人机协作:AI模型:Deepseek
仅供参考
安装与使用:
-
创建一个文件夹,将上述四个文件放入其中(
manifest.json,popup.html,popup.js,icon.png)或解压缩附件。 -
打开 Chrome 或 Edge 浏览器,进入扩展管理页面(
chrome://extensions/或edge://extensions/)。 -
开启右上角的"开发者模式"。
-
点击"加载已解压的扩展程序",选择该文件夹。
-
安装后,浏览器工具栏会出现扩展图标。
-
打开任意网页(例如
https://www.baidu.com),点击扩展图标,弹出窗口将显示对该页面的检测结果。
popup.js
javascript
// popup.js
// 获取当前活动标签页并注入检测脚本
chrome.tabs.query({ active: true, currentWindow: true }, (tabs) => {
const tab = tabs[0];
if (!tab) {
document.getElementById('content').innerHTML = '<div class="status">❌ 无法获取当前标签页</div>';
return;
}
// 显示当前页面 URL(截取前80字符)
const urlSpan = document.createElement('div');
urlSpan.className = 'tab-url';
urlSpan.textContent = `正在检测:${tab.url.length > 80 ? tab.url.substring(0, 80) + '...' : tab.url}`;
document.getElementById('content').before(urlSpan);
chrome.scripting.executeScript({
target: { tabId: tab.id },
func: runPageDetection
}, (results) => {
if (chrome.runtime.lastError) {
document.getElementById('content').innerHTML = `<div class="status">❌ 注入失败: ${chrome.runtime.lastError.message}</div>`;
return;
}
// 等待消息返回,结果会在 onMessage 中显示
});
});
// 监听来自注入脚本的检测结果
chrome.runtime.onMessage.addListener((message, sender, sendResponse) => {
if (message.type === 'detectionResult') {
displayResults(message.data);
sendResponse({ received: true });
}
return true;
});
function displayResults(results) {
const container = document.getElementById('content');
if (!results || results.length === 0) {
container.innerHTML = '<div class="status">✅ 未发现明显异常症状</div>';
return;
}
const suspicious = results.filter(r => r.status === 'suspicious');
const info = results.filter(r => r.status === 'info');
const safe = results.filter(r => r.status === 'safe');
let html = '';
if (suspicious.length > 0) {
html += '<div class="result-title suspicious">⚠️ 可疑症状</div>';
suspicious.forEach(item => {
html += `
<div class="result-item">
<div class="result-title suspicious">${escapeHtml(item.name)} [${escapeHtml(item.type)}]</div>
<div><strong>原因:</strong>${escapeHtml(item.reason)}</div>
<div class="detail"><strong>详情:</strong>${escapeHtml(item.detail)}</div>
<div class="detail"><strong>建议:</strong>${escapeHtml(item.suggestion)}</div>
</div>
`;
});
html += '<hr>';
}
if (info.length > 0) {
html += '<div class="result-title info">ℹ️ 信息提示</div>';
info.forEach(item => {
html += `
<div class="result-item">
<div class="result-title info">${escapeHtml(item.name)} [${escapeHtml(item.type)}]</div>
<div><strong>原因:</strong>${escapeHtml(item.reason)}</div>
<div class="detail"><strong>详情:</strong>${escapeHtml(item.detail)}</div>
${item.suggestion ? `<div class="detail"><strong>建议:</strong>${escapeHtml(item.suggestion)}</div>` : ''}
</div>
`;
});
html += '<hr>';
}
if (safe.length > 0 && suspicious.length === 0 && info.length === 0) {
html += '<div class="status safe">✅ 所有检测项目正常</div>';
} else if (suspicious.length === 0 && info.length === 0 && safe.length > 0) {
html += '<div class="status safe">✅ 未发现可疑症状</div>';
}
html += '<button id="reScanBtn">🔄 重新检测</button>';
container.innerHTML = html;
document.getElementById('reScanBtn')?.addEventListener('click', () => {
chrome.tabs.query({ active: true, currentWindow: true }, (tabs) => {
chrome.scripting.executeScript({
target: { tabId: tabs[0].id },
func: runPageDetection
});
container.innerHTML = '<div class="status"><span class="loading"></span> 正在重新检测...</div>';
});
});
}
function escapeHtml(str) {
if (!str) return '';
return str.replace(/[&<>]/g, function(m) {
if (m === '&') return '&';
if (m === '<') return '<';
if (m === '>') return '>';
return m;
}).replace(/[\uD800-\uDBFF][\uDC00-\uDFFF]/g, function(c) {
return c;
});
}
// ==================== 以下是被注入到目标页面执行的完整检测脚本 ====================
function runPageDetection() {
(function() {
var detectionResults = [];
function addResult(checkName, malwareType, status, reason, detail, suggestion, standard, location) {
detectionResults.push({
name: checkName,
type: malwareType,
status: status,
reason: reason,
detail: detail,
suggestion: suggestion || '',
standard: standard || '',
location: location || ''
});
}
function getDevicePerformance() {
var cores = navigator.hardwareConcurrency || 2;
if (cores >= 8) return 'high';
if (cores >= 4) return 'medium';
return 'low';
}
function extractFilePath(url) {
if (!url) return "";
try {
var urlObj = new URL(url, window.location.href);
return urlObj.pathname + (urlObj.search || "") + (urlObj.hash || "");
} catch(e) {
return "";
}
}
function getCurrentTimestamp() {
var now = new Date();
var year = now.getFullYear();
var month = String(now.getMonth() + 1).padStart(2, '0');
var day = String(now.getDate()).padStart(2, '0');
var hours = String(now.getHours()).padStart(2, '0');
var minutes = String(now.getMinutes()).padStart(2, '0');
var seconds = String(now.getSeconds()).padStart(2, '0');
return year + '-' + month + '-' + day + ' ' + hours + ':' + minutes + ':' + seconds;
}
var selfKeywords = ["runPageDetection", "恶意软件症状检测工具", "帧率持续低于", "getDevicePerformance", "detectionResults"];
// 1. 蠕虫检测
function checkWormFeatures(callback) {
var standard = "检测标准: 页面重定向>3次、可疑恶意域名跳转、短时meta刷新(<5秒)";
var redirectCount = 0;
var currentUrl = window.location.href;
var currentHost = window.location.hostname;
var currentPath = window.location.pathname;
var metaRefresh = document.querySelector('meta[http-equiv="refresh"]');
var isSuspiciousRefresh = false;
var refreshContent = "";
var abnormalInfo = [];
var timestamp = getCurrentTimestamp();
if (metaRefresh) {
refreshContent = metaRefresh.getAttribute('content') || '';
var delayMatch = refreshContent.match(/^(\d+)/);
var delay = delayMatch ? parseInt(delayMatch[1]) : 0;
if (delay < 5) {
isSuspiciousRefresh = true;
abnormalInfo.push("meta刷新标签: " + refreshContent);
abnormalInfo.push("刷新延迟: " + delay + "秒");
abnormalInfo.push("刷新目标: " + (refreshContent.match(/url=(.+)/i) ? refreshContent.match(/url=(.+)/i)[1] : "当前页面"));
}
}
if (performance && performance.getEntriesByType) {
var navEntries = performance.getEntriesByType('navigation');
if (navEntries.length > 0 && navEntries[0].redirectCount) {
redirectCount = navEntries[0].redirectCount;
if (redirectCount > 0) {
abnormalInfo.push("重定向次数: " + redirectCount);
if (navEntries[0].redirectStart && navEntries[0].redirectEnd) {
abnormalInfo.push("重定向耗时: " + Math.round(navEntries[0].redirectEnd - navEntries[0].redirectStart) + "ms");
}
}
}
}
var suspiciousDomains = ['hijack', 'redirect', 'exploit', 'malware', 'trojan', 'ransom', 'phish'];
var isSuspiciousDomain = false;
var matchedKeyword = "";
for (var i = 0; i < suspiciousDomains.length; i++) {
if (currentUrl.toLowerCase().indexOf(suspiciousDomains[i]) !== -1) {
isSuspiciousDomain = true;
matchedKeyword = suspiciousDomains[i];
break;
}
}
if (isSuspiciousDomain) {
abnormalInfo.push("URL包含可疑关键词: " + matchedKeyword);
abnormalInfo.push("完整URL: " + currentUrl);
}
var locationStr = "【检测时间】" + timestamp + "\n【当前页面】" + currentHost + currentPath + "\n" + (abnormalInfo.length > 0 ? "【异常详情】" + abnormalInfo.join("\n ") : "");
if (redirectCount > 3 || isSuspiciousDomain || isSuspiciousRefresh) {
addResult("蠕虫特征检测", "蠕虫", "suspicious",
"检测到多次重定向或可疑刷新,蠕虫常通过漏洞利用传播",
"重定向次数:" + redirectCount + ", 可疑刷新:" + isSuspiciousRefresh,
"1.检查浏览器是否被劫持\n2.清除缓存和Cookie\n3.运行安全软件扫描",
standard, locationStr);
} else {
addResult("蠕虫特征检测", "蠕虫", "safe", "未发现蠕虫特征", "重定向:" + redirectCount, "无需处理", standard, "无异常");
}
if (callback) callback();
}
// 2. 木马检测(修复 action.indexOf 错误)
function checkTrojanFeatures(callback) {
var standard = "检测标准: 已知挖矿脚本、密码表单提交至外部域名(非本域)";
var scripts = document.getElementsByTagName('script');
var suspiciousScripts = [];
var maliciousPatterns = ['coinhive', 'cryptoloot', 'webminer', 'cryptonight', 'jsminer', 'coinimp'];
var abnormalInfo = [];
var timestamp = getCurrentTimestamp();
var currentHost = window.location.hostname;
for (var i = 0; i < scripts.length; i++) {
var script = scripts[i];
var isSelf = false;
if (script.innerHTML) {
for (var k = 0; k < selfKeywords.length; k++) {
if (script.innerHTML.indexOf(selfKeywords[k]) !== -1) {
isSelf = true;
break;
}
}
}
if (isSelf) continue;
if (script.src) {
for (var j = 0; j < maliciousPatterns.length; j++) {
if (script.src.toLowerCase().indexOf(maliciousPatterns[j]) !== -1) {
suspiciousScripts.push(script.src);
abnormalInfo.push("恶意脚本URL: " + script.src);
abnormalInfo.push("脚本域名: " + (script.src.split('/')[2] || "未知"));
abnormalInfo.push("脚本路径: " + extractFilePath(script.src));
abnormalInfo.push("匹配模式: " + maliciousPatterns[j]);
break;
}
}
}
if (script.innerHTML && script.innerHTML.toLowerCase().indexOf('cryptonight') !== -1) {
abnormalInfo.push("内联脚本包含挖矿代码(cryptonight)");
abnormalInfo.push("脚本长度: " + script.innerHTML.length + "字符");
}
}
var forms = document.getElementsByTagName('form');
var passwordFields = document.querySelectorAll('input[type="password"]').length;
var externalActions = [];
for (var i = 0; i < forms.length; i++) {
var action = forms[i].action;
// 修复:确保 action 是字符串类型
if (action && typeof action === 'string') {
var actionStr = action;
if (actionStr !== '' && actionStr.indexOf('javascript:') === -1 && actionStr.indexOf('#') === -1) {
if (actionStr.indexOf(currentHost) === -1 && actionStr.indexOf('://') !== -1) {
externalActions.push(actionStr);
abnormalInfo.push("表单提交目标: " + actionStr);
abnormalInfo.push("提交目标域名: " + (actionStr.split('/')[2] || "未知"));
abnormalInfo.push("包含密码框数量: " + passwordFields);
}
}
}
}
var locationStr = "【检测时间】" + timestamp + "\n【当前页面】" + window.location.hostname + window.location.pathname + "\n" + (abnormalInfo.length > 0 ? "【异常详情】" + abnormalInfo.join("\n ") : "");
if (suspiciousScripts.length > 0) {
addResult("木马特征检测", "特洛伊木马", "suspicious",
"发现已知挖矿脚本,木马常通过恶意脚本窃取数据",
"可疑脚本:" + suspiciousScripts[0].substring(0, 80),
"1.关闭当前页面\n2.安装广告拦截插件\n3.避免在可疑页面输入密码",
standard, locationStr);
} else if (externalActions.length > 0 && passwordFields > 0) {
addResult("木马特征检测", "特洛伊木马", "suspicious",
"密码表单提交至外部域名,存在凭据窃取风险",
"外部目标:" + externalActions[0].substring(0, 60),
"1.确认网站域名是否正确\n2.检查SSL证书\n3.不要输入真实密码",
standard, locationStr);
} else {
addResult("木马特征检测", "特洛伊木马", "safe", "未发现木马特征", "密码框:" + passwordFields, "无需处理", standard, "无异常");
}
if (callback) callback();
}
// 3. 间谍软件检测
function checkSpywareFeatures(callback) {
var standard = "检测标准: 敏感权限(位置/相机/麦克风)授权数量≥2";
var granted = [];
var abnormalInfo = [];
var timestamp = getCurrentTimestamp();
function checkPerm(name, label, cb) {
try {
navigator.permissions.query({ name: name }).then(function(s) {
if (s.state === 'granted') {
granted.push(label);
abnormalInfo.push("已授权权限: " + label);
abnormalInfo.push("权限状态: " + s.state);
}
cb();
}).catch(function() { cb(); });
} catch(e) { cb(); }
}
var pending = 3;
checkPerm('geolocation', '位置', function() { pending--; if(pending===0) done(); });
checkPerm('camera', '相机', function() { pending--; if(pending===0) done(); });
checkPerm('microphone', '麦克风', function() { pending--; if(pending===0) done(); });
function done() {
var locationStr = "【检测时间】" + timestamp + "\n【当前页面】" + window.location.hostname + window.location.pathname + "\n" + (abnormalInfo.length > 0 ? "【异常详情】" + abnormalInfo.join("\n ") : "无敏感权限授权");
if (granted.length >= 2) {
addResult("间谍软件检测", "间谍软件", "suspicious",
"已授予多个敏感权限,间谍软件可监控用户",
"已授权:" + granted.join(','),
"1.检查网站权限\n2.撤销非必要权限\n3.清除网站数据",
standard, locationStr);
} else {
addResult("间谍软件检测", "间谍软件", "safe", "未发现间谍特征", "权限:" + (granted.length||'无'), "无需处理", standard, "无异常");
}
if (callback) callback();
}
}
// 4. 流氓软件检测
function checkRogueSoftware(callback) {
var standard = "检测标准: 虚假警告关键词>2个、浏览器劫持域名";
var fakeKeywords = ['病毒','木马','感染','危险','警告','立即清理','系统损坏',
'virus','infected','danger','warning','security alert',
'xp antivirus','winfixer','protection required','spyware detected',
'malware found','registry error','driver outdated'];
var pageText = document.body.innerText.toLowerCase();
var found = [];
var abnormalInfo = [];
var timestamp = getCurrentTimestamp();
var currentUrl = window.location.href;
var currentHost = window.location.hostname;
for (var i = 0; i < fakeKeywords.length; i++) {
if (pageText.indexOf(fakeKeywords[i].toLowerCase()) !== -1) {
found.push(fakeKeywords[i]);
abnormalInfo.push("虚假警告关键词: " + fakeKeywords[i]);
}
}
var hijackDomains = ['search.conduit', 'delta-homes', 'mysearch', 'trovi', 'babylon', 'websearch'];
var isHijacked = false;
var hijackedDomain = "";
for (var i = 0; i < hijackDomains.length; i++) {
if (currentUrl.indexOf(hijackDomains[i]) !== -1) {
isHijacked = true;
hijackedDomain = hijackDomains[i];
abnormalInfo.push("被劫持域名: " + hijackedDomain);
abnormalInfo.push("完整劫持URL: " + currentUrl);
break;
}
}
var locationStr = "【检测时间】" + timestamp + "\n【当前页面】" + currentHost + window.location.pathname + "\n" + (abnormalInfo.length > 0 ? "【异常详情】" + abnormalInfo.join("\n ") : "");
if (found.length > 2) {
addResult("流氓软件检测", "流氓软件", "suspicious",
"页面包含虚假警告关键词,诱导用户付款",
"匹配:" + found.slice(0,3).join(','),
"1.不要点击弹窗\n2.不要下载软件\n3.关闭页面",
standard, locationStr);
} else if (isHijacked) {
addResult("流氓软件检测", "流氓软件", "suspicious",
"浏览器可能被劫持", "域名异常: " + currentUrl.substring(0, 80),
"1.检查主页设置\n2.清除缓存\n3.重置浏览器",
standard, locationStr);
} else {
addResult("流氓软件检测", "流氓软件", "safe", "未发现流氓特征", "无虚假关键词", "无需处理", standard, "无异常");
}
if (callback) callback();
}
// 5. 挖矿软件检测
function checkMinerFeatures(callback) {
var perf = getDevicePerformance();
var fpsThreshold = perf === 'high' ? 30 : (perf === 'medium' ? 25 : 20);
var standard = "检测标准: 帧率持续低于" + fpsThreshold + "fps且无用户交互、已知挖矿脚本";
var cores = navigator.hardwareConcurrency || 2;
var frameCount = 0;
var startTime = performance.now();
var abnormalInfo = [];
var timestamp = getCurrentTimestamp();
var scripts = document.getElementsByTagName('script');
var hasMiner = false;
var minerDomains = ['coinhive', 'cryptoloot', 'webminer', 'cryptonight', 'coinimp', 'jsminer'];
for (var i = 0; i < scripts.length; i++) {
var script = scripts[i];
var isSelf = false;
if (script.innerHTML) {
for (var k = 0; k < selfKeywords.length; k++) {
if (script.innerHTML.indexOf(selfKeywords[k]) !== -1) {
isSelf = true;
break;
}
}
}
if (isSelf) continue;
if (script.src) {
for (var j = 0; j < minerDomains.length; j++) {
if (script.src.toLowerCase().indexOf(minerDomains[j]) !== -1) {
hasMiner = true;
abnormalInfo.push("挖矿脚本URL: " + script.src);
abnormalInfo.push("脚本域名: " + (script.src.split('/')[2] || "未知"));
abnormalInfo.push("匹配模式: " + minerDomains[j]);
break;
}
}
}
if (script.innerHTML && script.innerHTML.toLowerCase().indexOf('cryptonight') !== -1) {
hasMiner = true;
abnormalInfo.push("内联脚本包含挖矿代码: cryptonight");
}
}
var lastInteraction = Date.now();
var interactionHandler = function() { lastInteraction = Date.now(); };
document.addEventListener('mousemove', interactionHandler);
document.addEventListener('scroll', interactionHandler);
document.addEventListener('click', interactionHandler);
function measure() {
frameCount++;
var now = performance.now();
var elapsed = now - startTime;
if (elapsed < 3000) {
requestAnimationFrame(measure);
} else {
document.removeEventListener('mousemove', interactionHandler);
document.removeEventListener('scroll', interactionHandler);
document.removeEventListener('click', interactionHandler);
var fps = Math.round(frameCount / (elapsed / 1000));
var timeSinceInteraction = (Date.now() - lastInteraction) / 1000;
var isInteracting = timeSinceInteraction < 2;
var isThrottled = fps < fpsThreshold;
if (isThrottled && !isInteracting && cores >= 4) {
abnormalInfo.push("当前帧率: " + fps + "fps");
abnormalInfo.push("帧率阈值: " + fpsThreshold + "fps");
abnormalInfo.push("CPU核心数: " + cores);
abnormalInfo.push("设备性能等级: " + perf);
abnormalInfo.push("用户交互状态: " + (isInteracting ? "有交互" : "无交互"));
abnormalInfo.push("采样时长: " + (elapsed/1000) + "秒");
}
var locationStr = "【检测时间】" + timestamp + "\n【当前页面】" + window.location.hostname + window.location.pathname + "\n" + (abnormalInfo.length > 0 ? "【异常详情】" + abnormalInfo.join("\n ") : "");
if (hasMiner) {
addResult("挖矿软件检测", "挖矿软件", "suspicious",
"发现已知挖矿脚本,会占用CPU资源进行未授权挖矿",
"检测到挖矿脚本",
"1.关闭当前页面\n2.安装NoCoin等拦截插件\n3.避免访问可疑网站",
standard, locationStr);
} else if (isThrottled && !isInteracting && cores >= 4) {
addResult("挖矿软件检测", "挖矿软件", "info",
"帧率持续偏低且无用户交互,可能因页面复杂度或设备性能导致,不一定是挖矿",
"帧率:" + fps + "fps, 阈值:" + fpsThreshold + ", CPU:" + cores + "核",
"1.关闭未使用标签页\n2.检查设备是否发热\n3.如仍有怀疑,可使用专业工具扫描",
standard, locationStr);
} else {
addResult("挖矿软件检测", "挖矿软件", "safe", "未发现挖矿特征", "帧率:" + fps + "fps", "无需处理", standard, "无异常");
}
if (callback) callback();
}
}
requestAnimationFrame(measure);
}
// 6. 后门软件检测
function checkBackdoorFeatures(callback) {
var standard = "检测标准: 隐藏iframe、动态代码执行(eval/new Function)";
var iframes = document.getElementsByTagName('iframe');
var hidden = [];
var abnormalInfo = [];
var timestamp = getCurrentTimestamp();
for (var i = 0; i < iframes.length; i++) {
var f = iframes[i];
var style = window.getComputedStyle(f);
if (style.display === 'none' || style.visibility === 'hidden' || f.width === '0' || f.height === '0') {
hidden.push(f);
abnormalInfo.push("隐藏iframe URL: " + (f.src || "无src属性"));
if (f.src) {
abnormalInfo.push("iframe域名: " + (f.src.split('/')[2] || "未知"));
abnormalInfo.push("iframe路径: " + extractFilePath(f.src));
}
abnormalInfo.push("隐藏方式: display=" + style.display + ", visibility=" + style.visibility + ", width=" + f.width + ", height=" + f.height);
}
}
var pageContent = document.documentElement.innerHTML;
var hasEval = pageContent.indexOf('eval(') !== -1 || pageContent.indexOf('eval (') !== -1;
var hasFunction = pageContent.indexOf('new Function') !== -1;
var isSelf = pageContent.indexOf('checkBackdoorFeatures') !== -1 || pageContent.indexOf('恶意软件症状检测工具') !== -1;
if (hasEval || hasFunction) {
if (isSelf) {
abnormalInfo.push("检测到动态代码执行(来自工具自身,已忽略)");
} else {
abnormalInfo.push("动态代码执行: eval=" + hasEval + ", new Function=" + hasFunction);
}
}
var locationStr = "【检测时间】" + timestamp + "\n【当前页面】" + window.location.hostname + window.location.pathname + "\n" + (abnormalInfo.length > 0 ? "【异常详情】" + abnormalInfo.join("\n ") : "");
if (hidden.length > 0) {
addResult("后门软件检测", "后门软件", "suspicious",
"发现隐藏iframe,后门常与C2服务器通信",
"隐藏iframe数:" + hidden.length,
"1.检查iframe来源\n2.使用开发者工具查看网络请求\n3.运行安全扫描",
standard, locationStr);
} else if ((hasEval || hasFunction) && !isSelf) {
addResult("后门软件检测", "后门软件", "info",
"检测到动态代码执行,可能用于恶意代码注入",
"eval:" + hasEval + ", new Function:" + hasFunction,
"1.检查页面来源是否可信\n2.使用XSS检测工具",
standard, locationStr);
} else {
addResult("后门软件检测", "后门软件", "safe", "未发现后门特征", "无隐藏iframe", "无需处理", standard, "无异常");
}
if (callback) callback();
}
// 7. 僵尸软件检测
function checkBotnetFeatures(callback) {
var standard = "检测标准: 页面请求>150个或单一域名高频请求(>30次)";
var resourceCount = 0;
var domainCounts = {};
var requestDetails = [];
var abnormalInfo = [];
var timestamp = getCurrentTimestamp();
if (performance && performance.getEntriesByType) {
var resources = performance.getEntriesByType('resource');
resourceCount = resources.length;
for (var i = 0; i < resources.length; i++) {
try {
var domain = resources[i].name.split('/')[2];
if (domain) {
domainCounts[domain] = (domainCounts[domain] || 0) + 1;
if (domainCounts[domain] <= 3) {
requestDetails.push(resources[i].name.substring(0, 80));
}
}
} catch(e) {}
}
}
var highFreq = [];
for (var d in domainCounts) {
if (domainCounts[d] > 30) {
highFreq.push(d);
abnormalInfo.push("高频请求域名: " + d + " (" + domainCounts[d] + "次)");
}
}
abnormalInfo.push("总请求数: " + resourceCount);
abnormalInfo.push("请求域名数: " + Object.keys(domainCounts).length);
if (requestDetails.length > 0) {
abnormalInfo.push("部分请求示例: " + requestDetails.slice(0, 3).join(", "));
}
var locationStr = "【检测时间】" + timestamp + "\n【当前页面】" + window.location.hostname + window.location.pathname + "\n" + (abnormalInfo.length > 0 ? "【异常详情】" + abnormalInfo.join("\n ") : "");
if (resourceCount > 150) {
addResult("僵尸软件检测", "僵尸软件", "suspicious",
"页面发起大量请求,可能参与DDoS攻击",
"请求数:" + resourceCount,
"1.检查异常外连\n2.使用网络监控工具\n3.运行安全扫描",
standard, locationStr);
} else if (highFreq.length > 0) {
addResult("僵尸软件检测", "僵尸软件", "suspicious",
"对单一域名大量请求,可能是DDoS攻击行为",
"高频域名:" + highFreq.slice(0,2).join(','),
"1.检查请求是否正常\n2.使用广告拦截插件\n3.关闭可疑页面",
standard, locationStr);
} else {
addResult("僵尸软件检测", "僵尸软件", "safe", "未发现僵尸特征", "请求数:" + resourceCount, "无需处理", standard, "无异常");
}
if (callback) callback();
}
// 8. 勒索软件检测
function checkRansomwareFeatures(callback) {
var standard = "检测标准: 勒索关键词、加密货币地址(比特币/以太坊)";
var pageText = document.body.innerText.toLowerCase();
var keywords = ['encrypted', 'decrypt', 'bitcoin', 'ransom', 'wannacry', 'lockbit',
'文件被加密', '恢复文件', '赎金', 'your files are encrypted', 'pay the ransom',
'cryptocurrency', 'wallet address', 'monero', 'ethereum'];
var found = [];
var abnormalInfo = [];
var timestamp = getCurrentTimestamp();
var cryptoAddresses = [];
for (var i = 0; i < keywords.length; i++) {
if (pageText.indexOf(keywords[i].toLowerCase()) !== -1) {
found.push(keywords[i]);
abnormalInfo.push("勒索关键词: " + keywords[i]);
}
}
var btcPatterns = [ /(bc1|[13])[a-km-zA-HJ-NP-Z1-9]{25,59}/g, /bitcoin:[13][a-km-zA-HJ-NP-Z1-9]{25,34}/gi ];
for (var i = 0; i < btcPatterns.length; i++) {
var btcMatch = pageText.match(btcPatterns[i]);
if (btcMatch) {
cryptoAddresses.push("比特币地址: " + btcMatch[0]);
abnormalInfo.push("比特币地址: " + btcMatch[0]);
}
}
var ethPattern = /0x[a-fA-F0-9]{40}/g;
var ethMatch = pageText.match(ethPattern);
if (ethMatch) {
cryptoAddresses.push("以太坊地址: " + ethMatch[0]);
abnormalInfo.push("以太坊地址: " + ethMatch[0]);
}
var locationStr = "【检测时间】" + timestamp + "\n【当前页面】" + window.location.hostname + window.location.pathname + "\n" + (abnormalInfo.length > 0 ? "【异常详情】" + abnormalInfo.join("\n ") : "");
if ((cryptoAddresses.length > 0) && found.length > 0) {
addResult("勒索软件检测", "勒索软件", "suspicious",
"页面包含加密货币地址和勒索关键词",
"匹配:" + found.slice(0,3).join(','),
"1.不要支付赎金!\n2.立即断开网络\n3.使用杀毒软件扫描",
standard, locationStr);
} else if (found.length > 3) {
addResult("勒索软件检测", "勒索软件", "suspicious",
"页面包含勒索软件相关关键词", "匹配:" + found.slice(0,3).join(','),
"1.不要支付赎金\n2.立即断开网络连接\n3.备份重要文件",
standard, locationStr);
} else {
addResult("勒索软件检测", "勒索软件", "safe", "未发现勒索特征", "无勒索关键词", "无需处理", standard, "无异常");
}
if (callback) callback();
}
// 9. 存储异常检测
function checkStorageAnomaly(callback) {
var standard = "检测标准: 存储使用率>80%或localStorage>5MB";
var timestamp = getCurrentTimestamp();
var abnormalInfo = [];
if ('storage' in navigator && 'estimate' in navigator.storage) {
navigator.storage.estimate().then(function(est) {
var usage = est.usage || 0;
var quota = est.quota || 0;
var percent = (usage / quota) * 100;
var usageMB = usage / 1024 / 1024;
var quotaMB = quota / 1024 / 1024;
abnormalInfo.push("总存储使用量: " + usageMB.toFixed(2) + "MB");
abnormalInfo.push("总存储配额: " + quotaMB.toFixed(2) + "MB");
abnormalInfo.push("使用率: " + percent.toFixed(1) + "%");
var lsSize = 0;
var largeKeys = [];
for (var i = 0; i < localStorage.length; i++) {
var key = localStorage.key(i);
var val = localStorage.getItem(key);
var itemSize = (key.length + (val ? val.length : 0)) * 2;
lsSize += itemSize;
if (itemSize > 1024 * 100) {
largeKeys.push({key: key, size: (itemSize/1024).toFixed(1) + "KB"});
}
}
var lsMB = lsSize / 1024 / 1024;
abnormalInfo.push("localStorage使用量: " + lsMB.toFixed(2) + "MB");
if (largeKeys.length > 0) {
abnormalInfo.push("大容量存储项: " + largeKeys.map(function(k) { return k.key + "(" + k.size + ")"; }).join(", "));
}
var locationStr = "【检测时间】" + timestamp + "\n【当前页面】" + window.location.hostname + window.location.pathname + "\n" + (abnormalInfo.length > 0 ? "【异常详情】" + abnormalInfo.join("\n ") : "");
if (percent > 80 || lsMB > 5) {
addResult("存储异常检测", "勒索软件", "suspicious",
"存储空间使用率异常,勒索软件常大量写入加密文件",
"使用率:" + percent.toFixed(1) + "%, localStorage:" + lsMB.toFixed(2) + "MB",
"1.清理浏览器缓存\n2.检查是否有不明数据\n3.清除网站数据",
standard, locationStr);
} else {
addResult("存储异常检测", "通用", "safe", "存储空间正常", "使用率:" + percent.toFixed(1) + "%", "无需处理", standard, "无异常");
}
if (callback) callback();
}).catch(function() { if (callback) callback(); });
} else {
addResult("存储异常检测", "通用", "info", "无法获取存储信息", "不支持Storage API", "请手动检查存储空间", standard, "检测时间: " + timestamp + " | 浏览器不支持Storage API");
if (callback) callback();
}
}
// 10. 网络钓鱼检测
function checkPhishingFeatures(callback) {
var standard = "检测标准: 钓鱼关键词、URL长度>200、可疑子域名";
var pageText = document.body.innerText.toLowerCase();
var phishKeywords = ['verify your account', 'confirm your identity', 'account suspended',
'unusual activity', 'security alert', 'update your payment', 'login required'];
var found = [];
var abnormalInfo = [];
var timestamp = getCurrentTimestamp();
var currentUrl = window.location.href;
var hostname = window.location.hostname;
var subdomainCount = hostname.split('.').length;
for (var i = 0; i < phishKeywords.length; i++) {
if (pageText.indexOf(phishKeywords[i]) !== -1) {
found.push(phishKeywords[i]);
abnormalInfo.push("钓鱼关键词: " + phishKeywords[i]);
}
}
var urlLength = currentUrl.length;
if (urlLength > 200) {
abnormalInfo.push("URL长度异常: " + urlLength + "字符 (正常<200)");
}
abnormalInfo.push("URL长度: " + urlLength);
abnormalInfo.push("域名: " + hostname);
abnormalInfo.push("子域名层级: " + subdomainCount);
var suspiciousUrlPatterns = ['login', 'signin', 'verify', 'secure', 'update', 'confirm', 'authenticate'];
var matchedPatterns = [];
for (var i = 0; i < suspiciousUrlPatterns.length; i++) {
if (currentUrl.toLowerCase().indexOf(suspiciousUrlPatterns[i]) !== -1) {
matchedPatterns.push(suspiciousUrlPatterns[i]);
}
}
if (matchedPatterns.length > 0) {
abnormalInfo.push("URL匹配可疑模式: " + matchedPatterns.join(", "));
}
var phishingDomains = ['secure-', 'verify-', 'login-', 'account-', 'signin-'];
var matchedPhishDomain = [];
for (var i = 0; i < phishingDomains.length; i++) {
if (hostname.indexOf(phishingDomains[i]) !== -1) {
matchedPhishDomain.push(phishingDomains[i]);
}
}
if (matchedPhishDomain.length > 0) {
abnormalInfo.push("域名包含可疑前缀: " + matchedPhishDomain.join(", "));
}
var locationStr = "【检测时间】" + timestamp + "\n【当前页面】" + hostname + window.location.pathname + "\n" + (abnormalInfo.length > 0 ? "【异常详情】" + abnormalInfo.join("\n ") : "");
if (found.length > 0) {
addResult("网络钓鱼检测", "钓鱼网站", "suspicious",
"页面包含钓鱼关键词,可能是钓鱼网站",
"匹配:" + found.slice(0,2).join(','),
"1.确认网站域名是否正确\n2.检查SSL证书\n3.不要输入敏感信息\n4.立即关闭页面",
standard, locationStr);
} else if ((urlLength > 200 && matchedPatterns.length > 0) || matchedPhishDomain.length > 0) {
addResult("网络钓鱼检测", "钓鱼网站", "info",
"URL结构异常,请注意甄别是否为钓鱼网站",
"URL长度:" + urlLength + ", 子域名数:" + subdomainCount,
"确认网站来源是否可信,避免输入敏感信息",
standard, locationStr);
} else {
addResult("网络钓鱼检测", "钓鱼网站", "safe", "未发现钓鱼特征", "无钓鱼关键词", "无需处理", standard, "无异常");
}
if (callback) callback();
}
// 执行所有检测(串行)
var steps = [
checkWormFeatures,
checkTrojanFeatures,
checkSpywareFeatures,
checkRogueSoftware,
checkMinerFeatures,
checkBackdoorFeatures,
checkBotnetFeatures,
checkRansomwareFeatures,
checkStorageAnomaly,
checkPhishingFeatures
];
var idx = 0;
function runNext() {
if (idx >= steps.length) {
chrome.runtime.sendMessage({ type: 'detectionResult', data: detectionResults });
return;
}
steps[idx++](runNext);
}
runNext();
})();
}manifest.json
javascript
{
"manifest_version": 3,
"name": "恶意软件症状检测工具",
"version": "1.1",
"description": "检测当前浏览页面的恶意软件症状(挖矿、后门、钓鱼等)",
"permissions": ["activeTab", "scripting"],
"action": {
"default_title": "检测当前页面",
"default_popup": "popup.html",
"default_icon": {
"16": "icon.png",
"48": "icon.png",
"128": "icon.png"
}
},
"icons": {
"16": "icon.png",
"48": "icon.png",
"128": "icon.png"
}
}popup.html
html
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<style>
body {
font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
background: #1a1a2e;
color: #eee;
width: 520px;
max-height: 600px;
overflow-y: auto;
padding: 12px;
margin: 0;
}
h2 {
font-size: 1.2rem;
margin: 0 0 10px 0;
color: #00d4ff;
text-align: center;
}
.status {
text-align: center;
padding: 20px;
color: #aaa;
}
.loading {
display: inline-block;
width: 20px;
height: 20px;
border: 2px solid #fff;
border-radius: 50%;
border-top-color: transparent;
animation: spin 1s linear infinite;
vertical-align: middle;
margin-right: 8px;
}
@keyframes spin {
to { transform: rotate(360deg); }
}
.result-item {
background: rgba(255,255,255,0.1);
border-radius: 8px;
padding: 8px;
margin-bottom: 8px;
}
.result-title {
font-weight: bold;
margin-bottom: 4px;
}
.safe { color: #4caf50; }
.suspicious { color: #f44336; }
.info { color: #2196f3; }
.detail {
font-size: 0.75rem;
color: #aaa;
margin-top: 4px;
}
hr {
border-color: #333;
margin: 8px 0;
}
.footer {
font-size: 0.7rem;
text-align: center;
color: #666;
margin-top: 12px;
}
button {
background: #00d4ff;
color: #1a1a2e;
border: none;
padding: 6px 12px;
border-radius: 20px;
cursor: pointer;
margin-top: 8px;
width: 100%;
}
.tab-url {
font-size: 0.7rem;
color: #888;
text-align: center;
margin-bottom: 10px;
word-break: break-all;
}
</style>
</head>
<body>
<h2>🛡️ 当前页面安全检测</h2>
<div id="content">
<div class="status">
<span class="loading"></span> 正在检测当前页面,请稍候...
</div>
</div>
<div class="footer">检测结果仅供参考,建议结合专业安全软件使用。</div>
<script src="popup.js"></script>
</body>
</html>icon.png 128*128
略