magento2.3 – How can I hijack the click event of a button with my own Ajax Get function? Magento 2

I want to add a new button to an existing admin page.
I want to call an Ajax Get () function that clicks this button.
I've created a main.js script file to load on this page because when I create a console.log, I get the code here.
Although there is another script file that "hijacks" the click of this button.
Rather than triggering my Ajax function from main.js, another JS function is triggered by a require_js.phtml file.

The code in the require_js.phtml file:



This is the JS Ajax function that I want to trigger from main.js, but which is "hijacked". Although console.log ("jivet click"); is logged.

$("#jivet").click(function() {
    console.log("jivet click");
    $.get(
        "https://online.jivet.com/api/index.aspx?action=GetAllDIDs",
        function(data) {
            console.log("page content: " + data);
        }
    );
});

Gmail – Is it possible to hijack Google sessions (not just Google?) In the browser?

The following Youtube video is about Google session hijacks from Gmail.

I generally think that hacking (in modern browsers, except for short-term critical bugs) can not be triggered by a website owner, because otherwise the web would be very dangerous.

There are 2 points in the video that I'm skeptical about. Is the following possible (indication of important information)?

  1. Clicking a link in Gmail can lead to a Google Meeting Hijack.
  2. Downloading a file can cause it to run in the background.

Email spoofing – Is it possible to hijack certain emails remotely?

I'm not sure how to ask that, but I've recently been presented with emails that look like they came from my email and IP address, but I did not send them and never saw them. This is a back-and-forth correspondence with another Gmail account. Is it possible that someone has been able to relay without my knowledge and make it look as if it came from and to me? I've found that somebody has sneaked into AnyDesk during this time and has remote access to my laptop so he can access everything.

DNS – How do attackers hijack JS / CSS content?

I have just encountered a problem, the cached js files showed porn sites

Network Diagram

Here is the simple network diagram.

https://cdn.mysite.com/js/app.js shows porn site, but when I add in query string

https://cdn.mysite.com/js/app.js?t=20180928130702. Then display the correct content

AWS S3 displays the correct file

The content in AWS S3 is correct.

How does the attacker change the content in the middle? How can we prevent this?

P / S: temporary solution is to deactivate the middle CDN for the time being

Routing – Routesetup for BGP Hijack

I'm working on an exercise that attacks BGP configurations on a HTB machine to track traffic to a specific machine.

I have root access to the original computer and am now trying to configure the relevant routes to direct the traffic to me.

I understand BGP hijacking so that I need to create a new AS with a simpler route so traffic will be routed to me.

Based on this assumption I tried to add my machine as AS4 As well as my IP address for the local route table, I set up Wireshark on my attacker and listened to the traffic.

In the following, I changed that bgpd.conf.org to…
The AS300 AS is what I aim for.

!
! Zebra configuration saved before vty
! 2018/07/02 02:14:27
!
route-map to-as200 allows 10
route-map to-as300 allow 10
Approach sketch to-as400 allow 10
!
Router BGP 100
bgp router-id 10.255.255.1
Network 10.101.8.0/21
Network 10.101.16.0/21
Network my_machines_ip
Redistribution connected
Neighbor 10.78.10.2 Remote as 200
Neighbor 10.78.11.2 Remote as 300
Neighbor 10.78.10.2 Directions to-as200 out
Neighbor 10.78.11.2 Approach to-as300 off
Neighbor my_ip remote-as 300
neighbor my_ip route-map to-as300
!
Line vty
!

Route added on footboard …

root @ victim: ~ # ip route add my_ip dev eth2 proto zebra
ip route add my_ipdev eth2 proto zebra 

I can see that I will be added when I check in vtysh but there seems to be no activity there or in my Wireshark.

Did I either misunderstand what to do or is my process just wrong?

r1 # show ip bg summary
show ip bg summary
BGP router ID 10.255.255.1, local AS number 100
RIB entries 54 using 6048 bytes of memory
Peers 3 with 13 KB memory

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up / Down Status / PfxRcd
my_ip 4 300 0 0 0 0 0 never active
10.78.10.2 4 200 7 11 0 0 0 00:02:27 22
10.78.11.2 4 300 6 10 0 0 0 00:02:30 22

Total number of neighbors 3