dcsimg
www.webdeveloper.com
Page 1 of 2 12 LastLast
Results 1 to 15 of 24

Thread: Hackers Wanted

  1. #1
    Join Date
    Nov 2002
    Location
    Nashua, NH
    Posts
    3,195

    Hackers Wanted

    Disclaimer: I know that you can not protect anything that is delivered to the client, so spare the bandwidth and do not remind me about it.

    That said, I'm doing a little research per my client request and can use some help. I was asked to investigate a possibility of delivering JS file to a client so that the content of that file could not be accessed by means other than in-browser tools such as DOM Inspector and network traffic monitoring.

    This is a test page which I believe covers the following common approaches:
    - direct access via URL
    - saving the complete page
    - examining cache

    Anyone is up for a challenge of breaking my defenses?
    Vladdy

    Working web site is not the one that looks the same in a few graphical browsers, but the one that adequately delivers its content to any device accessing it.

  2. #2
    Join Date
    Feb 2005
    Posts
    61
    Not sure what your after but if your on about this, your js file, then you need to do a little more work.

    Code:
    function jsfr()
      { this.server = 'jsfs.php';
        this.loadList = [
    	  {file:'myfile.js',onload:function(){isloaded(); return false;}}
    	  ];
        this.load = function(fn,hp,rid)
    ....
    Anything is possible, how much it will cost is another matter...

  3. #3
    Join Date
    Nov 2002
    Location
    Nashua, NH
    Posts
    3,195
    You would be right if you could point out the code that generates the content of the second paragraph on the test page.
    Vladdy

    Working web site is not the one that looks the same in a few graphical browsers, but the one that adequately delivers its content to any device accessing it.

  4. #4
    Join Date
    May 2005
    Posts
    17
    <p id="jscontent">...</p> ??? o_O

  5. #5
    Join Date
    Feb 2005
    Posts
    61
    I take it that below the first paragraph, something is suposed to be displayed?

    http://img93.echo.cx/img93/7108/stealth11ga.th.gif

    does not seem to be showing up.

    Will have to try again when my node is not so choked, well as its 2am and I have to be up early the morrow or today I should say, will drop in and see if any improvement...
    Anything is possible, how much it will cost is another matter...

  6. #6
    Join Date
    Nov 2002
    Location
    Nashua, NH
    Posts
    3,195
    Forgot to mention, you need to enable the cookies.
    Vladdy

    Working web site is not the one that looks the same in a few graphical browsers, but the one that adequately delivers its content to any device accessing it.

  7. #7
    Join Date
    Jan 2005
    Location
    San Diego, CA
    Posts
    4,887
    First of all, I must applaud you for such a hard to grab source script.

    I saved the page and saw the following in the jsfr.js JS file:
    Code:
    function jsfr()
      { this.server = 'jsfs.php';
        this.loadList = [
    	  {file:'myfile.js',onload:function(){isloaded(); return false;}}
    	  ];
        this.load = function(fn,hp,rid)
    	  { var scr = document.createElement('script');
    	    scr.src = this.server + "?src=" + fn + "&rid=" + rid;
    		scr.type = "text/javascript";
    		this[hp+rid] = document.getElementsByTagName('head')[0].appendChild(scr);
    	  };
    	this.delayedClearHandle = function(handle)
    	  { setTimeout("document.getElementsByTagName('head')[0].removeChild(jsfri['"+handle+"']);",4000);
    	  }
    	this.execonload = function(fn)
    	  { for(var i=0; i<this.loadList.length; i++)
    	      { if(this.loadList[i].file == fn)
    		      { this.loadList[i].onload();
    			    return;
    			  }
    		  }
    	  
    	  }
        for(var i=0; i<this.loadList.length; i++) this.load(this.loadList[i].file,'oh',(new Date()).valueOf());
    	 	
      }
      
    jsfri = new jsfr();
    However, that isn't even close to the security that this thing uses.
    It opens-up a new SCRIPT file based on the time:
    Code:
    <SCRIPT src="jsfs.php?src=myfile.js&amp;rid=1116213118609" type=text/javascript></SCRIPT>
    Where the rid is equal to new Date().getTime() each time it's run
    I read document.cookie from the page at the time I was viewing it and it spilled out:
    PHPSESSID=a803d576270ae7b7b384006eb4a414d0
    That cookie got there from that "hidden" script.
    I don't have too much more time to work on it today but I'll have free time tomorrow to crack it

  8. #8
    Join Date
    Jan 2005
    Location
    San Diego, CA
    Posts
    4,887
    I looked at document.cookie a second time after refreshing the page and it also returned:
    PHPSESSID=a803d576270ae7b7384006eb4a414d0

  9. #9
    Join Date
    Dec 2002
    Location
    Manchester, UK
    Posts
    6,277
    If you paste this into the address bar immediately before the page has finished loading you get taken to the file:
    Code:
    javascript:location.href = document.getElementsByTagName("script")[1].src
    Code:
    /* This is a Javascript file that is loaded stealthily.
       If you get this source, you did a good job breaking defences */
       
    function isloaded()
      { document.getElementById('jscontent').firstChild.nodeValue = 'This paragraph is generated by the stealthily loaded javascript code. Try and get the content of that file.';
      }
    jsfri.execonload('myfile.js');/**/
    Too early and you'll see this:
    Code:
    jsfri.delayedClearHandle('cf1116218409359');/**/
    Too late and you'll just get /**/.
    Every fight is a food fight when you’re a cannibal.

  10. #10
    Join Date
    Jan 2005
    Location
    San Diego, CA
    Posts
    4,887
    Good job! I cannot believe that I didn't try that or
    Code:
    javascript:alert(isloaded)
    at the least
    How could I miss that after!?:
    function(){isloaded(); return false;}

  11. #11
    Join Date
    Feb 2005
    Posts
    61
    Quote Originally Posted by Vladdy
    Forgot to mention, you need to enable the cookies.
    yup, cookies are enabled.

    Grabbing the inital js file was childs play and the html page too, I got around the issue without having to look into the browser cache and used a non browser method to capture both items.

    As for the cookie mystery, I allow all cookies and IM scratching my head on that one as I never have a problem with web sites that insist on the use of cookies.
    Anything is possible, how much it will cost is another matter...

  12. #12
    Join Date
    Aug 2004
    Location
    Derby, England
    Posts
    297
    I don't know if this is relevant, but some of the Javascript advisers on microsoft.public.scripting.jscript advised me of the following:-

    it will capture all currently inserted script to the clipboard, if you put this in the address bar.


    javascript:window.clipboardDat**a.setData('text',document.documentElement.outerHTML);void%*200

  13. #13
    Join Date
    Aug 2004
    Location
    Derby, England
    Posts
    297
    Sorry, ignore the *'s

  14. #14
    Join Date
    Jun 2003
    Location
    here
    Posts
    4,551
    IE only I think. It looks most unusual.

    oh and I wrote a script using as sessions and a quick include&redirect code. it still required cookies, but the codewas got almost imediatly. It's best not to bother too much...
    If you are using PHP please use the [PHP] and [/PHP] forum tags for highlighting...
    The same applies to HTML and the forums [HTML][/HTML] tags.

  15. #15
    Join Date
    Nov 2002
    Location
    Nashua, NH
    Posts
    3,195
    David gets the prize.
    Vladdy

    Working web site is not the one that looks the same in a few graphical browsers, but the one that adequately delivers its content to any device accessing it.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center