V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
XhstormR
V2EX  ›  宽带症候群

校园网络随机劫持网页,来看看是干嘛的!

  •  
  •   XhstormR · 2016-12-14 20:53:08 +08:00 · 8928 次点击
    这是一个创建于 2906 天前的主题,其中的信息可能已经有所发展或是发生改变。

    来人看看,是不是再干坏事啊。

    先访问劫持网页,再访问原本网页。

    • 劫持网页
    <html>
    <head>
    <script language="javascript">setTimeout("location.replace(location.href.split(\"#\")[0])",2000);</script>
    <script type="text/javascript" src="http://1.1.1.2:89/cookie/flash.js"></script>
    <script language="javascript">setURL("1.1.1.2");supFlash("18446744072909971032");</script>
    </head>
    <body>
    <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,0,0" width="0" height="0" id="m" align="center"><param name="allowScriptAccess" value="always" />
    <param name="movie" value="http://1.1.1.2:89/cookie/flashcookie.swf" />
    <param name="quality" value="high" />
    <param name="FlashVars" value="srv=1.1.1.2" />
    <embed src="http://1.1.1.2:89/cookie/flashcookie.swf"FlashVars="srv=1.1.1.2" quality="high" width="0" height="0"  name="m" align="center" allowScriptAccess="always" type="application/x-shockwave-flash"pluginspage="http://www.macromedia.com/go/getflashplayer" />
    </object>
    </body
    
    • flash.js
    var url = "";
    function setURL(ip){url = "http://"+ip+":89/cookie/flashcookie.html";}
    function loadPage(){location.replace(location.href.split("#")[0]);}
    
    ////add by yxf@2014/08/27
    /**
     *@描  述:增加 UA 判断,排除移动终端上报 cookies 值和时间间隔值
     *@返回值:
     *		true, 允许上报; false ,不允许上报
     */
    function IsCanReport2Ac(){
    	
    	var strUseAgent = navigator.userAgent.toLowerCase();
    	
    	//非 windows nt
    	var isWinNt = strUseAgent.indexOf("windows nt") > -1;
    	if (!isWinNt){	return false;}
    	
    	//移动终端
    	var isMobile = strUseAgent.indexOf("mobile") > -1;
    	if (isMobile){	return false;}
    	
    	//为 Android
    	var isAndroid = strUseAgent.indexOf("android") > -1;
    	if (isAndroid){	return false;}
    	
    	//为 ios
    	var isIOS = !!strUseAgent.match(/\(i[^;]+;( u;)? cpu.+mac os x/);
    	if (isIOS){	return false;}
    	
    	//为 Symbian
    	var isSymbian = strUseAgent.indexOf("symbian") > -1;
    	if (isSymbian){	return false;}
    
    	//为 iPhone
    	var isIPhone = strUseAgent.indexOf("iphone") > -1;
    	if (isIPhone){	return false;}
    	
    	//为 ipad
    	var isIPad = strUseAgent.indexOf("ipad") > -1;
    	if (isIPad){ return false;}
    	
    	//为 ipod
    	var isIPod = strUseAgent.indexOf("ipod") > -1;
    	if (isIPod){ return false;}
    	
    	//排除一些误判的 app 特征字符串
    	var isInvalidAppPos = strUseAgent.search(/ baidubrowser\/\d/);//-- 百度一下客户端
    	if (-1 != isInvalidAppPos){ return false;}
    	
    	return true;
    }
    ////end by yxf
    
    
    // 写 cookies
    function setCookie(name,value)
    {
        var Days = 30;
        var exp = new Date();
        exp.setTime(exp.getTime() + Days*24*60*60*1000);
        document.cookie = name + "="+ escape (value) + ";expires=" + exp.toGMTString();
    }
    
    // 读取 cookies
    function getCookie(name)
    {
        var arr,reg=new RegExp("(^| )"+name+"=([^;]*)(;|$)");
     
        if(arr=document.cookie.match(reg)){
    	
    		return (arr[2]);
    	}else{
    	
            return null;
    	}
    }
    
    function supFlash(cookie)
    {	
    	if (false === IsCanReport2Ac()){
    	
    		loadPage();		
    		return;
    	}
    	
    	// 获取本地 cookie 值
    	var td_cookie = getCookie("td_cookie");
    	if (td_cookie == cookie){
    	
    		loadPage();		
    		return;
    	}
    	setCookie("td_cookie", cookie);
    	
    	var flash = 0;
    	var judgeIE = !-[1,];
    	var ua = navigator.userAgent.toLowerCase();
    	if (ua.indexOf("taobrowser") > 0 || ua.indexOf("lbbrowser") > 0) {
    	
    		loadPage();
    		return;
    	}
    	var isIE = judgeIE || ua.indexOf("msie") > 0 || ua.indexOf("trident/7.0") > 0;
    	if(isIE){
    		try{
    			var swf1 = new ActiveXObject('ShockwaveFlash.ShockwaveFlash');
    			flash = 1;
    		}
    		catch(e){
    			flash = 0;
    		}
    	}
    	else {
    		try{
    			var swf2 = navigator.plugins['Shockwave Flash'];
    			if(swf2 == undefined){
    				flash = 0;
    			}
    			else {
    				flash = 1;
    			}
    		}
    		catch(e){
    			flash = 0;
    		}
    	}
    
    	if(flash === 0)
    	{
    		loadPage();
    		return;
    	}	
    }
    
    // 配置排除列表
    var excludeList = new Array("ADMUI3Lg","ADMUI3Sm","Photoshop Large","Photoshop Small");
    
    var makeCRCTable = function(){
        var c;
        var crcTable = [];
        for(var n =0; n < 256; n++){
            c = n;
            for(var k =0; k < 8; k++){
                c = ((c&1) ? (0xEDB88320 ^ (c >>> 1)) : (c >>> 1));
            }
            crcTable[n] = c;
        }
        return crcTable;
    }
    
    var crc32 = function(str) {
        var crcTable = window.crcTable || (window.crcTable = makeCRCTable());
        var crc = 0 ^ (-1);
    
        for (var i = 0; i < str.length; i++ ) {
            crc = (crc >>> 8) ^ crcTable[(crc ^ str.charCodeAt(i)) & 0xFF];
        }
    
        return (crc ^ (-1)) >>> 0;
    };
    
    function isArray(value)
    {
    	return value && 
    			typeof value === 'object' &&
    			typeof value.length === 'number' &&
    			!(value.propertyIsEnumerable('length'));
    }
    
    function removeExcludeFont(fontArr, excludeList)
    {
    	if (!excludeList.length)
    	{
    		return fontArr;
    	}
    	
    	var flag = 0;
    	var resArr = new Array();
    	for (var i = 0; i < fontArr.length; ++i)
    	{
    		flag = 0;
    		for (var j = 0; j < excludeList.length; ++j)
    		{
    			if (fontArr[i] == excludeList[j])
    			{ 
    				flag = 1;
    				break;
    			}
    			if (fontArr[i].match(/\.tmp/))
    			{
    				flag = 1;
    				break;
    			}
    		}
    		if (!flag)
    		{
    			resArr.push(fontArr[i])
    		}
    	}
    	
    	resArr.sort();
    	return resArr;
    }
    
    function jsSetCookie(fontArr, manu, vers, os)
    {
    	if(manu == "" || !isArray(fontArr)){
    		loadPage();
    		return;
    	}
    	
    	if(url == ""){
    		loadPage();
    		return;
    	}
    	
    	var fontStr = removeExcludeFont(fontArr, excludeList).join("|\n");
    	var font_param = "manu_txt=" + manu +
    				 "&manu_crc=" + crc32(manu).toString() + 
    				 "&version=" + vers	+
    				 "&font_crc=" + crc32(fontStr).toString() + 
    				 "&os=" + os;
    				
    	var script = document.createElement("script");
    	script.type = "text/javascript";
    	var done = false;
    	script.onload = script.onreadystatechange = function(){
    		if ( !done && (!this.readyState ||
    				this.readyState === "loaded" || this.readyState === "complete") ) {
    			done = true;
    			this.onload = this.onreadystatechange = null;
    			loadPage();
    			return;
    		}
    	};
    	script.src = url +"?"+font_param+"&"+Math.random();
    	document.getElementsByTagName("head")[0].appendChild(script);
    }
    
    8 条回复    2019-06-18 18:44:16 +08:00
    DoraJDJ
        1
    DoraJDJ  
       2016-12-14 21:43:50 +08:00 via Android
    看上去就是个偷 cookie 的,注意安全
    0TSH60F7J2rVkg8t
        2
    0TSH60F7J2rVkg8t  
       2016-12-14 22:47:59 +08:00 via iPhone
    偷 cookie 的,浏览器务必禁用 flash ,用防火墙拉黑非 80 的 http 请求
    billlee
        3
    billlee  
       2016-12-15 00:47:55 +08:00
    同上,全局 VPN 吧
    makendk
        4
    makendk  
       2016-12-15 02:16:56 +08:00 via Android
    你可以爬一下 1.1.1.2 看看上面还有什么好东西
    abzzz
        5
    abzzz  
       2016-12-15 08:28:15 +08:00
    1.1.1.2 好像是深信服的网关啊
    only0jac
        6
    only0jac  
       2016-12-15 14:08:53 +08:00 via Android
    怎么看是否被校园网劫持
    exiaohao
        7
    exiaohao  
       2016-12-15 19:45:21 +08:00
    好像深信服和深澜都喜欢配置 1.1.1.2
    遇到这种事果断 SSR 或者全局 IPSSec 啊否则还有没有隐私了

    而且,学校一般都是会旁挂_______和_______的,非加密连接肯定得记录
    a06062125
        8
    a06062125  
       2019-06-18 18:44:16 +08:00
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   1077 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 25ms · UTC 19:58 · PVG 03:58 · LAX 11:58 · JFK 14:58
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.