From 55bfcfbd6efb6e2ebbc954a9f008326b81f8ab64 Mon Sep 17 00:00:00 2001
From: CoCo ainrm- <137618329@qq.com>
Date: Fri, 11 Feb 2022 17:10:40 +0800
Subject: [PATCH] Add files via upload

---
 nginx/zE48AHvK/index.html   |   4 ++
 nginx/zE48AHvK/info.html    |   3 +
 nginx/zE48AHvK/info.js      | 138 ++++++++++++++++++++++++++++++++++++
 nginx/zE48AHvK/jump.js      |  20 ++++++
 nginx/zE48AHvK/webdriver.js |  60 ++++++++++++++++
 5 files changed, 225 insertions(+)
 create mode 100644 nginx/zE48AHvK/index.html
 create mode 100644 nginx/zE48AHvK/info.html
 create mode 100644 nginx/zE48AHvK/info.js
 create mode 100644 nginx/zE48AHvK/jump.js
 create mode 100644 nginx/zE48AHvK/webdriver.js

diff --git a/nginx/zE48AHvK/index.html b/nginx/zE48AHvK/index.html
new file mode 100644
index 0000000..e059427
--- /dev/null
+++ b/nginx/zE48AHvK/index.html
@@ -0,0 +1,4 @@
+<script src="./crypto-js.min.js"></script>
+<script type="text/javascript" src="./fingerprint.min.js"></script>
+<script type="text/javascript" src="./webdriver.js"></script>
+<script type="text/javascript" src="./jump.js"></script>
\ No newline at end of file
diff --git a/nginx/zE48AHvK/info.html b/nginx/zE48AHvK/info.html
new file mode 100644
index 0000000..a933852
--- /dev/null
+++ b/nginx/zE48AHvK/info.html
@@ -0,0 +1,3 @@
+<script src="./zE48AHvK/crypto-js.min.js"></script>
+<script type="text/javascript" src="./zE48AHvK/fingerprint.min.js"></script>
+<script type="text/javascript" src="/zE48AHvK/info.js"></script>
\ No newline at end of file
diff --git a/nginx/zE48AHvK/info.js b/nginx/zE48AHvK/info.js
new file mode 100644
index 0000000..3eedf0a
--- /dev/null
+++ b/nginx/zE48AHvK/info.js
@@ -0,0 +1,138 @@
+//生成cookieB
+
+// 随同页面下发，嵌入在返回体中
+
+//js全局hook http请求
+var arr = [];
+
+
+function get_webdriver() {
+    try {
+        return !0 === _navigator.webdriver ? 0 : +!window.document.documentElement.getAttribute('webdriver')
+    } catch (e) {
+        return 1
+    }
+}
+function get_awvs() {
+    for (var e = [
+        'SimpleDOMXSSClass',
+        'MarvinHooks',
+        'MarvinPageExplorer',
+        'HashDOMXSSClass'
+    ], t = e.length, r = window.$hook$, n = 0; n < t; n++) if (window[e[n]] && r) return 0;
+    return 1
+}
+function get_appscan() {
+    for (var e = [
+      'appScanSendReplacement',
+      'appScanOnReadyStateChangeReplacement',
+      'appScanLoadHandler',
+      'appScanSetPageLoaded'
+    ], t = e.length, r = 0; r < t; r++) if (window[e[r]]) return 0;
+    return 1
+}
+
+function getCookie(cookieName) {
+    var strCookie = document.cookie;
+    var arrCookie = strCookie.split("; ");
+    for(var i = 0; i < arrCookie.length; i++){
+        var arr = arrCookie[i].split("=");
+        if(cookieName == arr[0]){
+            return arr[1];
+        }
+    }
+    return "";
+}
+
+function get_info(){
+    str = '' + get_webdriver() + get_awvs() + get_appscan();
+    return str;
+}
+
+function finalCookie(){
+    arr.push(get_info());
+    let fp = new Fingerprint();
+    arr.push(fp.get());
+    return arr
+}
+
+function setCookie(cname, data) {
+    var d = new Date();
+    d.setTime(d.getTime() + (1 * 24 * 60 * 60 * 1000));
+    var expires = "expires=" + d.toGMTString();
+    document.cookie = cname + '=' + data + '; ' + expires + '; Path=/';
+}
+
+function aesEncrypt(word, tt) {
+    let key = CryptoJS.enc.Utf8.parse(tt);
+    const iv = CryptoJS.enc.Utf8.parse('ABCDEF1234123412');
+    let srcs = CryptoJS.enc.Utf8.parse(word);
+    let encrypted = CryptoJS.AES.encrypt(srcs, key, { iv: iv, mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7 });
+    return encrypted.ciphertext.toString().toUpperCase();
+}
+
+
+var tt = getCookie("h0yGbdRv");
+var cookieV = aesEncrypt(finalCookie(), tt);
+
+
+function hookAJAX() {
+    XMLHttpRequest.prototype.nativeOpen = XMLHttpRequest.prototype.open;
+    var customizeOpen = function (method, url, async, user, password) {
+        // do something
+        setCookie('kQpFHdoh', cookieV);
+        this.nativeOpen(method, url, async, user, password);
+    };
+    XMLHttpRequest.prototype.open = customizeOpen;
+}
+
+/**
+ *全局拦截Image的图片请求添加token
+ *
+ */
+function hookImg() {
+    const property = Object.getOwnPropertyDescriptor(Image.prototype, 'src');
+    const nativeSet = property.set;
+
+    function customiseSrcSet(url) {
+        // do something
+        setCookie('kQpFHdoh', cookieV);
+        nativeSet.call(this, url);
+    }
+    Object.defineProperty(Image.prototype, 'src', {
+        set: customiseSrcSet,
+    });
+}
+
+/**
+ * 拦截全局open的url添加token
+ *
+ */
+function hookOpen() {
+    const nativeOpen = window.open;
+    window.open = function (url) {
+        // do something
+        setCookie('kQpFHdoh', cookieV);
+        nativeOpen.call(this, url);
+    };
+}
+
+function hookFetch() {
+    var fet = Object.getOwnPropertyDescriptor(window, 'fetch')
+    Object.defineProperty(window, 'fetch', {
+        value: function (a, b, c) {
+            // do something
+            setCookie('kQpFHdoh', cookieV);
+            return fet.value.apply(this, args)
+        }
+    })
+}
+
+
+//setCookie('kQpFHdoh', cookieV);
+hookAJAX();
+hookImg();
+hookOpen();
+hookFetch();
+
+
diff --git a/nginx/zE48AHvK/jump.js b/nginx/zE48AHvK/jump.js
new file mode 100644
index 0000000..556dab4
--- /dev/null
+++ b/nginx/zE48AHvK/jump.js
@@ -0,0 +1,20 @@
+function getUrlParams() {
+    var args = new Object();
+    var query = location.search.substring(1); //获取查询串
+    var pairs = query.split("&"); //在逗号处断开
+    for (var i = 0; i < pairs.length; i++) {
+        var pos = pairs[i].indexOf('='); //查找name=value
+        if (pos == -1) continue; //如果没有找到就跳过
+        var argname = pairs[i].substring(0, pos); //提取name
+        var value = pairs[i].substring(pos + 1); //提取value
+        args[argname] = unescape(value); //存为属性
+    }
+    return args;
+}
+
+function jump(){
+    var args = getUrlParams()['origin'];
+    var path = atob(args);
+    self.location=path;
+}
+jump();
\ No newline at end of file
diff --git a/nginx/zE48AHvK/webdriver.js b/nginx/zE48AHvK/webdriver.js
new file mode 100644
index 0000000..64db412
--- /dev/null
+++ b/nginx/zE48AHvK/webdriver.js
@@ -0,0 +1,60 @@
+var tt = Date.parse(new Date());
+var arr = [];
+
+function get_webdriver() {
+    try {
+        return !0 === _navigator.webdriver ? 0 : +!window.document.documentElement.getAttribute('webdriver')
+    } catch (e) {
+        return 1
+    }
+}
+function get_awvs() {
+    for (var e = [
+        'SimpleDOMXSSClass',
+        'MarvinHooks',
+        'MarvinPageExplorer',
+        'HashDOMXSSClass'
+    ], t = e.length, r = window.$hook$, n = 0; n < t; n++) if (window[e[n]] && r) return 0;
+    return 1
+}
+function get_appscan() {
+    for (var e = [
+      'appScanSendReplacement',
+      'appScanOnReadyStateChangeReplacement',
+      'appScanLoadHandler',
+      'appScanSetPageLoaded'
+    ], t = e.length, r = 0; r < t; r++) if (window[e[r]]) return 0;
+    return 1
+}
+
+function get_info(){
+    str = '' + get_webdriver() + get_awvs() + get_appscan();
+    return str;
+}
+
+function finalCookie(){
+    arr.push(get_info())
+    let fp = new Fingerprint();
+    arr.push(fp.get());
+    return arr
+}
+
+
+function setCookie(cname, date)
+{
+    var d = new Date();
+    d.setTime(d.getTime()+(1*24*60*60*1000));
+    var expires = "expires="+d.toGMTString();
+    document.cookie = cname + '=' + date + '; ' + expires + '; Path=/';
+}
+
+function aesEncrypt(word, tt) {
+    let key = CryptoJS.enc.Utf8.parse(tt);
+    const iv = CryptoJS.enc.Utf8.parse('ABCDEF1234123412');
+    let srcs = CryptoJS.enc.Utf8.parse(word);
+    let encrypted = CryptoJS.AES.encrypt(srcs, key, { iv: iv, mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7 });
+    return encrypted.ciphertext.toString().toUpperCase();
+}
+tt = '000'+tt;
+setCookie('h0yGbdRv', tt);
+setCookie('kQpFHdoh', aesEncrypt(finalCookie(), tt));