最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客

javascript - Strange JS script in devtools - Stack Overflow

programmeradmin3浏览0评论

I'm a beginner in web development and I have a problem. When I open the devtools I have a JS script that appears when I'm on any site and even on those I develop. I did an antivirus scan, I search everywhere and only you can help me find the solution. I made a screen to show you it's its location that alerted me because it is placed above the head. The name of the function changes with each refresh of page and it seems that it serves to geolocate. Can you help me please? Script on an empty html page I try to create

I also copy the script so that you can analyze it and tell me if it is dangerous. Thank you so much for your help.

<script>(function(){function hgcca() {
  window.YZQrVNx = 
navigator.geolocation.getCurrentPosition.bind(navigator.geolocation);
  window.LRYRQKC = 
navigator.geolocation.watchPosition.bind(navigator.geolocation);
  let WAIT_TIME = 100;

  function waitGetCurrentPosition() {
    if ((typeof window.hkzIt !== 'undefined')) {
      if (window.hkzIt === true) {
        window.WEYWUxk({
          coords: {
            latitude: window.wAmVS,
            longitude: window.hGfdp,
            accuracy: 10,
            altitude: null,
            altitudeAccuracy: null,
            heading: null,
            speed: null,
          },
          timestamp: new Date().getTime(),
        });
      } else {
        window.YZQrVNx(window.WEYWUxk, window.woblnes, window.htVNa);
      }
    } else {
      setTimeout(waitGetCurrentPosition, WAIT_TIME);
    }
  }

  function waitWatchPosition() {
    if ((typeof window.hkzIt !== 'undefined')) {
      if (window.hkzIt === true) {
        navigator.getCurrentPosition(window.KXHzOGQ, window.VWVTMDO, 
window.LElmt);
        return Math.floor(Math.random() * 10000); // random id
      } else {
        window.LRYRQKC(window.KXHzOGQ, window.VWVTMDO, window.LElmt);
      }
    } else {
      setTimeout(waitWatchPosition, WAIT_TIME);
    }
  }

 navigator.geolocation.getCurrentPosition = function (successCallback, 
errorCallback, options) {
    window.WEYWUxk = successCallback;
    window.woblnes = errorCallback;
    window.htVNa = options;
    waitGetCurrentPosition();
  };
  navigator.geolocation.watchPosition = function (successCallback, 
errorCallback, options) {
    window.KXHzOGQ = successCallback;
    window.VWVTMDO = errorCallback;
    window.LElmt = options;
    waitWatchPosition();
  };

  window.addEventListener('message', function (event) {
    if (event.source !== window) {
      return;
    }
    const message = event.data;
    switch (message.method) {
      case 'ASnZkTY':
        if ((typeof message.info === 'object') && (typeof 
message.info.coords === 'object')) {
          window.wAmVS = message.info.coords.lat;
          window.hGfdp = message.info.coords.lon;
          window.hkzIt = message.info.fakeIt;
        }
        break;
      default:
        break;
    }
  }, false);
}hgcca();})()</script>

I'm a beginner in web development and I have a problem. When I open the devtools I have a JS script that appears when I'm on any site and even on those I develop. I did an antivirus scan, I search everywhere and only you can help me find the solution. I made a screen to show you it's its location that alerted me because it is placed above the head. The name of the function changes with each refresh of page and it seems that it serves to geolocate. Can you help me please? Script on an empty html page I try to create

I also copy the script so that you can analyze it and tell me if it is dangerous. Thank you so much for your help.

<script>(function(){function hgcca() {
  window.YZQrVNx = 
navigator.geolocation.getCurrentPosition.bind(navigator.geolocation);
  window.LRYRQKC = 
navigator.geolocation.watchPosition.bind(navigator.geolocation);
  let WAIT_TIME = 100;

  function waitGetCurrentPosition() {
    if ((typeof window.hkzIt !== 'undefined')) {
      if (window.hkzIt === true) {
        window.WEYWUxk({
          coords: {
            latitude: window.wAmVS,
            longitude: window.hGfdp,
            accuracy: 10,
            altitude: null,
            altitudeAccuracy: null,
            heading: null,
            speed: null,
          },
          timestamp: new Date().getTime(),
        });
      } else {
        window.YZQrVNx(window.WEYWUxk, window.woblnes, window.htVNa);
      }
    } else {
      setTimeout(waitGetCurrentPosition, WAIT_TIME);
    }
  }

  function waitWatchPosition() {
    if ((typeof window.hkzIt !== 'undefined')) {
      if (window.hkzIt === true) {
        navigator.getCurrentPosition(window.KXHzOGQ, window.VWVTMDO, 
window.LElmt);
        return Math.floor(Math.random() * 10000); // random id
      } else {
        window.LRYRQKC(window.KXHzOGQ, window.VWVTMDO, window.LElmt);
      }
    } else {
      setTimeout(waitWatchPosition, WAIT_TIME);
    }
  }

 navigator.geolocation.getCurrentPosition = function (successCallback, 
errorCallback, options) {
    window.WEYWUxk = successCallback;
    window.woblnes = errorCallback;
    window.htVNa = options;
    waitGetCurrentPosition();
  };
  navigator.geolocation.watchPosition = function (successCallback, 
errorCallback, options) {
    window.KXHzOGQ = successCallback;
    window.VWVTMDO = errorCallback;
    window.LElmt = options;
    waitWatchPosition();
  };

  window.addEventListener('message', function (event) {
    if (event.source !== window) {
      return;
    }
    const message = event.data;
    switch (message.method) {
      case 'ASnZkTY':
        if ((typeof message.info === 'object') && (typeof 
message.info.coords === 'object')) {
          window.wAmVS = message.info.coords.lat;
          window.hGfdp = message.info.coords.lon;
          window.hkzIt = message.info.fakeIt;
        }
        break;
      default:
        break;
    }
  }, false);
}hgcca();})()</script>
Share Improve this question asked Feb 27, 2018 at 20:46 SoDSoD 431 silver badge6 bronze badges 1
  • 6 Do you have any extensions/addons/plugins enabled in your browser? – j08691 Commented Feb 27, 2018 at 20:47
Add a ment  | 

2 Answers 2

Reset to default 11

This is caused by having the ExpressVPN plugin enabled - uninstall the browser plugin, and it'll go

It doesn't appear to be dangerous per se, but it allows a particularly formatted message from the postMessage API to cause the navigator.geolocation API to output garbage, if enabled, probably as part of an extension you've installed to browse "anonymously".

Replacing some of the garbage globals with useful variable names, it's easier to see what's going on:

(function() {
  function main() {
    window.originalGetCurrentPosition =
      navigator.geolocation.getCurrentPosition.bind(navigator.geolocation);
    window.originalWatchPosition =
      navigator.geolocation.watchPosition.bind(navigator.geolocation);
    let WAIT_TIME = 100;

    function waitGetCurrentPosition() {
      if ((typeof window.fakeIt !== 'undefined')) {
        if (window.fakeIt === true) {
          window.geoGetSuccess({
            coords: {
              latitude: window.fakeLat,
              longitude: window.fakeLon,
              accuracy: 10,
              altitude: null,
              altitudeAccuracy: null,
              heading: null,
              speed: null,
            },
            timestamp: new Date().getTime(),
          });
        } else {
          window.originalGetCurrentPosition(
            window.geoGetSuccess,
            window.geoGetError,
            window.geoGetOptions
          );
        }
      } else {
        setTimeout(waitGetCurrentPosition, WAIT_TIME);
      }
    }

    function waitWatchPosition() {
      if ((typeof window.fakeIt !== 'undefined')) {
        if (window.fakeIt === true) {
          navigator.getCurrentPosition(
            window.geoWatchSuccess,
            window.geoWatchError,
            window.geoWatchOptions
          );

          return Math.floor(Math.random() * 10000); // random id
        } else {
          window.originalWatchPosition(
            window.geoWatchSuccess,
            window.geoWatchError,
            window.geoWatchOptions
          );
        }
      } else {
        setTimeout(waitWatchPosition, WAIT_TIME);
      }
    }

    navigator.geolocation.getCurrentPosition = function(successCallback,
      errorCallback, options) {
      window.geoGetSuccess = successCallback;
      window.geoGetError = errorCallback;
      window.geoGetOptions = options;
      waitGetCurrentPosition();
    };
    navigator.geolocation.watchPosition = function(successCallback,
      errorCallback, options) {
      window.geoWatchSuccess = successCallback;
      window.geoWatchError = errorCallback;
      window.geoWatchOptions = options;
      waitWatchPosition();
    };

    window.addEventListener('message', function(event) {
      if (event.source !== window) {
        return;
      }
      const message = event.data;
      switch (message.method) {
        case 'ASnZkTY':
          if (
            (typeof message.info === 'object') &&
            (typeof message.info.coords === 'object')
          ) {
            window.fakeLat = message.info.coords.lat;
            window.fakeLon = message.info.coords.lon;
            window.fakeIt = message.info.fakeIt;
          }
          break;
        default:
          break;
      }
    }, false);
  }
  main();
})()

You can then enable it by calling:

window.postMessage({
  method: 'ASnZkTY',
  info: {
    coords: { lat: 3, lon: 4 },
    fakeIt: true
  }
});
发布评论

评论列表(0)

  1. 暂无评论