1. Skip to content Home facebook Hack.
0コメント