What is the function hijacking of javascript?
function hijacking, as the name suggests, is to hijack a function before it is run, adding the functionality we want. When this function is actually running, it is not the original function, but with the function that we added. This is also one of the common principles of the hook function.
At first glance, it looks like a function rewrite. The rewrite of the function can also be understood as a function hijacking, but it's disgusting. As a hostage-taker, we should follow the good work ethic after the kidnapping, and return the person intact, so we have to call back the function's original function in the right place.
By extension, in fact, "hijack" the concept we often encounter, for example, a site was hijacked by operators, browsing the site will pop up the operator's ads.
Example analysis
Now let's take a simple example, hijack the alert () function and add a little bit of functionality to it:
Let warn = alert
Window.alert = (t) => {
if (confirm) are (t)
}
alert (' Help me ...!!! ')
You can open the developer tool to try this example and you will find that only when you confirm click OK in it will pop up Help me...!!! .
Next we encapsulate this part of the content and become a generic function:
Const Hijack = (obj, method, fun) => {let
orig = Obj[method]
Obj[method] = Fun (orig)
}
First we define a function that will hijack save the original function and then execute the custom function, and the original function will be invoked inside the custom function.
And then we'll hijack the confirm() function:
Hijack (window, ' Confirm ', (orig) => {return
(text) => {
alert (' Help ME plz!!! ')
if (Orig.call (this, text)) {
alert (' You seems FINE and I AM leaving, good bye! ')
} else {
alert (' HOLD on! I AM coming!! ')}}
)
The function of this function is very simple, not detailed description, direct call confirm() you know.
Anti-hijacking
Create a new page, open your Developer tool console, and enter alert , and you'll see output like this:
Function alert () {[native code]}
Then use the code at the beginning of this article, take a alert() hijack, and then re-enter the console alert , you will see this output:
Function (t) => {
if (confirm (' How are you? ') warn (t)
}
As you can see from the above example, to see if a function is hijacked, just print it out directly. For the system native function, [native code] which means it is pure non-polluting.
function hijacking
In addition to adding functionality to functions, it is possible to use function hijacking to track the information of malicious users. A generic XSS attack can be tested using a alert() method such as the ability to output information, which allows us to hijack the original, alert() enter the code for tracking information, and finally release the original function. When a malicious user is tested alert() , he is immediately tracked by us, but he is not aware of it.
JavaScript hijacking and JavaScript hijacking hacker technology
Note: The serial number in the figure represents the implementation order of the JavaScript black technology
This is done by properly logging in to a compromised trust site and then switching to a malicious site (which cannot be logged out at this time), and then sending it back to the trust site with the JavaScript script returned by the malicious Web site and the trust site. cookie To get sensitive information about Trusted sites
Precautions:
1, the Trust Web site (step 2) returned to the content must be a JSON array, if it is the JSON object then a JavaScript error occurs, but we can return to detect the type of return, if it is the object, then we can also precede the object with brackets
2, hijacking and JavaScript hijacking technology is reflected in step five, in the implementation of step five is sure to use JavaScript hijacking to rewrite methods in the object, so that the ability to record the trust of sensitive information in the site, so JavaScript The realization of hijacking is inseparable from hijacking
3. Trust website must respond to a GET request
Summarize
About the function of JS hijacking, is not something new, but in the recent work encountered this knowledge points feel more unfamiliar, so spent some time to study and record the results. The above is the entire content of this article, if you find any errors and omissions of the place welcome correction!