www.webdeveloper.com
Results 1 to 14 of 14

Thread: Fun with Hiding Code!

  1. #1
    Join Date
    Sep 2004
    Location
    At the corner of WALK and DONT WALK
    Posts
    1,741

    Talking Fun with Hiding Code!

    The following is an actual tutorial that I found on another forum, and I'm working out a rebuttal. I could use your help picking this idea apart.

    i dont no if this is already in here so delete it if it is,

    this will show you how to block your document source using -

    html
    frames
    javascript

    remember there are ways around it,

    ok first make a page called page.html

    HTML Code:
    <html>
    
    <head>
    <title>Title</title>
    </head>
    
    <frameset rows="1,*" frameborder="0" framespacing="0">
    <frame src="about:blank" name="frame2" noresize>
    <frame src="realpage.html" name="frame1" noresize>
    </frameset>
    
    <body>
    </body>
    
    </html>
    this makes it so if the user clicks 'View Source' or 'Document Source' etc, they will see frame code

    now make the file named realpage.html (this is the file they will be viewing, it must contain the no right click script):

    HTML Code:
    <html>
    
    <head>
    <script language="JavaScript1.2" type="text/javascript">
    // This script and others available free at http://www.lissaexplains.com
    if (window.Event)
      document.captureEvents(Event.MOUSEUP);
    
    function nocontextmenu() {
      event.cancelBubble = true, event.returnValue = false;
    
      return false;
    } 
    
    function norightclick(e) {
      if (window.Event) {
        if (e.which == 2 || e.which == 3) return false;
      }
      else if (event.button == 2 || event.button == 3) {
        event.cancelBubble = true, event.returnValue = false;
        return false;
      }
    }
    
    if (document.layers)
      document.captureEvents(Event.MOUSEDOWN);
    
    document.oncontextmenu = nocontextmenu;
    document.onmousedown = norightclick;
    document.onmouseup = norightclick;
    //--></script>
    </head>
    
    <body onload="if (top == self) { window.location='page.html'; }">
    
    Blah Blah Blah
    
    </body>
    
    </html>
    the

    <body onload="if (top == self) { window.location='page.html'; }">

    will redirect the realpage.html to page.html if there are no frames on the page

    the no right click script will make sure if anyone right clicks in that frame on the page.html page it will block it

    i hope this helps
    Simply viewing the code, I know, will reveal what you want to get to. I've also heard of some javascript command you can type into your address bar to disable the javascript on that page.

    But this guy says he can also do it via PHP. Anyone ever heard of that?

  2. #2
    Join Date
    Jul 2004
    Location
    Canada, eh
    Posts
    784
    You can't do it with php. There might be some sort of trick to prevent the page from being accessed directly (though nothing I can think of), and all the frames and no-right-click scripts in the world won't pretect you from Firefox with javascript disabled and the This Frame->View Source right-click menu.

  3. #3
    Join Date
    Jul 2003
    Location
    New York City
    Posts
    2,771
    He may be referring to redirecting your browser based on referers.

    Look, it's uber simple to circumnavigate any anti-view source method. Because the fact is, if the browser doesn't receive the source then it can't do a damnable thing. If your browser gets the source, so can you the user, because you just downloaded it! Now, there is a very effective way of doing this.

    (If you're on windows, click Start -> Run and type in 'cmd' if you're on Windows XP or 'command' for earlier windows. Basically we want to get the command prompt). Now say we want the source for say, page.html on example.com (example.com/page.html). We type:

    Code:
    telnet example.com 80
    and then our HTTP request
    Code:
    GET /page.html HTTP/1.0
    Hit enter twice. The server sends you the page's contents, and it's plaintext.

    Now I've seen stupider designs, which send an encrypted page and use Javascript to decrypt them. Now there's a very easy way to overcome these. Mozilla Firefox has a tool called "DOM Inspector" in which you can view every current element in the document. For the browser to understand the JS encryption, it has to be decrypted and useable by the browser. The DOM Inspector shows the decrypted document. So, simply on the page you want click Tools -> DOM Inspector Highlight the HTML node, right click, and select "Copy XML". Now paste it wherever you want, this is the source of the document.

    If frames are being used its always simple enough to find the real page.

  4. #4
    Join Date
    Mar 2004
    Posts
    3,081
    You should be fair though. I mean they will not have completely failed in their endeavour to hide the source. Ok, so they might have failed to prevent a human from getting it, but no search engine will ever index them, so that's at least a partial victory for their "security" efforts.
    I'm thuper, thanks for asking.

    It lives! http://www.stephenphilbin.com/ (Well it kinda' does anyway).
    My portable colour selection tool

  5. #5
    Join Date
    Jul 2003
    Location
    New York City
    Posts
    2,771
    Quote Originally Posted by Stephen Philbin
    You should be fair though. I mean they will not have completely failed in their endeavour to hide the source. Ok, so they might have failed to prevent a human from getting it, but no search engine will ever index them, so that's at least a partial victory for their "security" efforts.
    The encrypted ones, yes. I mainly did that because I've seen numerous "companies" selling "HTML Source Encryption". Bogus, each time I find a company, I send them the source code of their demonstration page and call them bogus. I'm doing my part for a free world.

  6. #6
    Join Date
    Mar 2004
    Posts
    3,081
    Why people try to hide what they make is beyond me. It's like a shop setting up and stacking all the shelves, then locking all the windows and doors in case someone tries to come in.

    Goomers.
    I'm thuper, thanks for asking.

    It lives! http://www.stephenphilbin.com/ (Well it kinda' does anyway).
    My portable colour selection tool

  7. #7
    Join Date
    Aug 2004
    Location
    San Antonio, TX
    Posts
    564
    try this: http://www.drpeterjones.com/hidden/hidden.php

    No contest if you own FF, lol
    Last edited by rch10007; 09-27-2005 at 01:59 AM.

  8. #8
    Join Date
    Sep 2004
    Location
    At the corner of WALK and DONT WALK
    Posts
    1,741
    i cant totally block the source its impossible, but i can do this, my thing in the tutorial section gives more protection than just the original no righ click script, but then you can just disable javascript so that wont work, now the average person wont no what to do so that doesnt matter so if they want your source they will get it.... ok besides diisabled javascript you can use a site that fetches HTML, i made one, though i tryied to make it so it wouldnt work , the $_SERVER['PHP_SELF'] would equal the right thing because all php scripts are executed on the server, so therefore that method of checking wether the address was correct wont work
    The latest PM I got from this guy

  9. #9
    Join Date
    Mar 2004
    Posts
    3,081
    The idiot can't even write standard text, let alone code. Unless of course
    i can totally block the source its impossible
    makes sense to everyone else and I'm just thick.
    I'm thuper, thanks for asking.

    It lives! http://www.stephenphilbin.com/ (Well it kinda' does anyway).
    My portable colour selection tool

  10. #10
    Join Date
    Aug 2004
    Location
    San Antonio, TX
    Posts
    564
    1800+ post and you can't read programmers chicken scratch yet, shessssh




    lol

  11. #11
    Join Date
    Sep 2004
    Location
    At the corner of WALK and DONT WALK
    Posts
    1,741
    Oh, it's interesting. This guy's got a bit more practice before he becomes the forum's version of muneepenee, but he's well on his way.

  12. #12
    Join Date
    Aug 2004
    Location
    San Antonio, TX
    Posts
    564
    muneepenee - what a hoot!

  13. #13
    Join Date
    Sep 2005
    Posts
    72
    Quote Originally Posted by MstrBob
    Mozilla Firefox has a tool called "DOM Inspector" in which you can view every current element in the document. For the browser to understand the JS encryption, it has to be decrypted and useable by the browser. The DOM Inspector shows the decrypted document. So, simply on the page you want click Tools -> DOM Inspector Highlight the HTML node, right click, and select "Copy XML". Now paste it wherever you want, this is the source of the document.
    That reminds me... I can't seem to get DOM Inspector back...

    I can't find it in the Tools menu, and reinstalling Firefox doesn't give me the option to install it, and it's not an extension...

    (Nevermind, fixed)
    Last edited by Zarel; 09-29-2005 at 10:33 PM.

  14. #14
    Join Date
    Jul 2003
    Location
    New York City
    Posts
    2,771
    Quote Originally Posted by Zarel
    That reminds me... I can't seem to get DOM Inspector back...

    I can't find it in the Tools menu, and reinstalling Firefox doesn't give me the option to install it, and it's not an extension...
    I haI lost the DOM Inspector as well, but that was back with a 0.9 version of Firefox. Unistalling firefox, and deleting the profile directory, and then reinstalling fixed it for me. The option to install DOM inspector was no longer disabled, so I checked it and off I went.

    If that doesn't help, then I'd try searching the Firefox Support Forum and if that turns up nothing, try searching Bugzilla. If nothing helps you, you can always file it as a firefox bug.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles