Leet Script of the Day: Check for Visible and Hidden Frames on a Page

Listen to this Post

Paste this into developer tools -> console:

[javascript]
window._details = [‘iframe’, ‘frame’, ‘object’, ’embed’].map(type => Array.from(document.querySelectorAll(type)).map((el, index) => Type: ${type}, Src: ${el.src || 'No src'}, ID: ${el.id || 'No ID, index ' + index}, Class: ${el.className || 'No class'}, HTML: ${el.outerHTML.slice(0, 200)})).flat();
if (window._details.length) {
console.log(“Detected framing elements:”);
window._details.forEach(detail => console.log(detail));
} else {
console.log(“No common framing methods detected.”);
}
[/javascript]

You can find some very interesting things that were not visible without a little digging.

Practice Verified Codes and Commands:

1. Linux Command to List Open Network Connections:

netstat -tuln

This command lists all open network connections and listening ports on a Linux system.

2. Windows Command to Check for Hidden Files:

[cmd]
dir /a
[/cmd]
This command lists all files, including hidden ones, in the current directory.

  1. Bash Script to Monitor Changes in a Directory:
    inotifywait -m -r -e create,modify,delete /path/to/directory
    

    This script monitors a directory for any file changes, such as creation, modification, or deletion.

  2. Python Script to Extract Hidden Frames from a Web Page:

    from bs4 import BeautifulSoup
    import requests</p></li>
    </ol>
    
    <p>url = 'http://example.com'
    response = requests.get(url)
    soup = BeautifulSoup(response.text, 'html.parser')
    
    for tag in soup.find_all(['iframe', 'frame', 'object', 'embed']):
    print(f"Type: {tag.name}, Src: {tag.get('src', 'No src')}, ID: {tag.get('id', 'No ID')}, Class: {tag.get('class', 'No class')}")
    

    This script extracts and prints details of all iframes, frames, objects, and embeds from a given web page.

    What Undercode Say:

    In the realm of cybersecurity, understanding the structure and behavior of web pages is crucial. The provided JavaScript snippet is a powerful tool for detecting visible and hidden frames, which can often be used for malicious purposes such as clickjacking or embedding unauthorized content. By running this script in the browser’s developer console, you can quickly identify potential security risks.

    On the Linux side, commands like `netstat -tuln` are invaluable for monitoring network activity, ensuring that no unauthorized connections are established. Similarly, the `dir /a` command in Windows helps in uncovering hidden files that might be used to conceal malicious software.

    For those who prefer scripting, the provided Python script using BeautifulSoup offers a programmatic way to analyze web pages for hidden elements. This can be particularly useful for automated security audits or penetration testing.

    In conclusion, whether you’re a developer, a security analyst, or just a curious tech enthusiast, these tools and commands provide a solid foundation for exploring and securing web content. Always remember to use these tools responsibly and ethically, as they can reveal sensitive information.

    For further reading on web security and frame detection, consider visiting:
    OWASP Clickjacking Defense Cheat Sheet
    Mozilla Developer Network: iframe
    Linux man page for netstat

    Stay vigilant, and keep exploring the depths of cybersecurity!

    References:

    Hackers Feeds, Undercode AIFeatured Image