Added a few things including logging server (@notjosephs) and http se…

.gitignore

@@ -1 +1,2 @@
 .DS_Store
+node_modules/

README.md

@@ -1,6 +1,5 @@
 # PLEASE READ THIS FIRST
-This is currently only patched in the WebKit master branch (not in any version shipped in macOS/iOS) and works with the latest version of Safari (macOS and iOS, although shellcode loading is not supported on iOS).  
-YES, iOS 12.1.1 IS SUPPORTED!  
+This is currently only patched in the WebKit sources (just to clarify this: Yes, it still works on iOS 12.1.1, meaning every iOS version since 12.0 is vulnerable. There is currently no iOS 12.x version that is not vulnerable. Every macOS version since 10.14.0 is vulnerable as well.) and works with the latest version of Safari (macOS and iOS, although this needs to be updated in order to work with iOS).  
 Please don't do evil stuff with this.  
 And if you're a normal user, this will be useless for you.
 
@@ -19,9 +18,16 @@ In case you get "Addrof didn't work", just try the exploit again. If it still wo
 If you want to rebuild stage2, cd into stage2 then run python make.py.  
 For building you need to have gobjcopy installed. (brew install binutils)  
 
+# Hosting
+To host this exploit locally, follow these steps:
+1. Run `npm install` the first time you go to run the server.
+2. Run `npm start` start the server.
+3. Open `<host-ip>:8080` on a vulnerable device.
+The Host's terminal will show you a log of whats happening.
+
 # The Bug
 This is an optimization error in the way RegEx matching is handled. By setting lastIndex on a RegEx object to a JavaScript object which has the function toString defined, you can run code although the JIT thinks that RegEx matching is side effect free.  
 Exploitation is pretty similar to @5aelo's exploit for CVE-2018-4233, which can be found [here](https://github.com/saelo/cve-2018-4233).  
 
 # TODO
-Clean up the code a bit, add some comments and do a proper writeup. Maybe even add iOS support? Feel free to create a PR if you want to help me.
+Clean up the code a bit, add some comments and do a proper writeup. Maybe even add iOS support? Feel free to create a PR if you want to help me.

css/app-dark.css

@@ -0,0 +1,84 @@
+/* Your app styles here */
+/* Default Statusbar background */
+
+html.ios.with-statusbar, .ios.with-statusbar body { height: 100vh }
+
+.ios .statusbar, .ios .theme-dark .statusbar {
+	background: #1D1D27;
+	/* We can add transition for smooth color animation */
+	/*transition: 400ms;*/
+}
+
+.ios .page-content, body {
+	background-color: #15151E;
+	background: #15151E;
+}
+
+.ios .navbar, .ios .navbar-inner, .ios .theme-dark .subnavbar, .subnavbar.ios .theme-dark {
+	color: #FFF !important;
+	background: #1D1D27;
+}
+
+.ios .navbar:after, .ios .theme-dark .searchbar:after, .searchbar.ios .theme-dark:after {
+	display: none;
+}
+
+.ios .theme-dark .searchbar, .searchbar.ios .theme-dark {
+    background-color: #1D1D27;
+}
+
+.ios .theme-dark .searchbar input[type=search], .ios .theme-dark .searchbar input[type=text], .searchbar.ios .theme-dark input[type=search], .searchbar.ios .theme-dark input[type=text] {
+    background-color: #15151E;
+    color: #fff;
+}
+
+.ios .toolbar:before {
+	display: none;
+}
+
+.ios li {
+	background-color: #1D1D27;
+	color: #FFF;
+}
+
+.ios .theme-dark .card {
+    background-color: #1D1D27;
+}
+
+.ios .block-strong, .ios .theme-dark .block-strong, .ios .theme-dark.block-strong {
+	background-color: #1D1D27;
+	color: #FFF;
+}
+
+.ios .block:before, .ios .block:after {
+	display: none;
+}
+
+.ios .list li:before, .ios .list li:after, .ios .list ul:before, .ios .list ul:after, .ios .links-list a:after {
+	display: none;
+}
+
+.ios .list ul {
+	background: #1D1D27;
+}
+
+.ios .toolbar, .ios .toolbar-inner, .ios .theme-dark .toolbar, .ios .theme-dark .toolbar-inner {
+	background-color: #1D1D27;
+}
+
+/* Change Statusbar background when panel opened */
+html.with-panel-left-cover .ios .statusbar {
+  	background: #222;
+}
+
+.ios .tabbar-labels a.link, .ios .tabbar-labels a.tab-link {
+    padding-top: 10px;
+ 	padding-bottom: 0px;
+}
+
+.ios .tabbar-labels .tab-link:not(.tab-link-active) .icon-ios-fill {
+	display: none;
+}
+.ios .tabbar-labels .tab-link.tab-link-active .icon:not(.icon-ios-fill) {
+	display: none;
+}

css/app.css

@@ -0,0 +1,152 @@
+/* Your app styles here */
+/* Default Statusbar background */
+input[type="search"]::-webkit-input-placeholder {
+  color: #fff !important;
+}
+input[type="search"]:-moz-placeholder {
+  color: #fff !important;
+}
+input[type="search"]::-moz-placeholder {
+  color: #fff !important;
+}
+input[type="search"]:-ms-input-placeholder {
+  color: #fff !important;
+}
+input[type="search"]::placeholder {
+	color: #fff !important;
+}
+html.ios.with-statusbar, .ios.with-statusbar body { height: 100vh }
+
+.ios .statusbar, .ios .statusbar {
+	background-image: linear-gradient(to right, #635fe8, #007cf2, #0092ee, #00a3e3, #3db1d5);
+	/* We can add transition for smooth color animation */
+	/*transition: 400ms;*/
+}
+
+.ios .searchbar-icon {
+  width: 13px;
+  height: 13px;
+  position: absolute;
+  top: 50%;
+  margin-top: -6px;
+  background-image: url("data:image/svg+xml;charset=utf-8,%3Csvg%20xmlns%3D'http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg'%20viewBox%3D'0%200%2013%2013'%20enable-background%3D'new%200%200%2013%2013'%3E%3Cg%3E%3Cpath%20fill%3D'%23FFFFFF'%20d%3D'M5%2C1c2.2%2C0%2C4%2C1.8%2C4%2C4S7.2%2C9%2C5%2C9S1%2C7.2%2C1%2C5S2.8%2C1%2C5%2C1%20M5%2C0C2.2%2C0%2C0%2C2.2%2C0%2C5s2.2%2C5%2C5%2C5s5-2.2%2C5-5S7.8%2C0%2C5%2C0%20L5%2C0z'%2F%3E%3C%2Fg%3E%3Cline%20stroke%3D'%23FFFFFF'%20stroke-miterlimit%3D'10'%20stroke-width%3D'1.5'%20x1%3D'12.6'%20y1%3D'12.6'%20x2%3D'8.2'%20y2%3D'8.2'%2F%3E%3C%2Fsvg%3E");
+  background-size: 13px 13px;
+  z-index: 40;
+  left: 8px;
+}
+
+.ios .page-content, body {
+	background-color: #FFFFFF;
+	background: #FFFFFF;
+	color: #000;
+}
+
+.ios .chip {
+	background: rgba(255, 255, 255, 0.77);
+}
+
+.ios .navbar, .ios .navbar-inner, .ios .subnavbar, .subnavbar.ios {
+	color: #FFF !important;
+	background-image: linear-gradient(to right, #635fe8, #007cf2, #0092ee, #00a3e3, #3db1d5);
+	/*background: transparent;*/
+	background-color: transparent;
+}
+
+.ios .searchbar {
+	background: transparent;
+}
+
+.ios .searchbar input[type=search], .ios .searchbar input[type=text], .searchbar.ios input[type=search], .searchbar.ios input[type=text] {
+ color: #fff;
+ background-image: linear-gradient(to right, #635fe8, #007cf2, #0092ee, #00a3e3, #3db1d5);
+}
+.ios .searchbar input[type=search], .ios .searchbar input[type=text] {
+ padding: 0 28px;
+ -webkit-box-sizing: border-box;
+ box-sizing: border-box;
+ width: 100%;
+ height: 100%;
+ display: block;
+ border: none;
+ -webkit-appearance: none;
+ -moz-appearance: none;
+ appearance: none;
+ border-radius: 10px;
+ border-radius: 8px;
+ font-family: inherit;
+ color: #000;
+ font-size: 17px;
+ font-weight: 400;
+ z-index: 30;
+ background-color: transparent;
+ position: relative;
+}
+
+.ios .navbar:after, .ios .searchbar:after, .searchbar.ios:after {
+	display: none;
+}
+
+.ios .subnavbar:after {
+	background-color: transparent;
+ 	background-image: linear-gradient(to right, #635fe8, #007cf2, #0092ee, #00a3e3, #3db1d5);
+}
+
+.ios .searchbar, .searchbar.ios {
+ 	background-image: linear-gradient(to right, #635fe8, #007cf2, #0092ee, #00a3e3, #3db1d5);
+}
+
+.ios .searchbar input[type=search], .ios .searchbar input[type=text], .searchbar.ios input[type=search], .searchbar.ios input[type=text] {
+	 background-color: transparent;
+	 color: #fff;
+}
+
+.ios .toolbar:before {
+	display: none;
+}
+
+.ios li {
+	background-color: #FFFFFF;
+	color: #000;
+}
+
+.ios .card {
+ background-color: #FFFFFF;
+}
+
+.ios .block-strong, .ios .block-strong, .ios .theme-dark.block-strong {
+	background-color: #FFFFFF;
+	color: #000;
+}
+
+.ios .block:before, .ios .block:after {
+	display: none;
+}
+
+.ios .list li:before, .ios .list li:after, .ios .list ul:before, .ios .list ul:after, .ios .links-list a:after {
+	display: none;
+}
+
+.ios .list ul {
+	background: #FFFFFF;
+}
+
+.ios .toolbar, .ios .toolbar-inner, .ios .toolbar, .ios .toolbar-inner {
+	background-color: #FFF;
+}
+
+/* Change Statusbar background when panel opened */
+html.with-panel-left-cover .ios .statusbar {
+  	background: #222;
+}
+
+.ios .tabbar-labels a.link, .ios .tabbar-labels a.tab-link {
+ padding-top: 10px;
+ 	padding-bottom: 0px;
+}
+
+.ios .tabbar-labels .tab-link:not(.tab-link-active) .icon-ios-fill {
+	display: none;
+}
+.ios .tabbar-labels .tab-link.tab-link-active .icon:not(.icon-ios-fill) {
+	display: none;
+}

css/icons.css

@@ -0,0 +1,70 @@
+/* Material Icons Font (for MD theme) */
+@font-face {
+  font-family: 'Material Icons';
+  font-style: normal;
+  font-weight: 400;
+  src: url(../fonts/MaterialIcons-Regular.eot); /* For IE6-8 */
+  src: local('Material Icons'),
+       local('MaterialIcons-Regular'),
+       url(../fonts/MaterialIcons-Regular.woff2) format('woff2'),
+       url(../fonts/MaterialIcons-Regular.woff) format('woff'),
+       url(../fonts/MaterialIcons-Regular.ttf) format('truetype');
+}
+
+.material-icons {
+  font-family: 'Material Icons';
+  font-weight: normal;
+  font-style: normal;
+  font-size: 24px;  /* Preferred icon size */
+  display: inline-block;
+  line-height: 1;
+  text-transform: none;
+  letter-spacing: normal;
+  word-wrap: normal;
+  white-space: nowrap;
+  direction: ltr;
+
+  /* Support for all WebKit browsers. */
+  -webkit-font-smoothing: antialiased;
+  /* Support for Safari and Chrome. */
+  text-rendering: optimizeLegibility;
+
+  /* Support for Firefox. */
+  -moz-osx-font-smoothing: grayscale;
+
+  /* Support for IE. */
+  font-feature-settings: 'liga';
+}
+
+/* Framework7 Icons Font (for iOS theme) */
+@font-face {
+  font-family: 'Framework7 Icons';
+  font-style: normal;
+  font-weight: 400;
+  src: url("../fonts/Framework7Icons-Regular.eot");
+  src: url("../fonts/Framework7Icons-Regular.woff2") format("woff2"),
+       url("../fonts/Framework7Icons-Regular.woff") format("woff"),
+       url("../fonts/Framework7Icons-Regular.ttf") format("truetype");
+}
+
+.f7-icons {
+  font-family: 'Framework7 Icons';
+  font-weight: normal;
+  font-style: normal;
+  font-size: 25px;
+  line-height: 1;
+  letter-spacing: normal;
+  text-transform: none;
+  display: inline-block;
+  white-space: nowrap;
+  word-wrap: normal;
+  direction: ltr;
+  -webkit-font-smoothing: antialiased;
+  text-rendering: optimizeLegibility;
+  -moz-osx-font-smoothing: grayscale;
+  -webkit-font-feature-settings: "liga";
+  -moz-font-feature-settings: "liga=1";
+  -moz-font-feature-settings: "liga";
+  font-feature-settings: "liga";
+  text-align: center;
+}

done.js

@@ -0,0 +1,2 @@
+// for the host console to refresh and recognize that the procedure is done.
+console.log("[STATUS] All set! Closing client connection...");