Skip to content

Category Archives: javascript

XSS and Fuzzing

I’ve been doing a bit of manual testing on a project that Mario & others are creating, I don’t usually do a lot of XSS cause I find it a bit boring doing the same stuff, so I decided to come up with some new vectors which I found cool. The only problem was creating [...]

Posted 03 August 2007 Gareth Heyes § Security § php Comments (1)

Online Javascript LAN scanner

Background
I’ve really enjoyed making this tool, it started off as a port scanner then it evolved into a router scanner and now I’ve decided to accept any device on a LAN. The code now works on Firefox and IE7 (which was a pain), I haven’t managed to test it on any other browser so please [...]

Posted 28 July 2007 Gareth Heyes § Security § php Comments (4)

Javascript port scanner

I was pretty bored yesterday and I found my work a bit too easy so I thought I’d have a go at something different.
I decided to create a javascript port scanner, the scanner only works on Firefox at the moment (I may change it to work in other browsers) and has three options, option [...]

Posted 25 July 2007 Gareth Heyes § Security § php Comments (8)

Web development trends (estimation)

I found this interesting, although obviously not 100% accurate it gives a good indication of development trends. I’ve compared server side languages and javascript frameworks.

jquery   
scriptaculous   
dojo toolkit   
yui yahoo   
ext js   

php   
asp | asp.net   
ruby on rails   
jsp   
python   

Posted 16 July 2007 Gareth Heyes § php Comments (6)

Tracking without cookies part 2

I’ve been experimenting with the various ways of tracking a user without cookies or sessions and I came up with a unique way of doing so that I haven’t really seen documented anywhere. Using the script below you should receive a unique session id; if you then try the script in another browser it should [...]

Posted 11 July 2007 Gareth Heyes § Security § php Comments (9)

Tracking without cookies

I’ve created a simple script after discussions on a mailing list I’m a member of. The idea was to create a unique identifier without using a full IP address or cookies. It works using javascript to gather information about the browser (screen depth, user agent etc), it then takes all this information and creates a [...]

Posted 10 July 2007 Gareth Heyes § Security § php Comments (4)

Javascript security

Same origin policy is outdated for modern attacks, I would like to see the browser manufacturers create new techniques for protecting users against attacks.
My idea for would be to create a browser javascript policy which is stored on the web site which lists the allowed functions/objects that are allowed to be used. So by default [...]

Posted 30 June 2007 Gareth Heyes § Security § php Comments (0)

Stylin’ with sIFR

So, I’ve been working this evening. I’ve created my first couple of pages using the sIFR (scalable Inman Flash Replacement) technique.
For those of you who’ve not heard of it, sIFR allows you to replace specific targeted elements. Remember how you used to make headers for every h1/h2/h3 in Photoshop, trim to fit then do the [...]

Posted 11 June 2007 jake § Cascading Style Sheets § Design Resources § Tip-web § Typography § accessibility Comments (0)

Heyes Captcha

I’ve spent a lot of research over the last few weeks trying to create a different type of captcha. The basic idea is to try and produce one without images and try to make it as accessible as possible. I started off with a checkbox idea which allowed you to choose different fruits, this was [...]

Posted 26 May 2007 Gareth Heyes § captcha § php Comments (4)

Using TinyMCE and Scriptaculous

I’ve been doing a lot of TinyMCE [1] and Scriptaculous [2] integration recently and I noticed that they don’t work together very well. I found this article [3] that explains the problem if you call scriptaculous before TinyMCE then TinyMCE won’t load.
[1] What is TinyMCE?
TinyMCE is a platform independent web based Javascript HTML WYSIWYG editor [...]

Posted 02 May 2007 Gareth Heyes § Geeky § Tip-web Comments (1)