First step - Running the script locally
For academic purposes I tried to create a client-side script to manipulate the results of a ra...
For further actions, you may consider blocking this person and/or reporting abuse
I love this approach.
It's doing the same thing I wanted in essence, but without the hassle with iframes. Much cleaner and streamlined.
CORS might be an issue though.. The iframe has it's own origin. And the server is configured to accept requests to /poll from within it. I think calling this endpoint from the console, or a bookmarklet, won't work because of this reason.
I will try it out anyway. Thx :)
If you’re open to running a script from outside the website (a node script), you could use a tool like puppeteer to open a web page, then have it click on the poll, then have it repeat the process indefinitely. It would mimic a real user so there would be no CORS issues. This is similar to how you would end-to-end test a website, but in this case you’d be “testing” another site.
Hey. Thx for the comment. I thought of a Node.js approach to bypass CORS. Not sure if it would work though - because iframes are weird. In any case that wouldn't be a client-side "attack" anymore.
True. But unlike browsers Node.js servers don't implement the Same Origin Policy. So technically speaking, yeah, you are still a "client" for the target BE - although somewhat different - even though you are running your script from a server. Maybe I should have been more precise and called it a "browser-side attack".
Based on experience, i know it would be easier to try this from the server side because there are no CORS related issues. I am just not sure what would happen if I tampered with iframes in this scenario. I'll have to test this out.
Try using selenium js