mirror of
https://codeberg.org/vlw/honeypot.git
synced 2025-11-04 20:12:42 +01:00
vlw
0234ef984b
Baby steps that implements everything from the original [unfinished] version of this project from a bit over 2 years ago. We'll see what fun stuff we can add over time! Reviewed-on: https://codeberg.org/vlw/honeypot/pulls/1 Co-authored-by: vlw <victor@vlw.se> Co-committed-by: vlw <victor@vlw.se>
30 lines
No EOL
1.1 KiB
JavaScript
30 lines
No EOL
1.1 KiB
JavaScript
const LOGIN_PAGE = "/login";
|
|
const STORAGE_KEY_LOGGEDIN = "mydlink_dashboard_login";
|
|
|
|
// Set a generous global navigation delay to simulate crappy web software
|
|
VV.delay = 3500;
|
|
|
|
// Redirect the user to the login page if session storage key is not set
|
|
if (!sessionStorage.getItem(STORAGE_KEY_LOGGEDIN) && window.location.pathname !== LOGIN_PAGE) {
|
|
const getRandomString = (length = 16) => {
|
|
const CHARSET = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
|
|
let string = "";
|
|
|
|
for (let i = 0; i < length; i++) string += CHARSET[Math.floor(Math.random() * CHARSET.length)];
|
|
|
|
return string;
|
|
};
|
|
|
|
const url = new URL(window.location);
|
|
|
|
// Set some legit looking overcomplicated search parameters
|
|
url.searchParams.set("mydl_sid", getRandomString());
|
|
// This is our fake "user is logged in" Storage API key
|
|
url.searchParams.set("action", STORAGE_KEY_LOGGEDIN);
|
|
url.searchParams.set(`mydl_${getRandomString(3)}`, "dashboard");
|
|
url.searchParams.set(`mydl_asas_${getRandomString(4)}_${getRandomString(8)}`, "login_cgi");
|
|
|
|
url.pathname = LOGIN_PAGE;
|
|
|
|
new VV().navigate(url);
|
|
} |