Bookmarklets
Inspired by a post from Jeremy Kieth, I thought I’d share some bookmarklets that I use. This page will be updated from time to time whenever I think of a new one.
What are “Bookmarklets”?
Bookmarklets are links that you can bookmark that, instead of directing you to another webpage, perform some action on the webpage you’re on. In the case of the ones I have here, they perform some Javascript operation(s) on the page you’re on. These can even be done on pages that aren’t typically thought to be HTML documents. To make use of the ones I have here, just click and drag the provided links to your Bookmarks bar.
Most of the code for the bookmarklets has been condensed, in part because I used to think it was really cool to heavily obfuscate my code. Expanded versions have been provided. While I trust these, seeing as I wrote them, always remember to never run code you don’t fully understand or trust.
The list
Display Site Generator
This bookmarklet finds all <meta name="generator" ... /> tags on a webpage to see what CMS might have generated it. It also does a hardcoded check for SquareSpace sites, since they don’t use that meta tag.
Expanded Code
a=(g)=>{alert('Generator: '+g);};
document.querySelectorAll('meta').forEach((m)=>{
if(m.name.search(/generator/i) != -1) {
a(m.content);
}
});
if(document.head.innerHTML.search(/<!-- This is Squarespace\. -->/) != -1){
a('Squarespace');
}
Go To Robots.txt
Yes, sometimes I really am too lazy to go to the address bar and type out “/robots.txt” so I made a bookmarklet for it. What of it?
The Code
window.location.assign('/robots.txt');
Linkify Robots.txt
Once you’re looking at a robots.txt file, you can use this bookmarklet to create links for each of the filepaths listed. This makes checking each one a much easier task when doing an audit of a site.
Expanded Code
d = document;
d.ce = d.createElement;
pre = d.getElementsByTagName('pre')[0];
c = d.ce('div');
c.id = "c";
pre.insertAdjacentElement('afterend',c);
ent = pre.textContent.split("\n");
ent.forEach((e)=>{
[n, p] = e.split(": ");
if(p && p[0]=="/"){
a = d.ce('a');
a.href = d.location.origin + p;
a.innerText = p;
a.target = '_blank';
c.appendChild(a);
c.appendChild(d.ce('br'));
}
});
Hide Aria-Hidden Elements
Taken from this post, The hidden world of aria-hidden, this bookmarklet will hide all elements on a page that have the aria-hidden="true" attribute. I kept this one on hand for some reason I no longer remember. Nonetheless, I still think it’s very neat.
Expanded Code
(
function(){
var d = document,
id = 'ahbkmklt',
el = d.getElementById(id),
f = d.querySelectorAll('iframe'),
i = 0,
l = f.length;
if(el){
el.remove();
if(l){
for(i = 0; i < l; i++){
try{
f[i].contentWindow.document.getElementById(id).remove();
}catch(e){
console.log(e)
}
}
}
}
else{
s = d.createElement('style');
s.id=id;
s.appendChild(d.createTextNode('*[aria-hidden=%22true%22]{color:black !important;background:black!important;outline:red solid 2px;!important;} *[aria-hidden=%22true%22] *{visibility:hidden !important} *[aria-hidden=%22true%22]:before{content:%22%F0%9F%98%9D%22 !important;}'));
d.getElementsByTagName('head')[0].appendChild(s);
for(i = 0; i < l; i++){
try{
f[i].contentWindow.document.getElementsByTagName('head')[0].appendChild(s.cloneNode(true));
}catch(e){
console.log(e)
}
}
}
}
)();
Default Urchin Login
A bit more nefarious, this bookmarklet will fill in and submit the login page for the Urchin analytics web panel. A self-hosted analytics engine, some versions of this software shipped with default credentials. I used this for a time when I mass stuffing creds looking for unsecured instances. I share it now for the sake of pointing out the overall usefulness of bookmarklets.
Expanded Code
f=document.getElementsByName('login')[0];
f.user.value='admin';
f.pass.value='urchin';
f.submit();
PokeFarm Bookmarklets
PokéFarm Q is a browser game where you hatch Pokemon from eggs by interacting with other users’ eggs and by feeding berries to their Pokemon. It’s not the most exciting game in the world, but I really enjoy it. I like it so much, in fact, that I’ve written some code to make playing it more efficient.
Auto Next Field
This script is intended to be ran on a user’s public fields page. Once ran, this script will track the number of key presses or mouse clicks. Once 40 events are counted, the Next > button is clicked moving you to the next field.
I wrote this because mass-clicking users is a common element of the game. Some people have multiple thousands of Pokemon in their fields, and it can take a long time to click all of them. What I’ve noticed is that the two major factors that slow me down when mass clicking is: 1) switching between berries and 2) moving my cursor to the Next > button and back to the field. This script eliminates one of those slow downs.
It is a naive script since it does not check if you’re actually interacting with a Pokemon, or if there are less than 40 Pokemon in the field. It only cares if there were 40 events or not. As such, it could be further optimized, but for now, it’s good enough.
Expanded Code
(function() {
let eventCounter = 0;
const nextPageButton = document.querySelector('#field_nav [data-action=next]');
const incrementCounter = (e) => {
if (e instanceof MouseEvent || (e instanceof KeyboardEvent && '12345'.indexOf(e.key) > -1)) {
eventCounter++;
if (eventCounter >= 40) {
nextPage();
eventCounter = 0;
}
}
};
const nextPage = () => {
if (nextPageButton.disabled) { return }
nextPageButton.click();
};
document.addEventListener('mousedown', incrementCounter);
document.addEventListener('keydown', incrementCounter);
})();