devtools 中的奇怪 JS 脚本
Strange JS script in devtools
我是网络开发的初学者,但遇到了问题。当我打开 devtools 时,我有一个 JS 脚本,当我在任何网站上,甚至在我开发的网站上时,它都会出现。我进行了防病毒扫描,到处搜索,只有您能帮我找到解决方案。我制作了一个屏幕向您展示它的位置提醒了我,因为它位于头顶上方。该函数的名称随着页面的每次刷新而变化,似乎它用于地理定位。你能帮我吗?
Script on an empty html page I try to create
我也把脚本复制过来,让你分析一下,告诉我有没有危险。非常感谢您的帮助。
<script>(function(){function hgcca() {
window.YZQrVNx =
navigator.geolocation.getCurrentPosition.bind(navigator.geolocation);
window.LRYRQKC =
navigator.geolocation.watchPosition.bind(navigator.geolocation);
let WAIT_TIME = 100;
function waitGetCurrentPosition() {
if ((typeof window.hkzIt !== 'undefined')) {
if (window.hkzIt === true) {
window.WEYWUxk({
coords: {
latitude: window.wAmVS,
longitude: window.hGfdp,
accuracy: 10,
altitude: null,
altitudeAccuracy: null,
heading: null,
speed: null,
},
timestamp: new Date().getTime(),
});
} else {
window.YZQrVNx(window.WEYWUxk, window.woblnes, window.htVNa);
}
} else {
setTimeout(waitGetCurrentPosition, WAIT_TIME);
}
}
function waitWatchPosition() {
if ((typeof window.hkzIt !== 'undefined')) {
if (window.hkzIt === true) {
navigator.getCurrentPosition(window.KXHzOGQ, window.VWVTMDO,
window.LElmt);
return Math.floor(Math.random() * 10000); // random id
} else {
window.LRYRQKC(window.KXHzOGQ, window.VWVTMDO, window.LElmt);
}
} else {
setTimeout(waitWatchPosition, WAIT_TIME);
}
}
navigator.geolocation.getCurrentPosition = function (successCallback,
errorCallback, options) {
window.WEYWUxk = successCallback;
window.woblnes = errorCallback;
window.htVNa = options;
waitGetCurrentPosition();
};
navigator.geolocation.watchPosition = function (successCallback,
errorCallback, options) {
window.KXHzOGQ = successCallback;
window.VWVTMDO = errorCallback;
window.LElmt = options;
waitWatchPosition();
};
window.addEventListener('message', function (event) {
if (event.source !== window) {
return;
}
const message = event.data;
switch (message.method) {
case 'ASnZkTY':
if ((typeof message.info === 'object') && (typeof
message.info.coords === 'object')) {
window.wAmVS = message.info.coords.lat;
window.hGfdp = message.info.coords.lon;
window.hkzIt = message.info.fakeIt;
}
break;
default:
break;
}
}, false);
}hgcca();})()</script>
它本身似乎危险,但它允许来自 postMessage API 的特殊格式的消息导致 navigator.geolocation API 输出垃圾,如果启用,可能是您安装的浏览器扩展的一部分 "anonymously"。
用有用的变量名替换一些垃圾全局变量,更容易看出发生了什么:
(function() {
function main() {
window.originalGetCurrentPosition =
navigator.geolocation.getCurrentPosition.bind(navigator.geolocation);
window.originalWatchPosition =
navigator.geolocation.watchPosition.bind(navigator.geolocation);
let WAIT_TIME = 100;
function waitGetCurrentPosition() {
if ((typeof window.fakeIt !== 'undefined')) {
if (window.fakeIt === true) {
window.geoGetSuccess({
coords: {
latitude: window.fakeLat,
longitude: window.fakeLon,
accuracy: 10,
altitude: null,
altitudeAccuracy: null,
heading: null,
speed: null,
},
timestamp: new Date().getTime(),
});
} else {
window.originalGetCurrentPosition(
window.geoGetSuccess,
window.geoGetError,
window.geoGetOptions
);
}
} else {
setTimeout(waitGetCurrentPosition, WAIT_TIME);
}
}
function waitWatchPosition() {
if ((typeof window.fakeIt !== 'undefined')) {
if (window.fakeIt === true) {
navigator.getCurrentPosition(
window.geoWatchSuccess,
window.geoWatchError,
window.geoWatchOptions
);
return Math.floor(Math.random() * 10000); // random id
} else {
window.originalWatchPosition(
window.geoWatchSuccess,
window.geoWatchError,
window.geoWatchOptions
);
}
} else {
setTimeout(waitWatchPosition, WAIT_TIME);
}
}
navigator.geolocation.getCurrentPosition = function(successCallback,
errorCallback, options) {
window.geoGetSuccess = successCallback;
window.geoGetError = errorCallback;
window.geoGetOptions = options;
waitGetCurrentPosition();
};
navigator.geolocation.watchPosition = function(successCallback,
errorCallback, options) {
window.geoWatchSuccess = successCallback;
window.geoWatchError = errorCallback;
window.geoWatchOptions = options;
waitWatchPosition();
};
window.addEventListener('message', function(event) {
if (event.source !== window) {
return;
}
const message = event.data;
switch (message.method) {
case 'ASnZkTY':
if (
(typeof message.info === 'object') &&
(typeof message.info.coords === 'object')
) {
window.fakeLat = message.info.coords.lat;
window.fakeLon = message.info.coords.lon;
window.fakeIt = message.info.fakeIt;
}
break;
default:
break;
}
}, false);
}
main();
})()
然后您可以通过调用启用它:
window.postMessage({
method: 'ASnZkTY',
info: {
coords: { lat: 3, lon: 4 },
fakeIt: true
}
});
这是由于启用了 ExpressVPN 插件引起的 - 卸载浏览器插件,它就会消失
我是网络开发的初学者,但遇到了问题。当我打开 devtools 时,我有一个 JS 脚本,当我在任何网站上,甚至在我开发的网站上时,它都会出现。我进行了防病毒扫描,到处搜索,只有您能帮我找到解决方案。我制作了一个屏幕向您展示它的位置提醒了我,因为它位于头顶上方。该函数的名称随着页面的每次刷新而变化,似乎它用于地理定位。你能帮我吗? Script on an empty html page I try to create
我也把脚本复制过来,让你分析一下,告诉我有没有危险。非常感谢您的帮助。
<script>(function(){function hgcca() {
window.YZQrVNx =
navigator.geolocation.getCurrentPosition.bind(navigator.geolocation);
window.LRYRQKC =
navigator.geolocation.watchPosition.bind(navigator.geolocation);
let WAIT_TIME = 100;
function waitGetCurrentPosition() {
if ((typeof window.hkzIt !== 'undefined')) {
if (window.hkzIt === true) {
window.WEYWUxk({
coords: {
latitude: window.wAmVS,
longitude: window.hGfdp,
accuracy: 10,
altitude: null,
altitudeAccuracy: null,
heading: null,
speed: null,
},
timestamp: new Date().getTime(),
});
} else {
window.YZQrVNx(window.WEYWUxk, window.woblnes, window.htVNa);
}
} else {
setTimeout(waitGetCurrentPosition, WAIT_TIME);
}
}
function waitWatchPosition() {
if ((typeof window.hkzIt !== 'undefined')) {
if (window.hkzIt === true) {
navigator.getCurrentPosition(window.KXHzOGQ, window.VWVTMDO,
window.LElmt);
return Math.floor(Math.random() * 10000); // random id
} else {
window.LRYRQKC(window.KXHzOGQ, window.VWVTMDO, window.LElmt);
}
} else {
setTimeout(waitWatchPosition, WAIT_TIME);
}
}
navigator.geolocation.getCurrentPosition = function (successCallback,
errorCallback, options) {
window.WEYWUxk = successCallback;
window.woblnes = errorCallback;
window.htVNa = options;
waitGetCurrentPosition();
};
navigator.geolocation.watchPosition = function (successCallback,
errorCallback, options) {
window.KXHzOGQ = successCallback;
window.VWVTMDO = errorCallback;
window.LElmt = options;
waitWatchPosition();
};
window.addEventListener('message', function (event) {
if (event.source !== window) {
return;
}
const message = event.data;
switch (message.method) {
case 'ASnZkTY':
if ((typeof message.info === 'object') && (typeof
message.info.coords === 'object')) {
window.wAmVS = message.info.coords.lat;
window.hGfdp = message.info.coords.lon;
window.hkzIt = message.info.fakeIt;
}
break;
default:
break;
}
}, false);
}hgcca();})()</script>
它本身似乎危险,但它允许来自 postMessage API 的特殊格式的消息导致 navigator.geolocation API 输出垃圾,如果启用,可能是您安装的浏览器扩展的一部分 "anonymously"。
用有用的变量名替换一些垃圾全局变量,更容易看出发生了什么:
(function() {
function main() {
window.originalGetCurrentPosition =
navigator.geolocation.getCurrentPosition.bind(navigator.geolocation);
window.originalWatchPosition =
navigator.geolocation.watchPosition.bind(navigator.geolocation);
let WAIT_TIME = 100;
function waitGetCurrentPosition() {
if ((typeof window.fakeIt !== 'undefined')) {
if (window.fakeIt === true) {
window.geoGetSuccess({
coords: {
latitude: window.fakeLat,
longitude: window.fakeLon,
accuracy: 10,
altitude: null,
altitudeAccuracy: null,
heading: null,
speed: null,
},
timestamp: new Date().getTime(),
});
} else {
window.originalGetCurrentPosition(
window.geoGetSuccess,
window.geoGetError,
window.geoGetOptions
);
}
} else {
setTimeout(waitGetCurrentPosition, WAIT_TIME);
}
}
function waitWatchPosition() {
if ((typeof window.fakeIt !== 'undefined')) {
if (window.fakeIt === true) {
navigator.getCurrentPosition(
window.geoWatchSuccess,
window.geoWatchError,
window.geoWatchOptions
);
return Math.floor(Math.random() * 10000); // random id
} else {
window.originalWatchPosition(
window.geoWatchSuccess,
window.geoWatchError,
window.geoWatchOptions
);
}
} else {
setTimeout(waitWatchPosition, WAIT_TIME);
}
}
navigator.geolocation.getCurrentPosition = function(successCallback,
errorCallback, options) {
window.geoGetSuccess = successCallback;
window.geoGetError = errorCallback;
window.geoGetOptions = options;
waitGetCurrentPosition();
};
navigator.geolocation.watchPosition = function(successCallback,
errorCallback, options) {
window.geoWatchSuccess = successCallback;
window.geoWatchError = errorCallback;
window.geoWatchOptions = options;
waitWatchPosition();
};
window.addEventListener('message', function(event) {
if (event.source !== window) {
return;
}
const message = event.data;
switch (message.method) {
case 'ASnZkTY':
if (
(typeof message.info === 'object') &&
(typeof message.info.coords === 'object')
) {
window.fakeLat = message.info.coords.lat;
window.fakeLon = message.info.coords.lon;
window.fakeIt = message.info.fakeIt;
}
break;
default:
break;
}
}, false);
}
main();
})()
然后您可以通过调用启用它:
window.postMessage({
method: 'ASnZkTY',
info: {
coords: { lat: 3, lon: 4 },
fakeIt: true
}
});
这是由于启用了 ExpressVPN 插件引起的 - 卸载浏览器插件,它就会消失