THIS IS A STATIC MIRROR OF USERSCRIPTS.ORG - LOGINS DO NOT WORK

Cookie Stealing Scripts

in Userscripts.org discussion
Subscribe to Cookie Stealing Scripts 209 posts, 115 voices



nice_bow_tie Scriptwright
FirefoxX11

The scripts by this user appear to be malware: https://userscripts-mirror.org/users/422227

 
nice_bow_tie Scriptwright
FirefoxX11

I'm concerned that malicious scripts that have been previously reported are still available on the site for users to install.

Does any site admin ever read these boards? Why are these scripts not removed?

 
nice_bow_tie Scriptwright
FirefoxX11

Other users with similar dodgy scripts:

https://userscripts-mirror.org/users/422222
https://userscripts-mirror.org/users/422223

 
Jefferson Scher Scriptwright
FirefoxWindows

nice_bow_tie wrote:
I'm concerned that malicious scripts that have been previously reported are still available on the site for users to install.
Does any site admin ever read these boards? Why are these scripts not removed?
GOOD QUESTION !

 
Roxz Scriptwright
FirefoxWindows

https://userscripts-mirror.org/users/468628

 
Bubs User
FirefoxWindows

https://userscripts-mirror.org/scripts/show/129744

Shame, it was nice to have working direct image linking on Google Image Search again.

 
w35l3y Scriptwright
FirefoxX11

https://userscripts-mirror.org/scripts/show/140202

copy of my script

 
ComSwitch Scriptwright
FirefoxX11

What about the possibility to create RegEx Rules over parts of scripts. After upload a new script it will be counted like it SpamAssassin does.

 
Couchy Scriptwright
ChromeX11

^ Won't work. There's a billion different ways to obfuscate your JS code.

 
ComSwitch Scriptwright
FirefoxX11

you are right.
but:
a)obfuscated code will never get a good review of code
b)how can you obfuscate functions for cookie access, you have to use the javascript function in one of the code parts?
c)greasemonkey needs a restriction for cookie access and the user should allow it for scripts like in java your mobile phone device ask you to give a app the access to something like bluetooth ...

 
Bill D Scriptwright
FirefoxWindows

Is it not possible to have some sort of a flagging or reporting system for the scripts? (I don't come here often, but I didn't see one) There should be a "Warning!" capability that marks a script with a red warning message that is VERY visible with a link to what that MIGHT mean. This should be clearable by "mods". I guess people could be idiots and use it badly, but hopefully not. Actually, you probably need some way to specify adware alert, malware alert, etc...

 
Kyle Stephens User
Chrome

https://userscripts-mirror.org/scripts/show/161131

That one is also malicious. It even bloody says in the js file about login keylogger and clearly “gets” the pass and username elements…

I don’t use that social network anyway…but it was …. convenient I could find it and report it.

 
Nico De Belder Scriptwright
FirefoxWindows

https://userscripts-mirror.org/users/505802/scripts

This guy copies scripts and add malicious code in them.

 
BufoBufo Scriptwright
ChromeWindows

https://userscripts-mirror.org/users/talibecp

Spreaded malware-copies of hundreds of userscripts.

 
aireca Scriptwright
FirefoxWindows

do something, please!!! EXTRA BIG cookie stealer user....

https://userscripts-mirror.org/scripts/review/169472

https://userscripts-mirror.org/users/talibecp

 
Marti Scriptwright
FirefoxX11

Would be nice to get rid of that user since 100% of that persons scripts are dangerous but at least it's good "testing against" material for analysis ;)

 
Seifer Scriptwright
ChromeWindows

This is bull shit. There have recently been hundreds, probably thousands, of these malicious scripts uploaded.
We NEED a "REPORT AS SCAM" button prominent on the front page of every script.

Upon any one clicking it, it adds to a counter. Once that counter hits 1% or more of the installs:
It needs to make a BIG WARNING on the page for all users that the script is a suspected scam and NOT to install it without checking the source code.

The 1% would stop certain people going marking heaps of even vaguely-popular scripts as scams.

 
armvdw User
FirefoxWindows

All the 100's of scripts by this user are the same facebook login stealing malware.

https://userscripts-mirror.org/users/talibecp

 
LouCypher Scriptwright
FirefoxWindows

armvdw wrote:
All the 100's of scripts by this user are the same facebook login stealing malware.
https://userscripts-mirror.org/users/talibecp
Similar:
https://userscripts-mirror.org/users/516272/scripts

 
w35l3y Scriptwright
FirefoxWindows

Agreed!

https://userscripts-mirror.org/users/talibecp
https://userscripts-mirror.org/users/516272/scripts

both users only have fb login stealing scripts

 
Michael Ridgway Scriptwright
ChromeMacintosh

Copy of my script: https://userscripts-mirror.org/scripts/reviews/170685
User seems to be doing this for several scripts: https://userscripts-mirror.org/users/521027

 
Timid Script Scriptwright
FirefoxWindows

Facebook hacking scripts
https://userscripts-mirror.org/users/516272/scripts

It also uses existing script titles and description. Very, very dangerous.

 
Tony Dominey User
ChromeWindows

Any site would put password information into a cookie. What normally happens is that session details are stored so that when the browser talks to the server again later the server knows that it's the same browser as the user logged in from earlier.

 
Tony Dominey User
ChromeWindows

Any site would put password information into a cookie. What normally happens is that session details are stored so that when the browser talks to the server again later the server knows that it's the same browser as the user logged in from earlier.

 
Tony Dominey User
ChromeWindows

Any site would put password information into a cookie. What normally happens is that session details are stored so that when the browser talks to the server again later the server knows that it's the same browser as the user logged in from earlier.