Post Reply 
Document.write parsing
Oct. 14, 2008, 07:24 PM
Post: #1
Document.write parsing
I'm pretending to parse document.write before filtering with proxomitron, and i saw in the features, bfilter has a built-in javascript engine.

Could Bfilter parse document write taking the browser properties?

Thanks in advance Wink
Add Thank You Quote this message in a reply
Oct. 14, 2008, 07:40 PM
Post: #2
RE: Document.write parsing
I am not sure what you mean by "taking the browser properties".
Do you mean this:
Code:
if (<check for IE>) {
    document.write('Something for IE');
} else {
    document.write('Something for other browsers');
}
If you mean that, then BFilter always pretends to be a specific version of Firefox, even if you access it with a different browser. The User-Agent string will be forwarded as is though. Usually this behavior doesn't cause problems.
Add Thank You Quote this message in a reply
Oct. 14, 2008, 08:01 PM
Post: #3
RE: Document.write parsing
I mean i would like to have another local proxy before proxomitron.
I use Firefox 3.0.3 and i would like have parsed the document.write, so by proxomitron only would pass "Something for other browsers".

This would be really helpfull to filter many thinks wich are "encrypted" under document.writes. Because of scripts, many filters are bypassed...

Would be: Internet-javascript parser-proxomitron-browser
Add Thank You Quote this message in a reply
Oct. 14, 2008, 08:13 PM
Post: #4
RE: Document.write parsing
Well, in the example I gave that's exactly what would happen. If it checked specifically for Firefox, then it would generate something specifically for Firefox, even if you in fact view the site with IE, which is not good. Ideally, bfilter should pretend to be the same browser that accesses the page. Getting the 100% correct behavior is not possible, because bfilter would have to provide more details about the browser, than what the browser reports to it. That's because more details are available through JavaScript than through the User-Agent header. Just switching between IE/FF/others with hard-coded details would be possible to achieve, but I don't think it's worth it.
Add Thank You Quote this message in a reply
Oct. 14, 2008, 08:15 PM (This post was last modified: Oct. 14, 2008 08:35 PM by lnminente.)
Post: #5
RE: Document.write parsing
Also i mean preventing things like this:

document.write('<div id="spalace_pes_start" style="visibility:hidden;display:none;">0</div>');
document.write('<div id="spalace_pes_small" style="position:absolute;width:'+ spalace_pes.small_width +'px;height:'+ spalace_pes.small_height +'px;z-index:9999;right:0px;top:0px;">');
document.write('<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"');
document.write(' codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0"');
document.write(' id="jcornerSmallObject" width="'+spalace_pes.small_width+'" height="'+spalace_pes.small_height+'">');
document.write(' <param name="allowScriptAccess" value="always"/> ');
document.write(' <param name="movie" value="'+ spalace_pes.small_url +'?'+ spalace_pes.small_params +'"/>');
document.write(' <param name="wmode" value="transparent" />');
document.write(' <param name="quality" value="high" /> ');
document.write(' <param name="FlashVars" value="'+spalace_pes.small_params+'"/>');
document.write('<embed src="'+ spalace_pes.small_url + '?' + spalace_pes.small_params +'" name="jcornerSmallObject" wmode="transparent" quality="high" width="'+ spalace_pes.small_width +'" height="'+ spalace_pes.small_height +'" flashvars="'+ spalace_pes.small_params +'" allowscriptaccess="always" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer"></embed>');
document.write('</object></div>');
document.write('</script>');
document.write('<div id="spalace_pes_big" style="position:absolute;width:'+ spalace_pes.big_width +'px;height:'+ spalace_pes.big_height +'px;z-index:9999;right:0px;top:0px;">');
document.write('<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"');
document.write(' codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0"');
document.write(' id="jcornerBigObject" width="'+ spalace_pes.big_width +'" height="'+ spalace_pes.big_height +'">');
document.write(' <param name="allowScriptAccess" value="always"/> ');
document.write(' <param name="movie" value="'+ spalace_pes.big_url +'?'+ spalace_pes.big_params +'"/>');
document.write(' <param name="wmode" value="transparent"/>');
document.write(' <param name="quality" value="high" /> ');
document.write(' <param name="FlashVars" value="'+ spalace_pes.big_params +'"/>');
document.write('<embed src="'+ spalace_pes.big_url + '?' + spalace_pes.big_params +'" id="jcornerBigEmbed" name="jcornerBigObject" wmode="transparent" quality="high" width="'+ spalace_pes.big_width +'" height="'+ spalace_pes.big_height +'" flashvars="'+ spalace_pes.big_params +'" swliveconnect="true" allowscriptaccess="always" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer"></embed>');
document.write('</object></div>');


With proxomitron it's not possible repair things like this because the replacement of variables like spalace_pes.big_params ... :/

Really this is what i'm looking for, the unencription of these constructions...
Sorry i didn't tell you before. That's the link where is this code
http://www.probabilidades.net/pes/pes.ph...&profile=0

Loaded by http://www.mocosoft.com/principal.htm

I know in this example I could kill offsite scripts... but not in other situations.
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: