The attacks in this section are designed to help you learn about how JavaScript is used in the browser and how it can be manipulated. The attacks could be carried out by just analysing network traffic, but that isn't the point and it would also probably be a lot harder.

Low Level

All the JavaScript is included in the page. Read the source and work out what function is being used to generate the token required to match with the phrase and then call the function manually.

We're primarily interested in our generate_token function here

Token value of "phrase" user input uses a simple rot13 algorithm handled here

Left-click: follow link, Right-click: select node, Scroll: zoom