Almost Hijacking XHRs with JavaScript

Scenario

In this situation we have used JavaScript inherent prototype feature to replace the built-in methods of the XMLHttpRequest object. To do this we first save the open, setRequestHeader, and send methods and then overwrite them in the native XHR object with our own functions that do the original things but also something of our choice. In this case we simply alert the values being sent. However, it would be easy enough to send the data of interest we will do that in the next example which is a full solution.

Important Note: This example doesn't work in IE which doesn't really have a native XHR object thus you can't prototype it. Another example will get around this.

Important Firebug Users - You must disable Firebug for this to work!

How do you feel about Ajax Security?

Who cares... - [ 1 2 3 4 5 ] - Scared out of my mind