KXD黑-流星个主页–去后门版

看到有人在求这个代码，下载看了一眼

访问主页，加密的 JS 会去请求一个远程地址

懒得费事解密了，直接屏蔽之。

新建一个 JS 文件内容如下

(function() {
    const originalFetch = window.fetch;
    window.fetch = function(url, options) {
        if (url.includes('md.hi.sb')) {
            console.log('Blocked request to: ' + url);
            return Promise.reject('Blocked request to: ' + url);
        }
        return originalFetch.apply(this, arguments);
    };

    const originalCreateElement = document.createElement;
    document.createElement = function(tagName) {
        const element = originalCreateElement.apply(this, arguments);
        if (tagName.toLowerCase() === 'script') {
            const originalSetAttribute = element.setAttribute;
            element.setAttribute = function(attr, value) {
                if (attr === 'src' && value.includes('md.hi.sb')) {
                    console.log('Blocked script from: ' + value);
                    return;
                }
                originalSetAttribute.apply(this, arguments);
            };
        }
        return element;
    };
})();

然后在 index.html 里插入

<script src=”js/1.js”  type=”text/javascript”></script>

并在 html 头部加入

  <meta http-equiv="Content-Security-Policy" content="default-src 'self' https://q1.qlogo.cn https://cdn.jsdelivr.net; script-src 'self' https://q1.qlogo.cn https://cdn.jsdelivr.net; connect-src 'self' https://q1.qlogo.cn https://cdn.jsdelivr.net; report-uri /csp-violation-endpoint;">

再次刷新访问

整个世界都清净晒。加密的源码就不发了，网上一搜大把