// ==UserScript== // @name JSHack // @namespace http://tampermonkey.net/ // @version 1.2 // @description 推荐此脚本和bp插件HaE、CaA联动,可快速检测前端敏感信息泄露 // @description v1.1:自动将网站中的js资源加载方式修改为preload,以便检测潜在的安全问题,并统计prefetch的js数量。 // @description 持续更新中,将继续添加新功能 // @description v1.2 :增加脚本图标 // @author Qin // @icon data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAADICAYAAACtWK6eAAAAAXNSR0IArs4c6QAAD81JREFUeF7tXXnwr1MdflRaVLpUbrSShJpGajSDolAxpXCZtFlahtC+qWlhokGLEUNJoholKRUNpXLTXijZ27kokkh3kpbzuG/6df2W95z3c97zOe95PjO/uX/cszzn+Zzn+77vWT6fVSATA2JgTgZWETdiQAzMzYAEotkhBuZhQALR9BADEojmgBhIY0BPkDTeVKsRBiSQRhytYaYxIIGk8aZajTAggTTiaA0zjQEJJI031WqEAQmkEUdrmGkMSCBpvKlWIwxIII04WsNMY0ACSeNNtRphQAJpxNEaZhoDEkgab6rVCAMSSCOO1jDTGJBA0nhTrUYYkEAacbSGmcaABJLGm2o1woAE0oijNcw0BiSQNN5UqxEGJJBGHK1hpjEggaTxplqNMCCBNOJoDTONAQkkjTfVaoQBCaQRR2uYaQzkEMh6AB6VBqeqWucDuKMqxPODfQ6Asyc0HpOhWAnk6QD2AsB/1zdB5r+R2wF8HcBPAtT3+oc7L8JDARwIYF8Ax1U+FlP4FgLh5HiPKar6GrsWwAEATq8M+n0BHA3gFTNwUyzvrGwc2eAOFcgyAOtkQ1dfw88E8O1KYC8Kr8KfALDTLHhPBLB3JePICnOIQPTkmN01jwDAHw7PthjA5QAokrnsTAC7Afib54HkxpYqkAd2BOvpcXcP8TVrl9yOG9D+IwH8AsDqPdr4QSi7pALB9xhKWpFUgTwrfJCfm9bl5Gvx6cGniEdbF8AFCzw5VsZ9GYCdux9Ej2PKiilVIO8AcEhWZHU3zifrdc6G8DgA3wfw4ARcVwN4YSeuhOr1VkkVyLfCx+jW9Q47O3JvH+sbAlgK4KEDRn4jgBcA+N6ANqqrmioQPUHmd7WnJ8jG3evww4xm51ad2Iya891MqkD0DTK3Xz19gzwBwDkZluL59nCe76ltgy5VIFrFmpt/L6tYTwRwFgCuWuWwJp4kqQIh4doHmX3aedgHoTi+CuDROZQxo83Nuw//zN2Ua36IQIhaO+n/7zsPH+d8rfoyAB4aHcOeMuXVraECoQN4LGHPMTzhvI9XhteZEwpj5Af5GSMfGL0pHNrcYqr7JBYC4Zzg5NgPAH+9Vi08ScbsnvsDF3YnYS8ds+NZ+uJS7pcAPL4Ajl91y/7XFOg7a5dWAvkvSIqDDnpIVtQ+GucO8x98QLmTcy4O8AlSyn4MYBsAt5YCkKNfa4HkwKg252eAm3/fBMAP89LGJWVevJqMSSD1u5Jn4rgv5cVOmtI3qQTiZVql4eB9Dt7k9GYHT+USnQTibWr1x/MuAJyIXo3C/aRXcH1xSSB9mfJV7kVhMeQUX5BmRcMYBQxuUa1JIPW57skVbcz9KwSB4CHJG+qjeQViCaQuz90HwPLK/Maru8+ri+b/oZVA6vLcpwC8tC7Id6I9DMDbK8StJ0hFTnsTgA9UhHdlqLsD+Gxt+PUEqcNjPATJzcDajTv+V9Y0CAnEv7fuD+Cv/mH2Qsir2p42NRcELYEsSFHxAtxL2KM4CjsA7wfAK9tVmATi202vCtdlP+YbYhK653cXupIqj1lJAhmT7bi++L7O6IdTtOu7U9+3eB+cBOLXQ4wcv61feIORnVzDq6O1QPirx9tlHvOD8FIPYzrxX+/2FgCHewdpgO9l4fbjpw3aydaElUB4o/CNADbKhtSuYcal5Yab1wnIoA+/AXAvuyG7ben3ABgOlUdSXJqFQGq9k/5dAFs69MrHV8rX4RCiKSSeSn6faYuGjQ0VCK+crmWIZ+ymmPjm4WN3Ok9/vBV4sSM8Y0FhvGAGf3BnQwRyJIDXuRtRPKAPd6+H8TXta9T6NB7KhNusVqkCWRsAf32nYgzKzFhSJY3fb6Ujo5Qc/xoAbi4JYLa+UwWyAwAeY56Kvc3BR/sxAF4zFUITxuHyWyRVIFMLO8oPY+5alzKGSar2UpERaRy/u+/ZVIFMLT8IE2/yxGwp410JnlFq3XjmjBuIbixVIFPLD/JRAPsU9MpPwzfQpgX799I1A27znJYbSxXI1PKDvCHk7eOqXAnjMvPkQnYOIPIeIWTQvwfUN62aKhDmB+GKi9dklbEkPTsckeHZpxJWS4SSsbhxlXckVSAk680AjhiLtYz98NWKr1il7EMA+ASTrWCA59DcXC0eIhAO5msAnluxZ78SQujsWBg/zyPlygJVeGhJ3fPwIg8xurChAuEgXuL9ROYcTHvZQb8t7MGs5mI2+ADxSwBMWe3CLATCgTwNwMu78PvMETIk3XAuYnhu7GcArgDAJ0epb46Z47t3yC3y91wDrrTdPwNY0wt2K4F4GU9tOBh18LraQGfGy6Pv98zcR+/mJZDeVGUpyDsf/8jScr2N3ujpDUQCKT+RGNKHoX1kKxi4CsAGXsiQQMp7gqnLnloehhsEHlYW7yJDAik/Lz4XNl13Kw/DDQKeaHCzLySBlJ8XB4U72e8uD8MNgn1DyoTjvKCRQMp7YtewPH5qeRhuELhKuiOBlJ8X3BSrKqBzZsoeEI6bcPPUhUkgLtwARhpc7ANKURQXAWAGLTcmgfhwxWkhmskuPqAURXE0gAOKIlipcwnEhzf2B/ARH1CKolgC4AtFEUggnui/C8uUA1XHEL4oLPH+JaZC7rJ6guRmuH/7vIBWQ+jW/iOKK8kMWtvEVclfWgLJz3HfHlrfD2HIo2P7kjVWOQlkLKYX7oeXpnh5qkX7YxcC9g5vg5dAfHmEITgP9AVpFDQMYXvUKD1FdiKBRBKWufj9uk2ylvzCi2y8F+PSWnKESwfMAoq5Vo6vBawBTg9xkecchgRi4OEMTZwFYPsM7Xpr8iQAe3oDNROPtUBW7ZIz/hMAL9+Xvi3HYwsPGuAA5qz4+YD6qVU3BnBJauVK6vHDnPlQrGMSkzsGnjOZf1YC4WvBfgAYsIEiod0OgOnOeN9hzHRnDB7Bx/YzADAo9FDjOzJjEfNvzJTMPHLh8sN1KKFd/ReHH9NTjNraOsy7QwA8KcTU4mFHs/lnIZA+SV/GSHfGLEVcR+fx8VzGGLo7j7gc+5lw0pcTaWrGYzWvNRrU68NbAkM4zWfJ82+oQJaFX9V1eg70t13Cxp7Fo4oxBOrVUTWGFWa4njFeH3lXnVl5p3TS9zvd032YB1bU5j2avj+ISfNviEBScoTkSlRzwcjHpPnKyLGMYbyv/iMAQ3w1Bs4+ffCbbjOjVNwpBzyj518q6QxefXnE02MmedaBolOE2seZC5VhyNWzFypk9P885fp5o7ZKNrNdyCz8DQMA3C9iAMCUkK1R8y9VIEPSH1inGmAsV4Y/HdvGTjzJ+yJc8HATVC2CcEZLZGAKC3GwW36MM0pmikXNv1SBDEmgY52shkSRsLHN8l26L3YuWzMsjqfU1QthPx/AXt2y60Jl+/4/F0pS741Ezb9UgQxJwWad7qxkspVU/vpOhNnKcYGATna9wdYBZ2JSfitY25DX6qj5l+pgTwJp6Qkyc6Ix6eiY+zIxk/xPAHgAkcvUOUwCiWC1lW+Q2ShZt0ti5Ok+O/3BJDgMRJHLJJAIZoeQFdHN3YqOuYq1EM7du9curi6WMgadfjWAL44AYIjPm3vFoj+mvA8SM994l4R/YwqFextc0ftgDNCBZSWQSAKnupMeScOdxVcPR2H27naYN09poGedpd3ezAlh03R5zzpWxSSQBCa59Mk825sk1O1bhcdZ+GrFAAs1GDN9cXOOmWO36A6TpuK+OLTFM018RWF2Lj45SpkEMoD5w8Im0k7Gee4uA3Cut6BmCRwxrA5/QHjMnKGG1uv+XaNLe8ZJz009npL4dbdbzRPZjHjoKRyPBJLg/JWr8B4IJ8GQBJlMbsO4ubcY4FETdgxIIHZcqqUJMiCBTNCpGpIdAxKIHZdqaYIMSCATdKqGZMeABGLHpVqaIAMSyASdqiHZMSCB2HGplibIgAQyQadqSHYMSCB2XKqlCTIggUzQqRqSHQMSiB2XammCDEggE3SqhmTHgARix6VamiADEsgEnaoh2TEggdhxqZYmyIAEMkGnakh2DEggA7hkGNJtu+ulTKbCCOmycRhgsiFezWXyGk7iXCaBJDI7hLjELlVtDgYuDNFmdgRwTQaGhvi5ybA/9EHJEKQZ5sBkmmSWL0ZatDQJJJLNM7pfq8hqKj4CA0zbwMjuliaBRLDJGFCMzSTzy8AeIYLKyYbwJJAIMplTnElEZX4ZOD18vFvGD5ZAInzNYGY5IwhGQFHRORhg3F4GsbMyCSSCyVtnpP6NqKaiIzOwaUjPzZUtC5NAIljkmvtjI8qraBkG+AThk8TCJJAIFvl+y1CjMr8MML88s/VamQQSwSRj8b41oryKjs/AkSG2L5NnWpkEEsEkUx/w3ZYbUjKfDDBds+WOugQS6eddAZwaWUfFx2GAm4TWOd4lkATfMevriQn1VCUfAzl20YlWAkn02fohz8VRALZPrK9qNgww0dDh4bX3aJvm7taKBDKQWOYF4d+GA/ODDITRXHUed+ey+1WZ07JJIM1NLQ04hgEJJIYtlW2OAQmkOZdrwDEMSCAxbKlscwxIIM25XAOOYUACiWFLZZtjQAJpzuUacAwDEkgMWyrbHAMSSHMu14BjGJBAYthS2eYYkECac7kGHMOABBLDlso2x4AE0pzLNeAYBiSQGLZUtjkGJJDmXK4BxzAggcSwpbLNMTBpgdwM4KLmXKoBWzLwGAD8SzH36Q9SBqU6YsCKAQnEikm1M0kGJJBJulWDsmJAArFiUu1MkoGlALbqO7JV+hZcqdwPAWyWWFfVxEBJBi4LQQaZ3LWXpQrkUgAb9epBhcSALwZ+F7MCliqQawGs7WvcQiMGejFwA4C1epUEkCqQKwBs0LcTlRMDjhhYBoABz3tZqkCOBbBPrx5USAz4YoAp+7bsCylVIDsAOLNvJyonBhwxcEzIdLV/XzypAmH71wNY3LcjlRMDDhjgMSem67upL5YhAtkuZJc9p29HKicGHDDAPDKnxeAYIhD2w13J3psuMcBUVgwYM3BemK9bx7Y5VCDsbwmA4wEsiu1c5cXACAzcHlZrDwJwaEpfFgJhv2sCOBjAJt0mzKoAbutyRPB9744UcKojBnoywHnMvY3Vur/lAK4EcAmAIwBwaTfJrASS1LkqiQHvDEgg3j0kfEUZkECK0q/OvTMggXj3kPAVZUACKUq/OvfOgATi3UPCV5QBCaQo/ercOwMSiHcPCV9RBiSQovSrc+8MSCDePSR8RRmQQIrSr869MyCBePeQ8BVlQAIpSr86986ABOLdQ8JXlAEJpCj96tw7AxKIdw8JX1EGJJCi9Ktz7wxIIN49JHxFGZBAitKvzr0zIIF495DwFWVAAilKvzr3zoAE4t1DwleUAQmkKP3q3DsDEoh3DwlfUQYkkKL0q3PvDPwHvMOS58QGp4cAAAAASUVORK5CYII= // @match *://*/* // @grant none // ==/UserScript== (function() { 'use strict'; // 定义一个变量来存储prefetch的js数量 let prefetchJsCount = 0; // 等待DOM加载完成 window.addEventListener('load', function() { console.log('%c【JSHack】开始修改HTML中的js和css加载方式', 'color: blue; font-weight: bold;'); // 获取所有的link标签 const links = document.getElementsByTagName('link'); for (let link of links) { // 检查rel属性是否为prefetch if (link.getAttribute('rel') === 'prefetch') { // 修改rel属性为preload link.setAttribute('rel', 'preload'); // 根据文件路径判断是css还是js,并设置as属性 if (link.getAttribute('href').endsWith('.css')) { link.setAttribute('as', 'style'); } else if (link.getAttribute('href').endsWith('.js')) { link.setAttribute('as', 'script'); prefetchJsCount++; // 增加prefetch的js计数 } console.log(`%c【JSHack】修改了链接:${link.getAttribute('href')}`, 'color: green;'); } } // 输出prefetch的js数量 console.log(`%c【JSHack】在当前网站检测到${prefetchJsCount}个prefetch的js资源`, 'color: orange; font-weight: bold;'); console.log('%c【JSHack】所有匹配的链接已修改完成', 'color: blue; font-weight: bold;'); // 祝福 console.log('%c【JSHack】祝您发现更多漏洞,为网络安全贡献力量!', 'color: red; font-weight: bold;'); // 增加的诗句 console.log('%c【JSHack】人海浮沉几万里,此心安处是吾乡。', 'color: purple; font-style: italic;'); }); })();