[Greasemonkey] greasemonkey for secure data over insecure networks / sites

John gm at plsek.id.au
Tue Jul 19 04:04:49 EDT 2005


Mark Pilgrim wrote:

>On 7/18/05, Jeremy Dunck <jdunck at gmail.com> wrote:
>  
>
>>So, uh, the script leaking investigation isn't entirely for the glory
>>of knowing.  It also sucks to leak private keys.
>>    
>>
>
>Last week I showed that the complete text of every single one of your
>locally-installed user scripts could be leaked to remote sites (
>http://diveintogreasemonkey.org/experiments/script-leak.html ), and
>
>  
>
Does this "exploit" rely on the knowledge of the existence of 
"window.GM_apis"?

coz, your exploits don't work on my version of greasemonkey ... I 
replaced "GM_apis" with a random string (newly generated for every 
inject) ... or is there a way around that?

John


More information about the Greasemonkey mailing list