Obscured code on web pages

[Siamesecat]

Is there any way to filter code to prevent source code from being scrambled on a web page? An example is:
http://www.popupcheck.com/freescan/popup...andard.asp
The code in the Javascript which makes up most of the code for the page is unreadable, and I would like to understand what it is doing.

[Kye-U]

You want to remove the code or to decrypt it?

It'll be pretty hard to decrypt

[Siamesecat]

Quote:You want to remove the code or to decrypt it?

I want to prevent it from being encrypted.

[Oddysey]

Siamesecat;

Siamesecat Wrote:

Kye-U Wrote:You want to remove the code or to decrypt it?

I want to prevent it from being encrypted.

Holy smokes, pal, you don't mess around, do ya?

Can't be done on your end, meaning it's too late. It was encrypted by the programmer/author/developer/whatever they're called these days. He/she then uploaded it to the server that way. From that point on, it's up to your browser to de-crypt or unscramble it.

As Fearless Leader points out, it'd be a b1tch to unscramble it with Proxo. I'd like to think that it could be done, but at what price.

Is this more to the point of 'you want to learn what's under the hood', or is there something interfering with your surfing pleasure that you need to filter?


Oddysey

[Kye-U]

Siamesecat, I think they used Encrypt HTML Pro.

http://www.htmlpassword.com/websp/index.html

The program itself does not offer anyway to decrypt encrypted pages

(And I can't find any site/program that does this )

[Siamesecat]

Quote: it's up to your browser to de-crypt or unscramble it.

How does the browser do that? What tells it that there is anything to
decrypt?

Quote:Is this more to the point of 'you want to learn what's under the hood',
or is there something interfering with your surfing pleasure that you
need to filter?

My setup fails that popup test and I want to see the code to find out why.

[sidki3003]

Your browser simply executes the decryption function, which is hidden in the eval(unescape("")) part:

Code:

function RrRrRrRr(teaabb) {var tttmmm="";l=teaabb.length;www=hhhhffff=Math.round(l/2);if(l<2*www)    hhhhffff=hhhhffff-1;for(i=0;i<hhhhffff;i++)tttmmm = tttmmm + teaabb.charAt(i)+ teaabb.charAt(i+hhhhffff);if(l<2*www) tttmmm = tttmmm + teaabb.charAt(l-1);document.write(tttmmm);};

I've mentioned that the other day, but maybe that was too cryptic, so:

Firefox can decode it for you:
click on window
hit CTRL-A
right-click
select "View Selection Source"

In the newly opened window you'll see first the encoded script, and the decoded version right below that.

sidki

[Siamesecat]

Sidki,
Thanks! So all I have to do is select the page content first. Neat trick.

[sidki3003]

Glad to share. Yep, that's a nice one.

[Oddysey]

sidki;

What happens when you land on a page that incorporates code to prevent a right click?


Oddysey

[nxIsle]

With Mozilla browsers at least, you can prevent js from disabling the right-click menu (in Mozilla, Edit > Preferences > Advanced > Scripts n Plugins : Allow scripts to: checkbox: Disable or replace context menus). I thought there was a Proxo filter for that ... could be wrong, though. I don't see it ... .

Or have I missed something?

[Siamesecat]

Scott's default.cfg file had such a filter. I don't know if it covered all possibilities, however. There is an extension for Firefox called "Allow Right-Click", and there is also a bookmarklet for that.

[nxIsle]

Siamesecat Wrote:Scott's default.cfg file had such a filter.

And here it is:

Code:

Name = "Allow right mouse click"
Active = TRUE
Limit = 256
Match = ".(onmousedown=|captureEvents\()\1"
Replace = ".PrxOff_\1"

I think the only time I remember the normal right-click being disabled was when I had inadvertently allowed flash, and, in a "WTF" moment, tried to right-click to see, well, WTF was going on. This is using some flavour of Mozilla, mostly the Suite, set to always allow right-click, and either Scott's configs, or JD's Advanced.cfg ... though looking through the latter, I don't see such a filter.

[sidki3003]

And then there is this great routine by Paul Rupe:

Code:

function PrxClearEvent(a) {
  if (!a) {
    return;
  }
  a.onmousedown = null;
  a.onmousemove = null;
  a.onmouseup   = null;
  a.onkeydown = null;
  a.onkeypress = null;
  a.onkeyup = null;
  a.oncontextmenu = null;
  // lots of other event handlers would go here
}

PrxClearEvent(document);
PrxClearEvent(document.body);
PrxClearEvent(window);

sidki

[Oddysey]

nsIsle;

I've got that particular "Allow Right Click" filter up and running, and unless I purposely run a page with it diabled (read that as 'never'), then I'd never know that my filter was put to work- I simply got what I expected, and don't really care if the page's author attempted to keep me from that. (And no, I don't really care to run debug or the log window just to see. I'm not that curious. )

Just the same, it's nice to know that some browser writers are taking up the challenge, and fixing it so that the user continues to have control over what he can see (or hide, whatever), and not let bogus 'authors' (you know who they are, they're the Front Page and GoLive users who crow that they have a website) thwart those efforts.

sidki;

Nice filter by P.R., thanks for bringing it up. I'm installing it now, and disabling Scott's. I think I remember seeing a page a few nights ago that twigged me, so I'll report back in a few moments the results.


Oddysey