Skip to content

Playing a bit with localStorage

by on April 15, 2013

HTML5 is here and companies are starting to use it more and more to add value to their products. During the pentest we should be able to identify those new functionalities and their associated risks.

I was playing today a bit with some HTML5 apps and localStorage got my attention. This is a feature to store content locally on the browser for later use on the application and may contains sometimes sensitive information.

Although out there are plenty of apps and browsers’ extensions to check the content of these storage, we may be force to do a test where we don’t have access to such tools. I was looking for a “one line JavaScript” that can retrieve all the content stored locally for a given page, some kind of alert(document.cookie) for localStorage. Couple of searches later I got my solution:

javascript:for(var i=0;i<localStorage.length;i++){alert(localStorage.key(i)+”:”+localStorage.getItem(localStorage.key(i)));}

We can use the code above to execute it on the local context of a page and return all the objects inside the localStorage.

From → pentura

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: