Return to Level1Techs.com

[Solved] Injecting Code for Incoming Traffic

javascript
php
#1

Hello,

I’ve got a issue with this one website routing some malicious javascript through their main.php file. Blocking the javascript file renders the website unusable, so is it possible to modify the incoming main.php file through some tool or script? Wireshark maybe?

0 Likes

#2

Reads more like some malicious cross site scripting using Javascript as the main means of conveyance. Then again, it could just as easily be cross site scripting using Extensible Cascading Style Sheets (more than likely this) or simple Cascading Style Sheets related to “Cookies.” In either case, without risk of being sanctioned for violating Community Rule Sets… This is not the platform to ask or receive such information upon as all of the above requires exploiting a website owner’s subject material for which said website owner more than likely did not intend such to be exploited. Be it intentional or a simple matter of ignorance. I suspect the latter versus the former.

0 Likes

#3

No I don’t want to modify the content of their website, I just want to modify the content coming to my computer to prevent the infection from infecting me. All I need to do is remove 3 lines of code so the function doens’t activate the javascript.

1 Like

#4

If you are requesting methods for injecting a website, regardless of what means and/or intention revolve around such mate; injection requires the modification of another’s website for purposes to serve the Injector’s own purposes. Thus requiring the given site to be modified in some manner that the owner did not intend for. Not only this, yet also by the very subject material in which you request assistance, you are not sure if Javascript or XCSS/CSS may also potentially be the culprit.

Suggestion: If the site is of malicious intent and you are not sure how to proceed, then logic dictates you abandon any further access of said site. Or pentest for vulnerabilities, followed by notifying the Owner of said site as to those exploitations. And no matter the intent in the affirmative or the negative, I at least cannot and will not answer that directly without being sanctioned as the given Rule Set dicates the contrary to be so.

P.s.-If you do not wish to modify the content of the web site itself, then simply block the offending material. And yes, I’m aware that blocking Javascript renders the site unusable. Hence the comment as to my doubts as to Javascript being the conveyance of the offending material.

0 Likes

#5

The website owner knows that people are blocking the script, there’s another function in the php file that checks to see whether or not the javascript file is present. If the file is not found, the website tells you to remove the block you have on it, thus disabling the website. I know how to block specific files from a website using ublock’s static filters; however the owner seems intent on running this one file and I cannot in good conscious run it.

I’ve had a look at the css (this website is not very complex and does not attempt to obfuscate its source material) and it looks pretty standard so I would definitely say it’s this specific file, plus the file is known malware. Simply going to virus total tells me that much.

1 Like

#6

So the site sends you the part of the page and the js, and waits for a response before loading the rest of the page?

1 Like

#7

Then I would definitively avoid the site altogether based upon the information you provided… Would be my “official” response considering you are unsure as to how to proceed.

There are however several others (plural) within the Community who would willingly answer the above privately however.

0 Likes

#8

cant fiddler do what you want?

you can pretty much edit anything sent to the browser using that.

2 Likes

#9

Yeah using the Watch Expression function in Firefox’s tells me the state of the function when loading the page. If I block the file, the function state is undefined and there’s a rule to check for that. If the function is undefined it prevent’s the media I want from loading.

@flazza

I’ll check this out. I’m really new to web development and I’ve been crafting my own website through jekyll and Github pages for a while now so if I have a problem with a website I like to see if I can fix it to improve my troubleshooting abilities hence this question. I’m not aware of many of the tools of the trade so thank you for your suggestion.

0 Likes

#10

Ok, well then a little lesson of ethical hacking.

If the page loaded in its entirety, then checked for the presence of the js and reloaded to a blank page as a result of its absence, then its no problem to prevent the page reload. This is how some anti-ad-block works, not very effective.

Loading partial a partial page, executing JS then continuing with page load requires a response to the host. In this case you would have to forge the response with your own js. This is borderline injection because if you cause an overflow or somehow inflict damage, you will be at fault.

1 Like

#11

Excellent!
Now that this has generated the appropriate Community interaction, send me a link privately with what you’re looking to peruse and/or download. I’m quite curious as to what all of the “rabble rousing” is about now that i know where one can “officially” proceed.

0 Likes

#12

By the way, I’m assuming you have already made an attempt to find the direct link to the media you are wishing to peruse, provided it is not directly hosted on the web site you make mention of?

0 Likes

#13

Yeah that’s where I’m really confused and I think this website is written extremely badly. Sometimes it leaks the media, other times it doesn’t. I just want to automate the task of blocking the script so I don’t have to spend a hour messing around trying to get it to leak the media again. I’ve tried clearing my local storage each time it happens but I think there’s a server side log of IP’s that try to block content, although there’s nothing to mention that in any of the javascript.

@SudoSaibot

With that information I can do some research of my own. I’m not looking for the direct answer to my problem I’m just looking for someone to point me in the right direction. :+1: It’s not like you can really google this stuff an expect to get a decent response to your question. That’s why I asked here.

1 Like

#14

Send me a link to the site itself, followed by the material you are looking to peruse. What you make mention of is typical crap used by idiots looking for clicks on their domains based upon the merit of presenting material in high demand, followed by obfuscating the availability of said material with “click baiting” in mind.

0 Likes

#15

@trexd: I can’t even believe I let you troll me into this material.
If I get sanctioned, I’m reporting you to my local union representative. :neutral_face:

0 Likes

#16

I think I figured it out. The website blocks any media from being loaded if you block any files; therefore I can just use SudoWolf’s solution and stop the website from loading after the check is made and grab the leaked media link. Then I can view the media separately without that javascript file.

DW I’ll figure it out on my own, that way your absolved of any responsibility :wink:

1 Like

#17

That crap load of nonsense spewed by me above was for “official” non-liability.

Meanwhile, in related news: Link me in an Inbox. My curiosity is definitely peaked based upon personal experience. Click baiting (hiding links behind crap) seems to still be all the rage even these days.

0 Likes

#18

Thanks for everyone’s quick response. I’m marking this as solved :smiley:

1 Like

#19

Website and the file are completely clean.
No malicious activity of any kind.
No hidden links to malicious hosts, etcetera.

Also what comes to mind, this could have been downloaded freely from numerous other hosts without all of the grief.

And am I to understand you had an active ad blocker working in the background of your workstation?

Footnote: Screenshot removed for reasons of respect to privacy.

Completely ready for download.

0 Likes

#20

Staff Members: Thread is marked as Solved and ready for closure should the good natured Author wish to do so.

0 Likes