The Un-Official Proxomitron Forum

The Un-Official Proxomitron Forum > BFilter Project > Filters > Document.write parsing
Full Version: Document.write parsing
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

lnminente

Oct. 14, 2008, 07:24 PM
I'm pretending to parse document.write before filtering with proxomitron, and i saw in the features, bfilter has a built-in javascript engine.

Could Bfilter parse document write taking the browser properties?

Thanks in advance Wink

jart

Oct. 14, 2008, 07:40 PM
I am not sure what you mean by "taking the browser properties".
Do you mean this:
Code:
if (<check for IE>) {
    document.write('Something for IE');
} else {
    document.write('Something for other browsers');
}
If you mean that, then BFilter always pretends to be a specific version of Firefox, even if you access it with a different browser. The User-Agent string will be forwarded as is though. Usually this behavior doesn't cause problems.

lnminente

Oct. 14, 2008, 08:01 PM
I mean i would like to have another local proxy before proxomitron.
I use Firefox 3.0.3 and i would like have parsed the document.write, so by proxomitron only would pass "Something for other browsers".

This would be really helpfull to filter many thinks wich are "encrypted" under document.writes. Because of scripts, many filters are bypassed...

Would be: Internet-javascript parser-proxomitron-browser

jart

Oct. 14, 2008, 08:13 PM
Well, in the example I gave that's exactly what would happen. If it checked specifically for Firefox, then it would generate something specifically for Firefox, even if you in fact view the site with IE, which is not good. Ideally, bfilter should pretend to be the same browser that accesses the page. Getting the 100% correct behavior is not possible, because bfilter would have to provide more details about the browser, than what the browser reports to it. That's because more details are available through JavaScript than through the User-Agent header. Just switching between IE/FF/others with hard-coded details would be possible to achieve, but I don't think it's worth it.

lnminente

Oct. 14, 2008, 08:15 PM
Also i mean preventing things like this:

document.write('<div id="spalace_pes_start" style="visibility:hidden;display:none;">0</div>');
document.write('<div id="spalace_pes_small" style="position:absolute;width:'+ spalace_pes.small_width +'px;height:'+ spalace_pes.small_height +'px;z-index:9999;right:0px;top:0px;">');
document.write('<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"');
document.write(' codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0"');
document.write(' id="jcornerSmallObject" width="'+spalace_pes.small_width+'" height="'+spalace_pes.small_height+'">');
document.write(' <param name="allowScriptAccess" value="always"/> ');
document.write(' <param name="movie" value="'+ spalace_pes.small_url +'?'+ spalace_pes.small_params +'"/>');
document.write(' <param name="wmode" value="transparent" />');
document.write(' <param name="quality" value="high" /> ');
document.write(' <param name="FlashVars" value="'+spalace_pes.small_params+'"/>');
document.write('<embed src="'+ spalace_pes.small_url + '?' + spalace_pes.small_params +'" name="jcornerSmallObject" wmode="transparent" quality="high" width="'+ spalace_pes.small_width +'" height="'+ spalace_pes.small_height +'" flashvars="'+ spalace_pes.small_params +'" allowscriptaccess="always" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer"></embed>');
document.write('</object></div>');
document.write('</script>');
document.write('<div id="spalace_pes_big" style="position:absolute;width:'+ spalace_pes.big_width +'px;height:'+ spalace_pes.big_height +'px;z-index:9999;right:0px;top:0px;">');
document.write('<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"');
document.write(' codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0"');
document.write(' id="jcornerBigObject" width="'+ spalace_pes.big_width +'" height="'+ spalace_pes.big_height +'">');
document.write(' <param name="allowScriptAccess" value="always"/> ');
document.write(' <param name="movie" value="'+ spalace_pes.big_url +'?'+ spalace_pes.big_params +'"/>');
document.write(' <param name="wmode" value="transparent"/>');
document.write(' <param name="quality" value="high" /> ');
document.write(' <param name="FlashVars" value="'+ spalace_pes.big_params +'"/>');
document.write('<embed src="'+ spalace_pes.big_url + '?' + spalace_pes.big_params +'" id="jcornerBigEmbed" name="jcornerBigObject" wmode="transparent" quality="high" width="'+ spalace_pes.big_width +'" height="'+ spalace_pes.big_height +'" flashvars="'+ spalace_pes.big_params +'" swliveconnect="true" allowscriptaccess="always" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer"></embed>');
document.write('</object></div>');


With proxomitron it's not possible repair things like this because the replacement of variables like spalace_pes.big_params ... :/

Really this is what i'm looking for, the unencription of these constructions...
Sorry i didn't tell you before. That's the link where is this code
http://www.probabilidades.net/pes/pes.ph...&profile=0

Loaded by http://www.mocosoft.com/principal.htm

I know in this example I could kill offsite scripts... but not in other situations.
The Un-Official Proxomitron Forum > BFilter Project > Filters > Document.write parsing
Reference URL's