An electron app to assess magecart impact
git clone https://github.com/kempy007/magecart-shim.git
- open your favourite browser hit F12, browse to target website to be evaluated, dig through code to find form data, make notes
-
edit line 7 of 'page-shim.html' and change src= to website to be evaluated.
-
edit line 5 & 7 of 'js-shim.js' to the form id that is collecting card data.
-
edit line 32 of 'js-shim.js' to to relevant jquery or vue.js library if required to prevent electron conflicts.
-
optional: edit line 17 of 'js-shim.js' to an endpoint under your control with TLS.
- cd to project directory. ```npm install``
npm start
- go through checkout process, validate data has been skimmed, if not debug and reiterate.
License is free as in beer
Mitigation is to implement CSP header and SRI