Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Javascript > Decoding html pages

Reply
Thread Tools

Decoding html pages

 
 
Spamless
Guest
Posts: n/a
 
      10-27-2008
On 2008-10-27, Conrad Lender <(E-Mail Removed)> wrote:
> On 2008-10-27 02:20, Spamless wrote:
>> Rats. Firebug makes it easy to search the cache for the original
>> download of the script.

>
> Why are you still trying to make this work? You're trying to trick the
> GUI of an add-on in one particular browser. And you *know* that anybody
> with a rudimentary understanding of the web can just pick the file
> contents from the HTTP stream (you mentioned packet sniffers yourself).


I wanted to know just how far one could push fooling firebug (since
others seem to rely heavily on it) and *if* it could be fooled
completely and if not, what to watch out for - which tools *can*
be fooled and which can't, and why.

> Some things just can't be done.


But why can't it be done. I am a mathematician and need proofs.

> There's no shame in admitting defeat against the impossible. I've only
> ever found _one_ reliable way to keep people from copying scripts: write
> crappy scripts


It is a trick. It makes it difficult for the unwary even to realize that
something has happened (that there *was* code on a page when the "live"
panels in firebug, HTML and DOM, no longer show it - if you forget to
check the cache via the SCRIPT panel you may miss something).

It's just a trick. You and I can get around it. I just want to know
enough of what can be done so that, if I come across it (and I have
come across exploit pages which remove Javascript) I will recognize
it and not be fooled. Don't rely on the HTML and DOM view in firebug
which are live and be fooled by removing data from a page (and avoiding
leaving global Javascript variables and non-anonymous functions around
which the DOM view can show).

Until I was sure how the SCRIPT panel in firebug works (it seems
to be a cache access tool - and the file WILL BE in cache) I didn't
*know* for a fact whether or not firebug could be completely fooled.
As data is in the cache, and firebug has a tool to search and
access that, that tool cannot be fooled. The live tools can.

By the way, did you realize that SCRIPT seems to be a cache access
tool and why about:cache in firefox and clicking on an item there
may not show the cached data? It sends a request to the original
source only asking for a more recent value (an "If-Modified-Since:"
header). It may return newer, not cached data. That may not be a
reliable way to check cached data (onless one is offline to force
a cached value to be used?).

A litle detail - but I like to know how things work in depth.

Ah, heck ... this is a Javascript forum. The original question was
just about deobfuscating some (simply) obfuscated code. That led
to a reference to a google page and the poster did not know how
the Javascript there worked - but it was a PHP blocker. That led
to the question of how to find things on a page. That led to using
firebug. That led to questions as to what it shows and can one
fool (at least parts of) it.
 
Reply With Quote
 
 
 
 
Gregor Kofler
Guest
Posts: n/a
 
      10-27-2008
Spamless meinte:

>> Some things just can't be done.

>
> But why can't it be done. I am a mathematician and need proofs.


You're a mathematician? Then you know what an axiom is.

Gregor
 
Reply With Quote
 
 
 
 
Spamless
Guest
Posts: n/a
 
      10-27-2008
On 2008-10-27, Conrad Lender <(E-Mail Removed)> wrote:
> On 2008-10-27 09:41, Spamless wrote:


>> By the way, did you realize that SCRIPT seems to be a cache access
>> tool and why about:cache in firefox and clicking on an item there
>> may not show the cached data? It sends a request to the original
>> source only asking for a more recent value (an "If-Modified-Since:"
>> header). It may return newer, not cached data.


Checking at mozilla/firefox all the information on browsing the cache
seems to be "use about:cache" (no mention of forcing it NOT to load
material with Work Offline).

> Same thing happens with "view source". It will (sometimes) send a new
> request, but *without* the cookies, and instead of the source of the
> page you're interested in, you'll see the source of the login form :-/
> Firebug is one way to work around that.


Or, in firefox, FILE|WORK_OFFLINE?

(and I remember one spammer who put up a new site and did not set
*.php files to be run through the PHP engine - so accessing the
index.php file showed its source and inclusions of other *.php
files which showed ...)
 
Reply With Quote
 
David Mark
Guest
Posts: n/a
 
      10-28-2008
On Oct 26, 7:37*pm, Spamless <(E-Mail Removed)> wrote:
> On 2008-10-26, David Mark <(E-Mail Removed)> wrote:
>
>
>
> >> and reloading the page removes
> >> =A0 <script src=3Dgo.js></script>
> >> from the DOM (as one can see by using the DOM tool
> >> (TOOLS|DOM_INSPECTOR).

>
> > You don't even have a glimpse of a clue here. *Go back and re-read the
> > previous posts in this thread (excluding the ones you wrote.)

>
> I don't have a glimpse of a clue there? It is not removed?


By "there" I mean any subject with even a remote connection to browser
scripting, debugging, browsers in general, Firefox specifically, etc.

Your misconceptions have been described repeatedly in this thread. Re-
read it from the start. Then realize that if you don't want people to
see your script, you shouldn't post it on a public Web server. End of
story.

> Oh, but it is removed from the HTML. The use of local variables


Best of luck hiding your script. It must be really good to go to all
of this trouble.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
C++ HTMl Encoding/Decoding Library tushar.saxena@gmail.com C++ 5 12-05-2007 12:12 AM
HTML Decoding Uriah Piddle ASP .Net 2 01-08-2007 03:22 PM
decoding html in java IgorD Java 2 01-20-2006 09:27 PM
valide html - Encoding/Decoding rabby Python 2 12-20-2005 07:30 AM
decoding html ulrice jardin Python 1 07-22-2005 05:20 PM



Advertisments