Bookmarklets
Inspired by a post from Jeremy Kieth, I thought I’d share some bookmarklets that I use. This page will be updated from time to time whenever I think of a new one.
What are “Bookmarklets”?
Bookmarklets are links that you can bookmark that, instead of directing you to another webpage, perform some action on the webpage you’re on. In the case of the ones I have here, they perform some Javascript operation(s) on the page you’re on. These can even be done on pages that aren’t typically thought to be HTML documents. To make use of the ones I have here, just click and drag the provided links to your Bookmarks bar.
Most of the code for the bookmarklets has been condensed, in part because I used to think it was really cool to heavily obfuscate my code. Expanded versions have been provided. While I trust these, seeing as I wrote them, always remember to never run code you don’t fully understand or trust.
The list
Display Site Generator
This bookmarklet finds all <meta name="generator" ... /> tags on a webpage to see what CMS might have generated it. It also does a hardcoded check for SquareSpace sites, since they don’t use that meta tag.
Expanded Code
a=(g)=>{alert('Generator: '+g);};
document.querySelectorAll('meta').forEach((m)=>{
if(m.name.search(/generator/i) != -1) {
a(m.content);
}
});
if(document.head.innerHTML.search(/<!-- This is Squarespace\. -->/) != -1){
a('Squarespace');
}
Go To Robots.txt
Yes, sometimes I really am too lazy to go to the address bar and type out “/robots.txt” so I made a bookmarklet for it. What of it?
The Code
window.location.assign('/robots.txt');
Linkify Robots.txt
Once you’re looking at a robots.txt file, you can use this bookmarklet to create links for each of the filepaths listed. This makes checking each one a much easier task when doing an audit of a site.
Expanded Code
d = document;
d.ce = d.createElement;
pre = d.getElementsByTagName('pre')[0];
c = d.ce('div');
c.id = "c";
pre.insertAdjacentElement('afterend',c);
ent = pre.textContent.split("\n");
ent.forEach((e)=>{
[n, p] = e.split(": ");
if(p && p[0]=="/"){
a = d.ce('a');
a.href = d.location.origin + p;
a.innerText = p;
a.target = '_blank';
c.appendChild(a);
c.appendChild(d.ce('br'));
}
});
Hide Aria-Hidden Elements
Taken from this post, The hidden world of aria-hidden, this bookmarklet will hide all elements on a page that have the aria-hidden="true" attribute. I kept this one on hand for some reason I no longer remember. Nonetheless, I still think it’s very neat.
Expanded Code
(
function(){
var d = document,
id = 'ahbkmklt',
el = d.getElementById(id),
f = d.querySelectorAll('iframe'),
i = 0,
l = f.length;
if(el){
el.remove();
if(l){
for(i = 0; i < l; i++){
try{
f[i].contentWindow.document.getElementById(id).remove();
}catch(e){
console.log(e)
}
}
}
}
else{
s = d.createElement('style');
s.id=id;
s.appendChild(d.createTextNode('*[aria-hidden=%22true%22]{color:black !important;background:black!important;outline:red solid 2px;!important;} *[aria-hidden=%22true%22] *{visibility:hidden !important} *[aria-hidden=%22true%22]:before{content:%22%F0%9F%98%9D%22 !important;}'));
d.getElementsByTagName('head')[0].appendChild(s);
for(i = 0; i < l; i++){
try{
f[i].contentWindow.document.getElementsByTagName('head')[0].appendChild(s.cloneNode(true));
}catch(e){
console.log(e)
}
}
}
}
)();
Default Urchin Login
A bit more nefarious, this bookmarklet will fill in and submit the login page for the Urchin analytics web panel. A self-hosted analytics engine, some versions of this software shipped with default credentials. I used this for a time when I mass stuffing creds looking for unsecured instances. I share it now for the sake of pointing out the overall usefulness of bookmarklets.
Expanded Code
f=document.getElementsByName('login')[0];
f.user.value='admin';
f.pass.value='urchin';
f.submit();