[Javascript] Get iframe html

[TheJjokerR]

The site I'm trying to exploit ...

Careful now.

"It's my own site"

"Why are there quotes around my posts?"

Anyways, I'll just use a bookmark to get the information needed and send it through an iframe.

[Gamemania]

That would be plainly impossible
Because if that was possible, every user's account on every site would be hacked by just embbeding an iframe and steal the frame's information

Ok, well it wouldn't get everyones account hacked, seeing how you wouldn't be able to see the password anywhere.

You forgot document.cookie?
And the fact that 9/10 of those sites that need password usually have a profile page that displays most information you need to hack someone's account

On to topic
If you want to remain a session, search up the cookie for something like PHPSESSID, that should get you what you need
But if you want someone else's session, that's not the approach you are looking for

[errk]

You forgot document.cookie?

document.cookie will only work if he can get a XSS working. However, I don't think that's the case here. From my understanding (correct me if I'm wrong), Joker wants to get the user to visit a third party site, and get the third party site to iframe the victim site, then read into the iframe. This is not possible to do in any browsers because it violates the Same Origin Policy (the basis of web security).

[tremor77]

Why are you trying to use an Iframe in the first place? You could use standard frames and set frame target names... or you could import the page data using a php include. Ultimately the best approach would be to try use some sort of CURL page grab - I'm thinking about a PHP class I was writing (and lost somewhere) that worked as a proxy login to HTS (it was marginally effective - i never polished it off - my original intent was to use it to dictionary attack my own account). Still chances are what you're trying to do is not possible.