And let the password be unmask!!!

If you ever come across a page like below, then this is for you!

You might have heard about Sandboy's Revelation who unmask password fields like this!
But Revelation works with only windows based application and fails with Firefox! Once again thanks to open-source for Firefox!

Now lets do it in Geekish way so it will work with all kinda browsers and of course independent of platform!

Here comes javascript which is tested on Firefox & IE!

javascript: alert(document.getElementById('Passwd').value);

Just copy above code and paste it in ur browsers address bar (navigation bar or url bar).


They press enter and you will see a prompt like this!Of course your password may be different!

There is one more similar script! This will change HTMLs <input> tags "type" attribute from "password" to "text"!

javascript: alert(document.getElementById('Passwd').type='text');

On hitting enter you will see a prompt, just ignore it and look at screen... The password field will be unmasked any now and look like this!The above script may fail on hotmail when opened in firefox! But don't worry.

Try following code in the same way! This does not work with antique IE 6.0 and with release of firefox 2.0, I did not bothered to give IE 7.0 a try!

This will again prompt password like above!

javascript: function getElementsByAttribute(oElm, strTagName, strAttributeName, strAttributeValue){ var arrElements = (strTagName == "*" && oElm.all)? oElm.all : oElm.getElementsByTagName(strTagName); var arrReturnElements = new Array(); var oAttributeValue = (typeof strAttributeValue != "undefined")? new RegExp("(^|\\s)" + strAttributeValue + "(\\s|$)") : null; var oCurrent; var oAttribute; for(var i=0; i< ocurrent =" arrElements[i];" oattribute =" oCurrent.getAttribute" oattribute ="="> 0){ if(typeof strAttributeValue == "undefined" || (oAttributeValue && oAttributeValue.test(oAttribute))){ arrReturnElements.push(oCurrent);}}} return arrReturnElements; } alert( getElementsByAttribute(document.body, "input", "type", "password")[0].value);

And this will unmask password filed like above!

javascript: function getElementsByAttribute(oElm, strTagName, strAttributeName, strAttributeValue){ var arrElements = (strTagName == "*" && oElm.all)? oElm.all : oElm.getElementsByTagName(strTagName); var arrReturnElements = new Array(); var oAttributeValue = (typeof strAttributeValue != "undefined")? new RegExp("(^|\\s)" + strAttributeValue + "(\\s|$)") : null; var oCurrent; var oAttribute; for(var i=0; i< ocurrent =" arrElements[i];" oattribute =" oCurrent.getAttribute" oattribute ="="> 0){ if(typeof strAttributeValue == "undefined" || (oAttributeValue && oAttributeValue.test(oAttribute))){ arrReturnElements.push(oCurrent);}}} return arrReturnElements; } ; alert( getElementsByAttribute(document.body, "input", "type", "password")[0].type="text" ) ;

Above scripts successfully tested on gmail, yahoo, hotmail, rediff login pages! In fireox you can also right-click on any frame and can open that frame separately in different window or tab and then can use any of above script!

Also any password field can be unmasked using DOM Inspector in firefox! Please don't make false assumption that firefox is insecure! There is a feature called "master password" in firefox! That will protect your passwords against all javascript, DOM Inspectors, etc!

Enjoy!!!

Hacking with Javascript

This hack simply make the images of the website to rover the page. This is how it's done.
1.) Go to any website with images like http://www.microsoft.com
2.) Now you're in the home page, delete the URL in the address bar of your browser and replace it with this script: javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300; y4=200; x5=300; y5=200; DI=document.images; DIL=DI.length; function A(){for(i=0; i-DIL; i++){DIS=DI[ i ].style; DIS.position='absolute '; DIS.left=Math.sin(R*x1+i*x2+x3)*x4+x5; DIS.top=Math.cos(R*y1+i*y2+y3)*y4+y5}R++}setInterval('A()',5); void(0);
3.) And of course, press enter.
4.) Thadah!!!

Is that Google in the URL bar? Did I really owned google? This is how it's done:
1.) Go to http://www.google.com
2.) Delete and replace the url with this script: javascript:document.write("0wn3d by chr1x2");

Simple but cool!