-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathinjected.js
More file actions
134 lines (121 loc) · 4.26 KB
/
injected.js
File metadata and controls
134 lines (121 loc) · 4.26 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
(function() {
'use strict';
function serializeBody(body) {
if (body === null || body === undefined) return null;
if (typeof body === 'string') return body;
if (body instanceof URLSearchParams) return body.toString();
if (body instanceof FormData) {
const parts = [];
body.forEach((value, key) => { parts.push(encodeURIComponent(key) + '=' + encodeURIComponent(value)); });
return parts.join('&');
}
if (body instanceof ArrayBuffer || body instanceof Uint8Array) return '[Binary Data]';
if (body instanceof Blob) return '[Blob]';
if (typeof ReadableStream !== 'undefined' && body instanceof ReadableStream) return '[Stream]';
try { return JSON.stringify(body); } catch { return String(body); }
}
function resolveUrl(url) {
try { return new URL(url, window.location.href).href; } catch { return String(url); }
}
const originalFetch = window.fetch;
window.fetch = function(...args) {
try {
let url, method, body;
if (args[0] instanceof Request) {
const req = args[0];
url = req.url;
method = (req.method || 'GET').toUpperCase();
const opts = args[1] || {};
body = opts.body !== undefined ? serializeBody(opts.body) : null;
} else {
url = resolveUrl(args[0]);
const opts = args[1] || {};
method = (opts.method || 'GET').toUpperCase();
body = opts.body !== undefined ? serializeBody(opts.body) : null;
}
window.postMessage({
type: 'API_LEECH_BODY',
data: { url, method, body, timestamp: new Date().toISOString() }
}, '*');
const promise = originalFetch.apply(this, args);
promise.then(async (response) => {
try {
const cloned = response.clone();
const responseBody = await cloned.text();
window.postMessage({
type: 'API_LEECH_RESPONSE',
data: { url, method, responseBody, timestamp: new Date().toISOString() }
}, '*');
} catch (e) {}
}).catch(() => {});
return promise;
} catch (e) {
return originalFetch.apply(this, args);
}
};
const originalOpen = XMLHttpRequest.prototype.open;
const originalSend = XMLHttpRequest.prototype.send;
XMLHttpRequest.prototype.open = function(method, url, ...rest) {
this._erpData = {
method: (method || 'GET').toUpperCase(),
url: resolveUrl(url),
timestamp: new Date().toISOString()
};
this.addEventListener('load', function() {
if (!this._erpData) return;
var responseBody = null;
try {
if (this.responseType === '' || this.responseType === 'text') {
responseBody = this.responseText;
}
} catch (e) {}
if (responseBody !== null) {
window.postMessage({
type: 'API_LEECH_RESPONSE',
data: {
url: this._erpData.url,
method: this._erpData.method,
responseBody: responseBody,
timestamp: new Date().toISOString()
}
}, '*');
}
});
return originalOpen.apply(this, [method, url, ...rest]);
};
XMLHttpRequest.prototype.send = function(body) {
if (this._erpData) {
this._erpData.body = serializeBody(body);
window.postMessage({
type: 'API_LEECH_BODY',
data: this._erpData
}, '*');
}
return originalSend.apply(this, arguments);
};
(function() {
setInterval(function() {
var el = document.documentElement;
var url = el.getAttribute('data-ig-fetch-url');
if (!url) return;
el.removeAttribute('data-ig-fetch-url');
originalFetch(url, { credentials: 'include' })
.then(function(r) { return r.ok ? r.blob() : Promise.reject(); })
.then(function(blob) {
return new Promise(function(resolve) {
var fr = new FileReader();
fr.onload = function() { resolve(fr.result); };
fr.readAsDataURL(blob);
});
})
.then(function(dataUrl) {
el.setAttribute('data-ig-fetch-result', dataUrl);
el.setAttribute('data-ig-fetch-result-url', url);
})
.catch(function() {
el.setAttribute('data-ig-fetch-result', '');
el.setAttribute('data-ig-fetch-result-url', url);
});
}, 150);
})();
})();