IWBH_01

waked_home.html

Jun 12th, 2021 (edited)
532
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <!Doctype html>
  2. <html><head>
  3. <title>Waked - The Last bastion of decentralized web</title>
  4. <meta charset="utf-8">
  5. <meta http-equiv="Content-type" content="text/html; charset=utf-8">
  6. <meta name="viewport" content="width=device-width, initial-scale=1">
  7. <style>
  8. #content button{
  9. display:block;
  10. float:top;
  11. margin-top:4pt;
  12. margin-left:auto;
  13. margin-right:auto;
  14. width:90%;
  15. text-align:left;
  16. }
  17. </style>
  18. </head>
  19. <body><br>Waked - The Last bastion of decentralized web.<br>
  20. <div id="content"></div>
  21. <div id="viewbox">
  22. <iframe style="display:none;width:90%;height:90%;" sandbox="allow-scripts"></iframe>
  23. </div>
  24. <script type="text/javascript">
  25. //Waked - The Last bastion of decentralized web
  26.  
  27. /*use cors proxies to upload user content to various temporary file sharing services, like uploadpie, then archive the uploads to archive.org, use pastebins like this one and justpaste.it to help index the user uploads
  28.  
  29.  
  30. Use example.com archives to find indexes:
  31. for example I archived the url: "https://web.archive.org/save/https://www.example.com?waked_iurl=https://athleticgreatscientists--five-nine.repl.co/index.php/itall_ind.html&of=pastebin.com&scope=partial,incomplete&title=partial index of pastebin.com pastes saved to the wayback machine"
  32. to make my partial index of pastebin.com pastes that are saved to the wayback machine accessible to the waked system.
  33.  
  34.  
  35. The potential of this is so enormous, if anyone wants to save anything they've posted on any social media to the waked system, all it has to do is archive https://www.example.com?waked_url=[url of post]&type=postsave
  36.  
  37. Also, we can add &title= and &tags= parameters to the query string and we can add even more parameter to represent data if we want to, I've finally figured out how to use the Wayback Machine as an only-writeable-once SQL server.
  38.  
  39. Add the &of= parameter for what indexes are an index of.
  40.  
  41.  
  42. But what can I do to prevent people from spamming this system with junk data that aren't actual posts?
  43. (by spam I don't mean garbage social media posts I mean data that is meant to flood the waked system and slow it down like weird type of denial of service attack).
  44.  
  45.  
  46. Because the wayback machine is inherently slow, it is strongly advised to make components of the waked system upload content to other servers like this one, streamable.com, ibb.co, and similar sites and then archive indexes of multiple uploads.
  47.  
  48. */
  49.  
  50. self.corsp_={"keys":["Service","url_prefix","cors_url_modify","SSL","status","Response Type","Allowed methods","Allowed headers","Exposed headers","Follow redirect","Streamable","WebSocket","Upload limit","Download limit","Country code","Comments"],
  51.  
  52.  
  53. "values":[
  54.  
  55. ["CORS bridged","https://cors.bridged.cc/","none",true,"Mirrored",["raw"],"*","All but expect Forbidden headers","?","?","?","?","16mb/request","?","US (CA)","https://medium.com/bridgedxyz/cors-anywhere-for-everyone-free-reliable-cors-proxy-service-73507192714e  Blog for docs & Testing"],
  56.  
  57.  
  58. /*
  59. //don't abuse service
  60.  
  61. ["cors-anywhere","https://cors-anywhere.herokuapp.com/","none",true,"Mirrored",["raw"],"*","*","*","Up to 5x","?","?","?","?","US","Require Origin header"],
  62.  
  63. ["<a href=\"https://github.com/Rob--W/cors-anywhere\">cors-anywhere @ glitch</a>","https://cors-anywhere.herokuapp.com/","none",true,"Mirrored",["raw"],"?","?","?","?","?","?","?","?","?","<a href=\"https://glitch.com/~cors-anywhere\" rel=\"nofollow\">source</a>"],
  64. */
  65.  
  66. ["thingproxy","https://thingproxy.freeboard.io/fetch/","none",true,"?",["?"],"*","?","?","?","?","?","100kb","100kb","US","Max 10 req/sec"],
  67.  
  68. ["Whatever Origin","'http://www.whateverorigin.org/get?url=","encodeURIComponent",false,false,["jsonp"],"GET","None","None","?",false,false,"?","?","US",""],
  69.  
  70. ["Go Between","?isdead?","?",true,"?",["?"],"?","?","?","?","?","?","?","?","?",""],
  71.  
  72. ["goxcors","https://goxcors.appspot.com/","?",true,"Allways 200",["raw"],"*","*","None",true,"?","?","?","?","US","\n                                   POST type is limited to x-www-form-urlencoded<br>\n                                   Have a werd api<br>\n                                   Response Type is Allways text/html\n                                 "],
  73.  
  74. ["YaCDN","https://yacdn.org/proxy/","none",true,"Not mirrored",["raw"],"GET","None",false,"Up to 22x","?","?","?","?","FR","CDN, ignores browsers headers"],
  75.  
  76. ["All Origins","https://api.allorigins.win/get?url=","encodeURIComponent",true,"Only code in json",["json","jsonp","raw"],"*",false,"None",true,"?","?","?","?","US","When using raw you loose status information"],
  77.  
  78. /* //don't abuse service
  79. ["Cloudflare Cors Anywhere","https://test.cors.workers.dev/?","none",true,"Only code mirror (not statusText)",["raw"],"*","All but expect Forbidden headers","none",true,false,"?","none","none","?","100,000 requests/day 1,000 requests/10 minutes"],
  80. */
  81.  
  82. ["CORS Hack","https://corsh.jsub.workers.dev/proxy/","none",true,"Only code mirror (not statusText)",["raw"],"*","All but expect Forbidden headers","none",true,false,"?","none","none","?","100,000 requests/day 2 requests/3 seconds"],
  83.  
  84. ["JSONProxy","https://jsonp.afeld.me/?url=","encodeURIComponent",true,"?",["jsonp","raw"],"GET","?","?","?","?","?","?","?","?",""]
  85.  
  86. ]};
  87.  
  88.  
  89. //may split this file in 2 right here
  90.  
  91. //scan >> use document.write, form.submit, MediaElement.src=, anything that causes something on the page to be loaded, to scan for media and scan for upload APIs, also use javascript function chains, if a function sets the src of a media element, then find all instances where that function is called, all arguments that are passed to it and external variables accessed within it, follow the function call stack and the argument sources to decode complex web apps.
  92.  
  93.  
  94.  
  95.  
  96. /*
  97. //extracting scripts from saved page (need JScrawl):
  98. scrps1=JScrawl.XrakScrps(xhr1.response);
  99.  
  100. self.ins=[];
  101. self.i=0;
  102. while(i<scrps1.length){ if(scrps1[i].innerHTML.length>2) ins.push(scrps1[i]); i++; }*
  103.  
  104. */
  105.  
  106.  
  107.  
  108.  
  109.  
  110. //self.ldifr=document.createElement("iframe"); //need?
  111.  
  112.  
  113. var doc2=document.cloneNode(),
  114. contr=document.getElementById("content"),
  115. xhr1=new XMLHttpRequest(),xhr2=new XMLHttpRequest(),xhrpend=[],
  116. doXHR=function doXHR(url,callback,method,rt,body,hed){
  117.  var xhr; if(xhr1.readyState&3){ if(xhr2.readyState&3){xhrpend.push([url,callback,method,rt,body]);return 0;}else xhr=xhr2; }else xhr=xhr1;
  118.  xhr.req_url=url;
  119.  xhr.ondone=callback;
  120.  xhr.open(method||"GET",url);
  121.  if(hed){ while(hed.length) xhr.setRequestHeader.apply(xhr,hed.shift()); }
  122.  xhr.responseType=rt||"text";
  123.  xhr.send(body);
  124. },
  125. xondone=function(e){ if(typeof this.ondone=="function")this.ondone(this.response,this.req_url);
  126.  if(xhrpend.length)doXHR.apply(self,xhrpend.shift());
  127. },
  128. xerr=function(e){ console.log("xhr error",e,this.req_url); if(xhrpend.length)doXHR.apply(self,xhrpend.shift()); },
  129.  
  130. vwb=document.getElementById("viewbox"),
  131. viewItem=function(){
  132.  //access waked item properties and display them or take action on them
  133.  var ifr=vwb.getElementsByTagName("iframe")[0];ifr.src=this.waked_url;
  134.   ifr.style.display="";
  135. },
  136.  
  137. BR_=document.createElement("br");
  138.  
  139. doc2.appendChild(doc2.createElement("html"));
  140.  
  141. xhr1.addEventListener("load",xondone);
  142. xhr2.addEventListener("load",xondone);
  143. xhr1.addEventListener("error",xerr);
  144. xhr2.addEventListener("error",xerr);
  145.  
  146. doXHR("https://archive.ph/https://www.example.com/?waked_url=*",function(r,u){
  147.  doc2.documentElement.innerHTML=r;
  148.    var rzs=doc2.getElementsByClassName("TEXT-BLOCK"),ri=0,rzL=rzs.length,ay,u2,a2,a3,$B;
  149.     while(ri!=rzL){ay=rzs[ri].getElementsByTagName("a");if(ay[0].innerText.indexOf("waked_url=")+1)ay=ay[0];else ay=ay[1];u2=document.createElement("button");u2.onclick=viewItem.bind(u2);ay=ay.href;ay=ay.substr(ay.indexOf('?')+1).split('&'); while(ay.length){ a2=ay.shift(); a3=a2.indexOf("="); u2[a2.substr(0,a3)]=decodeURIComponent(a2.substr(a3+1).replace(/\+/g,"%20")); }
  150. u2.appendChild(document.createTextNode(u2.title||"untitled"));
  151. u2.appendChild(BR_.cloneNode());
  152. u2.appendChild(document.createTextNode(u2.waked_url));
  153. u2.appendChild(BR_.cloneNode());
  154. //u2.appendChild(document.createTextNode(u2.tags.split(','))); //tags
  155. contr.appendChild(u2);ri++;}
  156.  
  157. });
  158.  
  159.  
  160.  
  161. /* will use this service for ip address exchange for setting up rtc peer to peer connections
  162.  
  163. doXHR('https://meeiot.org/put/56e060ed6c0526a7352871ad759f7a6a1f3b11581489e07bd506d5/test_var1=testval1', function cb(d,u){ console.log("did"); self.rar=d; });
  164. rar== "0:0" or something like that
  165.  
  166. doXHR('https://meeiot.org/get/56e060ed6c0526a7352871ad759f7a6a1f3b11581489e07bd506d5/test_var1', function cb(d,u){ console.log("did"); self.rar=d; });
  167. //(rar=="testval1") true
  168.  
  169.  
  170.  
  171.  
  172. //get ip:
  173. //use api. instead of api64. for v4 addresses only
  174.  
  175. doXHR('https://api64.ipify.org?format=json', function cb(d,u){ console.log("did",d.length); self.rar=d; },"GET","json");
  176. rar=={ip:"your ip"}
  177.  
  178.  
  179.  
  180.  
  181.  
  182. doXHR('https://meeiot.org/?p=code.php', function cb(d,u){
  183. doc2.children[0].innerHTML=d;
  184. var rawr=doc2.children[0].innerText,
  185. fii=rawr.indexOf("FREE TOKENS"),
  186. rawr2=rawr.substr(fii+11,250).split("\n"),
  187. re=/[^0-9a-fA-F]/g, i=0, rwL=rawr2.length, n0, c,
  188. tokens=[];
  189. while(i<rwL){ c=rawr2[i];
  190. if(c.length<10||c.length>90){ if(n0) break; n0=!0;  } //break 2nd time around (2nd empty line)
  191. else if(!re.test(c)) tokens.push(c);
  192. i++;
  193. }
  194.  
  195. //re.test(rawr2[2]) //if true then is not a hexidecimal string
  196.  
  197. self.meeiot_tokens=tokens;
  198. });
  199.  
  200. self._waked_=self._waked_||{};
  201.  
  202.  
  203.  
  204. if(confirm("Do you allow Waked to detect and share your public internet IP addrres? (click ok for yes, cancel for no)")){
  205.  
  206. doXHR('https://api64.ipify.org?format=json', function cb(d,u){ console.log("detected ip"); self._waked_.client_ip=d.ip;
  207.  
  208.   doXHR('https://meeiot.org/push/'+meeiot_tokens[0]+'/waked_cips='+_waked_.client_ip, function cb(d,u){ console.log("did share public ip");  });
  209.  
  210. });
  211.  
  212. }else if(confirm("Would you like more information about how Waked wants to use your IP address?")){
  213.  alert("Waked is designed to try to use your device to build a massive Peer to Peer voluntary botNet with your's and other waked user's devices and use that botNet to provide free services to you and all other waked users.");
  214. }
  215.  
  216. */
  217. </script>
  218. </body>
  219. </html>
RAW Paste Data