nerijunior/injetor.txt

## injetor.txt
avascript:(function(){var a=document.createElement('script');a.src="https://c8ac1eb6.ngrok.io";document.body.appendChild(a);})()

## run.js
(function(F,i,r,e,b,u,g,L,I,T,E){if(F.getElementById(b))return;E=F[i+'NS']&&F.documentElement.namespaceURI;E=E?F[i+'NS'](E,'script'):F[i]('script');E[r]('id',b);E[r]('src',I+g+T);E[r](b,u);(F[e]('head')[0]||F[e]('body')[0]).appendChild(E);E=new Image;E[r]('src',I+L);})(document,'createElement','setAttribute','getElementsByTagName','FirebugLite','4','firebug-lite-beta.js','releases/lite/beta/skin/xp/sprite.png','https://getfirebug.com/','#startOpened');

// Cria botão
var button = document.createElement('button');
button.innerText="DON'T PRESS THIS BUTTON!";
button.style.backgroundColor='red';
button.style.color='white';
button.style.marginTop='50px';
button.style.marginLeft='50px';
button.style.padding='10px 20px';
button.addEventListener('click', function(){
  start();
});
document.body.appendChild(button);

function start () {
  var scripts = document.getElementsByTagName('script');
  Object.keys(scripts).map(function (key) {
    if (key > 5 && key < 9) {
      var src = scripts[key].src;
      // var script = document.createElement('script');
      // script.src = src;
      // document.body.appendChild(script);
      getHTML(src, function (response) {
        try {
          eval(response)
          console.log('runned: ' + src)
        } catch (e) {
          console.log('File:', src)
          console.error(e.stack)
        }
      })
    }
  });
}

var getHTML = function ( url, callback ) {
    var anHttpRequest = new XMLHttpRequest();
    anHttpRequest.onreadystatechange = function() {
        if (anHttpRequest.readyState == 4 && anHttpRequest.status == 200)
            callback(anHttpRequest.responseText);
    }
    anHttpRequest.open( "GET", url, true );
    anHttpRequest.send( null );
};

## server.js
const express = require('express')
const app = express();
const fs = require('fs')

app.get('/', (req, res) => {
  const content = fs.readFileSync('./run.js')
  res.set('Access-Control-Allow-Origin', '*')
  res.set('Content-type', 'application/javascript')
  res.send(content)
})

app.listen(3000, () => console.log('Running'))
	(function(F,i,r,e,b,u,g,L,I,T,E){if(F.getElementById(b))return;E=F[i+'NS']&&F.documentElement.namespaceURI;E=E?F[i+'NS'](E,'script'):F[i]('script');E[r]('id',b);E[r]('src',I+g+T);E[r](b,u);(F[e]('head')[0]\|\|F[e]('body')[0]).appendChild(E);E=new Image;E[r]('src',I+L);})(document,'createElement','setAttribute','getElementsByTagName','FirebugLite','4','firebug-lite-beta.js','releases/lite/beta/skin/xp/sprite.png','https://getfirebug.com/','#startOpened');

	// Cria botão
	var button = document.createElement('button');
	button.innerText="DON'T PRESS THIS BUTTON!";
	button.style.backgroundColor='red';
	button.style.color='white';
	button.style.marginTop='50px';
	button.style.marginLeft='50px';
	button.style.padding='10px 20px';
	button.addEventListener('click', function(){
	start();
	});
	document.body.appendChild(button);

	function start () {
	var scripts = document.getElementsByTagName('script');
	Object.keys(scripts).map(function (key) {
	if (key > 5 && key < 9) {
	var src = scripts[key].src;
	// var script = document.createElement('script');
	// script.src = src;
	// document.body.appendChild(script);
	getHTML(src, function (response) {
	try {
	eval(response)
	console.log('runned: ' + src)
	} catch (e) {
	console.log('File:', src)
	console.error(e.stack)
	}
	})
	}
	});
	}

	var getHTML = function ( url, callback ) {
	var anHttpRequest = new XMLHttpRequest();
	anHttpRequest.onreadystatechange = function() {
	if (anHttpRequest.readyState == 4 && anHttpRequest.status == 200)
	callback(anHttpRequest.responseText);
	}
	anHttpRequest.open( "GET", url, true );
	anHttpRequest.send( null );
	};
	const express = require('express')
	const app = express();
	const fs = require('fs')

	app.get('/', (req, res) => {
	const content = fs.readFileSync('./run.js')
	res.set('Access-Control-Allow-Origin', '*')
	res.set('Content-type', 'application/javascript')
	res.send(content)
	})

	app.listen(3000, () => console.log('Running'))