/* Copyright PortSwigger Ltd. All rights reserved. Usage is subject to the Burp Suite license terms. See https://portswigger.net for more details. */ !function(){ var initialZoomFactor = '1.0', win, doc, width, height, clicks = []; function addClickTrap(element, minusY) { var clickTrap = doc.createElement('div'), cords = findPos(element); clickTrap.style.backgroundColor = 'none'; clickTrap.style.border = 'none'; clickTrap.style.position = 'absolute'; clickTrap.style.left = cords[0] + 'px'; clickTrap.style.top = cords[1] + 'px'; clickTrap.style.width = element.offsetWidth + 'px'; clickTrap.style.height = element.offsetHeight + 'px'; if(element.zIndex || element.zIndex === '0') { clickTrap.style.zIndex = +element.zIndex+1; } clickTrap.style.opacity = '0.5'; clickTrap.style.cursor = 'pointer'; clickTrap.clickTrap = 1; clickTrap.addEventListener('click', function(e) { generatePoc({x:e.pageX, y: minusY?e.pageY-minusY : e.page}); e.preventDefault(); e.stopPropagation(); return false; }, true); doc.body.appendChild(clickTrap); } function addMessage(msg) { var message = document.createElement('div'); message.style.width = '100%'; message.style.height = '20px'; message.style.backgroundColor = '#fff5bf'; message.style.border = '1px solid #ff9900'; message.style.padding = '5px'; message.style.position = 'fixed'; message.style.bottom = '0'; message.style.left = '0'; message.style.zIndex = 100000; message.style.textAlign = 'center'; message.style.fontFamily = 'Arial'; message.style.color = '#000'; message.appendChild(document.createTextNode(msg)); document.body.appendChild(message); setTimeout(function() { document.body.removeChild(message); }, 4000); } function htmlEscape(str) { str = str + ''; return str.replace(/[^\w :\-\/.?=]/gi, function(c){ return '&#' + (+c.charCodeAt(0))+';'; }); } function getDocHeight(D) { return Math.max( D.body.scrollHeight, D.documentElement.scrollHeight, D.body.offsetHeight, D.documentElement.offsetHeight, D.body.clientHeight, D.documentElement.clientHeight ); } function getDocWidth(D) { return Math.max( D.body.scrollWidth, D.documentElement.scrollWidth, D.body.offsetWidth, D.documentElement.offsetWidth, D.body.clientWidth, D.documentElement.clientWidth ); } function findPos(obj) { var left = 0, top = 0; if(obj.offsetParent) { while(1) { left += obj.offsetLeft; top += obj.offsetTop; if(!obj.offsetParent) { break; } obj = obj.offsetParent; } } else if(obj.x && obj.y) { left += obj.x; top += obj.y; } return [left,top]; } function generatePoc(config) { var html = '', child = '', elementWidth = 1, elementHeight = 1, maxWidth = width, maxHeight = height, cords, zoomIncrement = 1, desiredX = 200, desiredY = 200, parentOffsetWidth, parentOffsetHeight, element = config.element, x = config.x, y = config.y, pixelMode = false; if(config.clickTracking) { elementWidth = config.clickTracking[0].width; elementHeight = config.clickTracking[0].height; x = config.clickTracking[0].left; y = config.clickTracking[0].top; zoomIncrement = 1; config.currentPosition = 0; } else { config.clickTracking = []; if(element) { elementWidth = element.offsetWidth; elementHeight = element.offsetHeight; cords = findPos(element); x = cords[0]; y = cords[1]; zoomIncrement = 1; } else { zoomIncrement = 5; pixelMode = true; } } parentOffsetWidth = desiredX - x; parentOffsetHeight = desiredY - y; child = btoa('