分类目录归档:Web security

通过JS记录和阻止http劫持

相关代码

try {
    setTimeout(function () {
        t = Math.random();
        data = {};
        data.from = location.href;
        data.urls = [];
        isUrlLooksGood = function (url) {
            if (url === 'about:blank') { return true; }
            url = new URL(url); hostname = url.hostname;
            var l = getLocation(url);
            return /(baidu.com|qq.com|mydomain.com)$/.test(l.hostname);
        };
        $('script').each(function () {
            var src = $(this).attr('src'); if (!src) { return; }
            if (!isUrlLooksGood(src)) {
                data.urls.push(src);
            }
        });
        $('iframe').each(function () {
            var src = $(this).attr('src'); if (!src) { return; }
            if (!isUrlLooksGood(src)) {
                data.urls.push(src);
            }
        });
        if (data.urls.length > 0) {
            (new Image).src = '/http_hijack.png?t=' + Math.random() + '&d=' + encodeURIComponent(JSON.stringify(data));
        }
    }, 3000);
} catch (e) { }