mirror of
https://codeberg.org/vlw/honeypot.git
synced 2025-11-05 04:22:43 +01:00
30 lines
No EOL
1.1 KiB
JavaScript
30 lines
No EOL
1.1 KiB
JavaScript
const LOGIN_PAGE = "/login";
|
|
const STORAGE_KEY_LOGGEDIN = "mydlink_dashboard_login";
|
|
|
|
// Set a generous global navigation delay to simulate crappy web software
|
|
VV.delay = 3500;
|
|
|
|
// Redirect the user to the login page if session storage key is not set
|
|
if (!sessionStorage.getItem(STORAGE_KEY_LOGGEDIN) && window.location.pathname !== LOGIN_PAGE) {
|
|
const getRandomString = (length = 16) => {
|
|
const CHARSET = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
|
|
let string = "";
|
|
|
|
for (let i = 0; i < length; i++) string += CHARSET[Math.floor(Math.random() * CHARSET.length)];
|
|
|
|
return string;
|
|
};
|
|
|
|
const url = new URL(window.location);
|
|
|
|
// Set some legit looking overcomplicated search parameters
|
|
url.searchParams.set("mydl_sid", getRandomString());
|
|
// This is our fake "user is logged in" Storage API key
|
|
url.searchParams.set("action", STORAGE_KEY_LOGGEDIN);
|
|
url.searchParams.set(`mydl_${getRandomString(3)}`, "dashboard");
|
|
url.searchParams.set(`mydl_asas_${getRandomString(4)}_${getRandomString(8)}`, "login_cgi");
|
|
|
|
url.pathname = LOGIN_PAGE;
|
|
|
|
new VV().navigate(url);
|
|
} |