Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

failure to properly execute in-page scripts

See original GitHub issue

Using node v0.6.13, zombie@0.12.15, contextify@0.1.2, jsdom@0.2.13 on Windows 7 x64

Why does Zombie produce an improper output compared to the more basic contextify version in the following example?

Desired output

For reference, the desired output should be a long string. Example of proper output can be seen by navigating to https://accounts.google.com/SignUp, and executing the following javascript code:

//will display an output string if executed at https://accounts.google.com/SignUp
document.bg.invoke( function(response){
    console.log(response);
});

Output varies depending on when document.bg is initialized to new botguard.bg(), because the botguard script mixes in a timestamp salt when encoding.

Case 1

Zombie context does not produce proper output Output is length string of length 11, something like

!Aw8AAxEAAA

var Browser = require("zombie");
var userAgent = "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20100101 Firefox/11.0";
Browser.visit( "https://accounts.google.com/SignUp", {runScripts:true, debug:true, userAgent: userAgent }, function (e, browser, status) {
    var base64 = require("./modules/base64");
    browser.window.atob = function(str){
        return base64.decode(str);
    };
    browser.window.btoa = function(str){
        return base64.encode(str);
    };
    browser.window.navigator = {};
    browser.window.userAgent = browser.window.navigator.userAgent = "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20100101 Firefox/11.0";
    browser.fire('load', browser.window);
    browser.wait(function(err, browser) {     
        browser.document.bg.invoke( function(response){
            console.log(response);
        });             
    });
});

gist for case 1

Case 2

Using only contextify does however produce similar output to the page at https://accounts.google.com/SignUp Output is a long string, length of ~800+ characters, will be something similar to

!AwdZObwmDwADFgezDQKAUvDX7KQEaCVqpKDwk0sFawTKzp79JWsRc7W-6JxtI34fwI7VujY1ZRHV1IWlLiNkAczWhsMDCFA19-3_xUlzP0-GreqYW0dIaIuH2L1yaH0m5em20xwGE1ySlsalfU5bM_7j9phbFU0o8PasyEQNWyng767LIiBwHdTUlbIUWk9v4-ytjXp7LEaPgsPjAAxTNvnji6U1OmEOzNuD7DUoIwOHjM-ubiB0AIzeiuQnJ2sGxd6YpipsLEKFhd-oaiRiDdTInvt-OQYmquTxkEgGaAfJzZ3-JmgScLa9659uLnARndub9TIyaB_dk9W6Y38pTMmtuJgUWg569sOZ-z02YBSYue6ETUABXN7x5MwVFUsl5v-khFtaGminrLC6NnhtTYCaj-EoMSQY1dWP4TQ3bRjHl4Kqc3MtQ4CZwuI9PHwOwcrW3FAeCyvm_OmgYm81WJ2dz4JLVhBxurGqlltbAW-6ueOWSRkMJOu_1r5nbjNvor7mn29gJVWlpvyYUVMVSaCj955ecSdEh5zHszE1c0nXio60KnxgauaovZ1QSl8W1NmD7isreTT94KbHDAccebi__t5aURJ3ta_pxwEcEyu_6-zcWT0oCITKnupmQCF1ibfjkU5FAizv75fyLTBkA8rnvdAMDl4q462w2AAaX3G3qqWUC1Jdb_C3iKgkan8exoj-kltUE2euuPmqcm4-X57ehOoiLWwNgcea7jYoM1mG0tbnfiAvHYXC_d1RHwprs_2L5y4hZhLbzYzfBxtLKuurwbFodSgIjJbPvD46fEbZgIC6JH1ha-epvJxRS14NxMmJ-zIMWDHvr_mAT00dPbmj-okLD0lz6LW0jhBOUg

Contextify = require("contextify")
    , base64 = require("base64")
    , var https = require("https");     
function setupWindow(){
    var window = Contextify({console : console});
    window.document = {};
    window.navigator = {};
    window.navigator.userAgent = "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.152 Safari/535.19";
    window.atob = function(str){
        return base64.decode(str);
    };
    window.btoa = function(str){
        return base64.encode(str);
    };
    window.window = window.getGlobal();
    return window;
}
function extractSeed(html){
    var matches = html.match(/document\.bg\s=\snew\sbotguard.bg\('(.+)'/gi);
    var value = matches[0].match(/'(.+)'/);
    var seed = value[1];
    return seed;
}
function extractScript(html){
    var script = html.match(/Ym90Z3VhcmQtY29udGFjdEBnb29nbGUuY29tCg==\s\*\/(.+)$/m);        
    script = script[1].replace("</script>", "");
    script = script.match(/'([^']+)'/);
    script = script[1].replace(/\\\\/g, "\\");
    return script;      
}
var options = {
    host: accounts.google.com
    , path: this.register_path      
};
https.get( options, function(res){
    var data = "";  
    res.setEncoding("utf8");    
    res.on("data", function(chunk){
        data+=chunk;            
    }); 
    res.on("end", function(){
        var window = setupWindow();
        var script = extractScript( data );
        var seed = extractSeed( data );     
        window.run(script);     
        window.document.bg = new window.botguard.bg(seed);
        window.document.bg.invoke( function(response){
            console.log(response);              
        });
    });
});

gist for case 2

Case 3

If the Zombie environment in Case 1 is changed by adding the following lines immediately after browser.wait(function(err, browser) { Then output will be a string of length ~200 characters, something similar to

!Awcr_SnEDwAEFQg0IwoAfJlFRM8p4JdTEBDU9Pu-H02i0kNjfd2ksPWG0e7fMF0TpVlCwM7p6kR1eO6Ndjhyq8jGuqTn7GomWkDHkjWMfQU-qaVaj2KoFrMKYtepErfLVSTYjcZfuVBbtZREGTYFW9YkcXXT0htjbfr5dA-_SNnPYNqe4E5YLIg2ymkNAAX6WH9EDA

var matches = browser.html().match(/document\.bg\s=\snew\sbotguard.bg\('(.+)'/gi);
var value = matches[0].match(/'(.+)'/);
var seed = value[1];
browser.window.document.bg = new browser.window.botguard.bg( seed );

gist for case 3

Issue Analytics

  • State:closed
  • Created 11 years ago
  • Comments:7 (2 by maintainers)

github_iconTop GitHub Comments

3reactions
mikehearncommented, May 21, 2012

Hi there,

I work for Google on signup and login security.

Please do not attempt to automate the Google signup form. This is not a good idea and you are analyzing a system that is specifically designed to stop you.

There are no legitimate use cases for automating this form. If you do so and we detect you, the accounts you create with it will be immediately terminated. Accounts associated with the IPs you use (ie, your personal accounts) may also be terminated.

If you believe you have a legitimate use case, you may be best off exploring other alternatives.

0reactions
ghostcommented, Oct 4, 2013

#mikehearn

sound like, oh please no

Read more comments on GitHub >

github_iconTop Results From Across the Web

Inpage injection fails in Firefox under some CSP settings #3133
Hey, as far as I can tell, my content security policy is preventing MetaMask from injecting its scripts. This is only happening in...
Read more >
634381 - Page scripts are run before script appended to page ...
The issue is that the inpageText variable contains the string contents of the un-browserified source code instead of the browserify-compiled code. The MetaMask ......
Read more >
Open, Fix, Repair Corrupt Inpage File , Recover Data
Open, Fix, Repair Corrupt Inpage File , Recover Data. This small tutorial will help you to open, fix, repair corrupt Inpage file giving ......
Read more >
Fix Error performing inpage operation on Windows 11/10
Some Windows 11/10 users are unable to open, install uninstall apps on their systems. When they try to do the same, the following...
Read more >
Failed to execute 'postMessage' on 'DOMWindow': https://www ...
I believe this is an issue with the target origin being https . I suspect it is because your iFrame url is using...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Error on visit()

Next page

npm run deploy error