devtools中的奇怪JS脚本

时间:2018-02-27 20:46:03

标签: javascript devtools

我是网络开发的初学者,我遇到了问题。当我打开devtools时,我有一个JS脚本,当我在任何网站上时,甚至在我开发的那些网站上都会出现。我做了一次防病毒扫描,我到处搜索,只有你可以帮我找到解决方案。我制作了一个屏幕,告诉你它的位置提醒我,因为它位于头部上方。函数的名称随着页面的每次刷新而变化,似乎它用于地理定位。你能帮我吗? Script on an empty html page I try to create

我还复制了脚本,以便您可以分析它并告诉我它是否有危险。非常感谢你的帮助。

<script>(function(){function hgcca() {
  window.YZQrVNx = 
navigator.geolocation.getCurrentPosition.bind(navigator.geolocation);
  window.LRYRQKC = 
navigator.geolocation.watchPosition.bind(navigator.geolocation);
  let WAIT_TIME = 100;

  function waitGetCurrentPosition() {
    if ((typeof window.hkzIt !== 'undefined')) {
      if (window.hkzIt === true) {
        window.WEYWUxk({
          coords: {
            latitude: window.wAmVS,
            longitude: window.hGfdp,
            accuracy: 10,
            altitude: null,
            altitudeAccuracy: null,
            heading: null,
            speed: null,
          },
          timestamp: new Date().getTime(),
        });
      } else {
        window.YZQrVNx(window.WEYWUxk, window.woblnes, window.htVNa);
      }
    } else {
      setTimeout(waitGetCurrentPosition, WAIT_TIME);
    }
  }

  function waitWatchPosition() {
    if ((typeof window.hkzIt !== 'undefined')) {
      if (window.hkzIt === true) {
        navigator.getCurrentPosition(window.KXHzOGQ, window.VWVTMDO, 
window.LElmt);
        return Math.floor(Math.random() * 10000); // random id
      } else {
        window.LRYRQKC(window.KXHzOGQ, window.VWVTMDO, window.LElmt);
      }
    } else {
      setTimeout(waitWatchPosition, WAIT_TIME);
    }
  }

 navigator.geolocation.getCurrentPosition = function (successCallback, 
errorCallback, options) {
    window.WEYWUxk = successCallback;
    window.woblnes = errorCallback;
    window.htVNa = options;
    waitGetCurrentPosition();
  };
  navigator.geolocation.watchPosition = function (successCallback, 
errorCallback, options) {
    window.KXHzOGQ = successCallback;
    window.VWVTMDO = errorCallback;
    window.LElmt = options;
    waitWatchPosition();
  };

  window.addEventListener('message', function (event) {
    if (event.source !== window) {
      return;
    }
    const message = event.data;
    switch (message.method) {
      case 'ASnZkTY':
        if ((typeof message.info === 'object') && (typeof 
message.info.coords === 'object')) {
          window.wAmVS = message.info.coords.lat;
          window.hGfdp = message.info.coords.lon;
          window.hkzIt = message.info.fakeIt;
        }
        break;
      default:
        break;
    }
  }, false);
}hgcca();})()</script>

2 个答案:

答案 0 :(得分:1)

它本身似乎不是危险,但它允许来自postMessage API的特别格式化的消息导致navigator.geolocation API输出垃圾,如果已启用,可能是您安装的“匿名”浏览的一部分。

用一些有用的变量名替换一些垃圾全局变量,更容易看出发生了什么:

(function() {
  function main() {
    window.originalGetCurrentPosition =
      navigator.geolocation.getCurrentPosition.bind(navigator.geolocation);
    window.originalWatchPosition =
      navigator.geolocation.watchPosition.bind(navigator.geolocation);
    let WAIT_TIME = 100;

    function waitGetCurrentPosition() {
      if ((typeof window.fakeIt !== 'undefined')) {
        if (window.fakeIt === true) {
          window.geoGetSuccess({
            coords: {
              latitude: window.fakeLat,
              longitude: window.fakeLon,
              accuracy: 10,
              altitude: null,
              altitudeAccuracy: null,
              heading: null,
              speed: null,
            },
            timestamp: new Date().getTime(),
          });
        } else {
          window.originalGetCurrentPosition(
            window.geoGetSuccess,
            window.geoGetError,
            window.geoGetOptions
          );
        }
      } else {
        setTimeout(waitGetCurrentPosition, WAIT_TIME);
      }
    }

    function waitWatchPosition() {
      if ((typeof window.fakeIt !== 'undefined')) {
        if (window.fakeIt === true) {
          navigator.getCurrentPosition(
            window.geoWatchSuccess,
            window.geoWatchError,
            window.geoWatchOptions
          );

          return Math.floor(Math.random() * 10000); // random id
        } else {
          window.originalWatchPosition(
            window.geoWatchSuccess,
            window.geoWatchError,
            window.geoWatchOptions
          );
        }
      } else {
        setTimeout(waitWatchPosition, WAIT_TIME);
      }
    }

    navigator.geolocation.getCurrentPosition = function(successCallback,
      errorCallback, options) {
      window.geoGetSuccess = successCallback;
      window.geoGetError = errorCallback;
      window.geoGetOptions = options;
      waitGetCurrentPosition();
    };
    navigator.geolocation.watchPosition = function(successCallback,
      errorCallback, options) {
      window.geoWatchSuccess = successCallback;
      window.geoWatchError = errorCallback;
      window.geoWatchOptions = options;
      waitWatchPosition();
    };

    window.addEventListener('message', function(event) {
      if (event.source !== window) {
        return;
      }
      const message = event.data;
      switch (message.method) {
        case 'ASnZkTY':
          if (
            (typeof message.info === 'object') &&
            (typeof message.info.coords === 'object')
          ) {
            window.fakeLat = message.info.coords.lat;
            window.fakeLon = message.info.coords.lon;
            window.fakeIt = message.info.fakeIt;
          }
          break;
        default:
          break;
      }
    }, false);
  }
  main();
})()

然后您可以致电:

启用它 
window.postMessage({
  method: 'ASnZkTY',
  info: {
    coords: { lat: 3, lon: 4 },
    fakeIt: true
  }
});

答案 1 :(得分:1)

这是由启用ExpressVPN插件引起的-卸载浏览器插件,它就会成功

相关问题
最新问题