1

I want to collect some data inside a user-area of a particular page and send this data to my web server.

As this data holds private financial information, the transfer should be secured.

How can I send the data securely using Greasemonkey or Tampermonkey?

Brock Adams
  • 90,639
  • 22
  • 233
  • 295
Tobias Laubscher
  • 13
  • 5
  • Not sure what kind of answer you expect as there's nothing special about userscripts in this regard. I'd say a lot of generic existing recommendations would apply here like `use HTTPS` and so on. – wOxxOm Dec 16 '15 at 10:13
  • Ok, I'm quite new in programming with javascript at all, perhaps you could point me to a good tutorial to learn about secure data transfer with javascript. – Tobias Laubscher Dec 16 '15 at 20:17
  • I don't have any at hand but obviously since this is widely used there are tons of googlable information and examples: [javascript secure communication](https://www.google.com/#q=javascript%20secure%20communication). – wOxxOm Dec 16 '15 at 21:12

1 Answers1

1

To transmit data securely from a Greasemonkey/Tampermonkey script, use GM_xmlhttpRequest() to POST data to your secure server.
Use SSL (https://) to do so.

For example:

// ==UserScript==
// @name     _Demonstrate secure data transmission
// @include  http://YOUR_SERVER.COM/YOUR_PATH/*
// @grant    GM_xmlhttpRequest
// ==/UserScript==

var secureStr_1 = "Don't let anybody see this!",
    secureStr_2 = "The Super secret borscht recipe is...";

GM_xmlhttpRequest ( {
    method:     "POST",
    url:        "https://YOUR_**SECURE**_SERVER.COM/YOUR_SAVE_PATH/",
    data:       "secureStr_1=" + encodeURIComponent (secureStr_1)
                + "&" + "secureStr_2=" + encodeURIComponent (secureStr_2)
                // etc.
                ,
    headers:    {
        "Content-Type": "application/x-www-form-urlencoded"
    },
    onload:     function (response) {
        console.log (response.responseText);
    }
} );
Brock Adams
  • 90,639
  • 22
  • 233
  • 295