Is This Possible with JavaScprit?

miketpowell

miketpowell

New member
Feb 20, 2009
755
26
0
Las Vegas
Ok so I want to hire someone to create something with JS but first I need to find out if it's even possible before I go looking for a coder.

So if on a page I iframe something. Can JS be made that will then go in and read that page and act on the information it finds? Such as could you make something that iframes wickedfire then checks the data in the iframe to see if they are logged in and if so pull out there there username, since that will be right in the HTML in the wickedfire iframe if they are logged in.

Maybe I'm way off base on thinking this is possible but based on what I know about the CSS/History check I thought it might be.
 


Or really anyway to do what I described. Have code on pageA that checks what some other site looks like for the user on pageA and then acts on that information.
 
^^ Yeah so in my research I've found JS can't do it cross domains I think....

It's seeming like this isn't really possible - or rather if there is current a way to do it it's a security loop hole that isn't known to many people.

I was thinking also php/proxy but then the problem becomes because of the different IP the use won't be logged into the page so there isn't any unique data worth grabbing.
 
What you want to do is get the information stored in cookies on a persons browser for other sites while it's displayed when they are viewing with those cookies active.

Unless you got them to login with curl or an equivalent then I don't think it's possible from a browser.
 
miketpowell said:
So if on a page I iframe something. Can JS be made that will then go in and read that page and act on the information it finds? Such as could you make something that iframes wickedfire then checks the data in the iframe to see if they are logged in and if so pull out there there username, since that will be right in the HTML in the wickedfire iframe if they are logged in.
Click to expand...

Yes and no. If your using only Javascript and iframes then unless the iframe is from the same domain then its not possible due to browser restrictions.

miketpowel said:
Or really anyway to do what I described. Have code on pageA that checks what some other site looks like for the user on pageA and then acts on that information.
Click to expand...

I'm assuming you don't control the user account you want to "gather information about" and if so, then no, it's not possible.

Actually, I should say it's not possible if you want to keep squeaky clean (and even if you don't care about being clean, then it would probably be difficult, if not impossible).

Having said that, you can check if a user has visited a site quite easily, I know it's not quite what you're asking for, but it can be handy as information collection.
 
AdvExtreamer said:
yeah, you can do that with Javascript.... if it's not too f'd up, like reading google or facebook iframes. and it's not that hard too. what are you trying to do. pm me if it's private.
Click to expand...

Maybe it's my lack of sleep, but how are you bypassing the browser XSS policies?
 
Thanks for the input guys - and yes I'm aware about being able to check the users browser history with the CSS trick.


AdvExtreamer said:
yeah, you can do that with Javascript.... if it's not too f'd up, like reading google or facebook iframes. and it's not that hard too. what are you trying to do. pm me if it's private.
Click to expand...

Well what I wanted to do was determine someones age/gender if they were logged into there FB.. but I now realize how big of a security problem that would be if it was possible...

I've found some other ways that should prove pretty nice and accurate for determining a users age/gender with some nice little tricks. Now I just gotta design/have it coded and see how well it actually works...
 
miketpowell said:
Thanks for the input guys - and yes I'm aware about being able to check the users browser history with the CSS trick.




Well what I wanted to do was determine someones age/gender if they were logged into there FB.. but I now realize how big of a security problem that would be if it was possible...

I've found some other ways that should prove pretty nice and accurate for determining a users age/gender with some nice little tricks. Now I just gotta design/have it coded and see how well it actually works...
Click to expand...


One option is to force them to login with Facebook account, then they will give you all access to their info voluntarily. But facebook is pretty hard to work with their iframes, because it's not straight iframes, but javascript that generates a shitloat of stuff and iframes somewhere in the middle.
 
You can do a lot with opengraph api --- unless you are trying to hide that you are getting the info.

If you aren't - just check out the api - easy to work with.
 
You must log in or register to reply here.
Top Bottom