public marks

PUBLIC MARKS from decembre with tags greasemonkey & security

This year

GM COOKIE - Cookie Injection Using Greasemonkey | Views From The Hill

To use with Wireshark. The CookieInjector userscript simplifies this process, by allowing the user to copy-paste the cookie portion of the dump and have the cookies from the dump automatically created on the currently viewed web page. Updated Cookie Injector Script available on


Flickr markdown code for Greasemonkey

Adds a markdown code choice on flickr photo download page. [Update] Modifies the image source url so that it can be accessed from C*H*I*N*A


Curiosity is bliss: XMLHttpRequest - Security Bypass

While trying to help Dare make his MovieFinder page run in Firefox, I ran into an issue that can make developing AJAX applications a pain: when testing your pages, you need to host them in the same domain as your services. I explain the details of the problem and how the "XMLHttpRequest - Bypass Security" Greasemonkey user script solves it. Note: this script is meant for development only, as it gives the page access to a potentially dangerous API. The default @include is "file:///*", but feel free to restrict it even further to the path for the pages you're trying to tweak. You should never have to @include an http ur

Megaupload Auto-Fill Captcha - Greasemonkey - OCR in Java

Auto-fills the megaupload/megarotic captcha and optionally auto-starts download: Rewritten to do OCR in javascript, auto-submit for captcha form. Warning: This runs methods from unsafeWindow, so don't use it if you don't trust since it's possible to use that to run javascript with more privileges. I might write a GIF decoder to avoid this soon.


HTTP-to-HTTPS redirector

lets you define a list of URLs you want to make sure always use https.