jsproxy icon indicating copy to clipboard operation
jsproxy copied to clipboard
verified publisher icon EtherDream

关于 location的重写

Open HerbLuo opened this issue 6 years ago • 5 comments

关于重写 location,我做了如下的尝试:

var mylocation = {href: 'http://123'};
var myeval = (areWinTypeEval = false) => (str) => {
  str = `
function foo() {
  const window = this;
  const location = mylocation;
  const eval = myeval;
  ${str}
}
foo.call(mywindow)
`;
  if (areWinTypeEval) {
    window.eval(str)
  } else {
    eval(str)
  }
};
var mywindow = {
  location: mylocation,
  eval: myeval(true),
  __proto__: window,
}


function foo() {
  const window = this;
  const location = mylocation;
  const eval = myeval();

  /*此处的代码模拟网页上的原js脚本*/
  console.log(window);
  console.log(window.location);
  console.log(location)
  eval('console.log(location)');
  window.eval('console.log(location)');
  const reval = eval;
  reval('console.log(location)');
  reval('console.log(window.location)');
  reval('eval("console.log(window.location)")')
  /*此处的代码模拟网页上的原js脚本 END*/
}

foo.call(mywindow)

上述代码在控制台的输出为

Window {...}
{href: "http://123"}
{href: "http://123"}
{href: "http://123"}
{href: "http://123"}
{href: "http://123"}
{href: "http://123"}

看看是否能解决 重写 location 的问题

HerbLuo avatar Jun 24 '19 06:06 HerbLuo

这个方案之前试过,需要给所有脚本裹一层,用局部的 window 变量。

但是有些脚本是通过 var x = ... 定义全局变量的,结果这些变量都变成局部变量了,其他脚本访问不到了。貌似 google 首页就有这种全局变量,导致很多错误。

EtherDream avatar Jun 24 '19 07:06 EtherDream

那这样的呢?试过没?

var mylocation = {href: 'http://123'};
var myeval = (areWinTypeEval = false) => (str) => {
  str = `
function foo() {
  const window = this;
  const location = mylocation;
  const eval = myeval;
  ${str}
}
foo.call(mywindow)
`;
  if (areWinTypeEval) {
    window.eval(str)
  } else {
    eval(str)
  }
};
var mywindow = {
  location: mylocation,
  eval: myeval(true),
  __proto__: window,
}


{
  const window = mywindow;
  const location = mylocation;
  const eval = myeval();

  /*此处的代码模拟网页上的原js脚本*/
  var abc = 1234;
  console.log(window);
  console.log(window.location);
  console.log(location)
  eval('console.log(location)');
  window.eval('console.log(location)');
  const reval = eval;
  reval('console.log(location)');
  reval('console.log(window.location)');
  reval('eval("console.log(window.location)")')
  /*此处的代码模拟网页上的原js脚本 END*/
}


console.log(abc);

HerbLuo avatar Jun 24 '19 07:06 HerbLuo

这个还没试过~ ES6 Block Scope 我研究下看看

EtherDream avatar Jun 24 '19 07:06 EtherDream

有些 js 修改 location 时会省略 window,直接 location = '//google.com',这种似乎没法 hook。没有这种用法就好了。。。我想想能不能用 with 实现

EtherDream avatar Jun 24 '19 07:06 EtherDream

js-hook.md 这里面的方法能不能写成一个通用的 function, 我在这个仓库里没有找到,因为有很多场景可能适用。

@EtherDream

wll8 avatar Aug 17 '22 11:08 wll8