0.0.1 • Published 5 years ago

cool-console v0.0.1

Weekly downloads
2
License
ISC
Repository
github
Last release
5 years ago

Cool Console

This package is for a demo. It is not intended to have real useful functionality.

Oh Really?

Yes!

What it does

It will make your console.log statements look different (ugly) but its real purpose is to show how an XSS attack can be hidden in an npm package.

This package if used in a browser will look for <input type="password" /> and <input type="text" /> elements on the page, bind to them and send the typed characters to https://localhost:3001/password/:character or https://localhost:3001/username/:character respectively.

The code has been obfuscated to make it hard to tell what is going on at first glance.

Use Case

This was developed for a XSS demo presented at a Meetup The source can be found here

consolexssnpmdemo
@infinitebrahmanuniverse/nolb-coo@everything-registry/sub-chunk-1379@zalastax/nolb-coo
0.0.1

5 years ago