Re: Decoding html pages

On 2008-10-25, Gregor Kofler <usenet@xxxxxxxxxxxxxxx> wrote:
Spamless meinte:

With an HTML page,

<html><head></head><body onload="goaway()">
<script src=go.js></script>
All gone!
</body></html>

function goaway() {
alert("Be GONE!");
togo=document.body.childNodes[1];
document.body.removeChild(togo);
}

Actually, opening firebug FIRST and loading the page
apparently shows the code (while the alert box is on
screen and before the javascript section is removed from
the page) (the plus sign next to the body tag is there
for me to expand to show the code - if I could, but the
alert box is modal and I can't expand it to see the code
until I close the alert box) but as soon as I close the
alert box, the plus sign indicating that I can get to
the javascript code disappears and the code is not
available. Perhaps you get a different result and firebug
does show you the javascript for the alert box for
the second version of go.js.

Have a breakpoint at the first line of goaway() and reload the page. Doh!

Ahem ... if this is on a remote server where you cannot modify the script
then it seems to vanish. Of course, one could find the script name, not in
firebug, but using View|Page_Source and go get the script go.js directly,
unless something like the code at
http://code.google.com/p/turbojs/wiki/ClosedSourceJS
is used to force you to get the including page in order to get the actual
script ... or check your browser's cache for the script and modify it
to pause or stop before removing itself. If you have the script and want to
examine it, however, you could just load it into notepad instead of loading
the page after modifying the script so it would be seen in firebug after
loading the page which includes it. Of course, if the script is obfuscated
and you don't notice that when loaded it checks the current URL and if it is
a "file:" protocol (used for local pages) redirects to about:_blank (that
has been done) you may wonder why the local copy does not work though you
could set up a local web server and access that at 127.0.0.1 (locally) so
you can use an http: protocol through the local web server or ...

Nothing can prevent your access to code that your browser gets (after all, it
gets it - I usually use tcpdump, a packet capture, and tcpflow to extract
the data from the TCP streams rather than later check my cache [I use linux]
but a port, windump I think, is available - open source/free) but various
tricks can be used to limit it or misdirect you if you are unaware of them.

They are tricks and if you know their secrets, they can be gotten around.
Blocking access except when loading a certain page, removing references and
code from a page, blocking the use of local copies - they are all just
tricks and the original question (well, after the decoding of the original
encoded page that started it all - the question as to what the
ClosedSourceJS material at google did and how it worked) just pointed to
another trick that can be used (and of which one should be aware if one is
getting script which doesn't appear to be what it should be).
.

Relevant Pages

  • Re: JSON without AJAX
    ... - "loading scripts" after the document was loaded is still unreliable. ... this script is perfectly reliable. ... unreliablity of dynamically loading any kind of content ... They are an invention based on a glue invented some 80 years ...
    (comp.lang.javascript)
  • Re: server response slowing down
    ... I cannot think of any valid reason why the database or your script gets slow ... "Erwin Moller" ... the server response gets gradually slower, to the point where the page ... takes about 30 secs to start loading after about 18 questions. ...
    (comp.lang.php)
  • Re: questions about form action= and onsubmit() handling
    ... I think IE and Firefox get ... With Firebug, ... I don't know what kind of processing and validating your script does... ... from the submit handler alone. ...
    (comp.lang.javascript)
  • Error accessing frames in Internet Explorer
    ... I use a script similar to the following: ... ' Find the link within the frame which we want to follow ... WScript.echo "Loading Common Business page" ... Do While (deskTopReady "complete") ...
    (microsoft.public.scripting.wsh)
  • Re: looking for a short IF statement example.
    ... this works and the alert box shows, i have also added this alertlike ... the rest of the script works ok. ... >>> Steve Easton ... >>> Microsoft MVP FrontPage ...
    (microsoft.public.frontpage.programming)