|
|
Author |
Thread |
InI
Paranoid (IV) Mad Scientist
From: Somewhere over the rainbow Insane since: Mar 2001
|
posted 03-19-2003 11:15
The poster has demanded we remove all his contributions, less he takes legal action.
We have done so.
Now Tyberius Prime expects him to start complaining that we removed his 'free speech' since this message will replace all of his posts, past and future.
Don't follow his example - seek real life help first.
|
H][RO
Bipolar (III) Inmate
From: Australia Insane since: Oct 2002
|
posted 03-19-2003 11:52
Hmm so its just the document.write's from the php file? They dont show in the source code
[This message has been edited by H][RO (edited 03-19-2003).]
|
Perfect Thunder
Paranoid (IV) Inmate
From: Milwaukee Insane since: Oct 2001
|
posted 03-19-2003 12:01
Cool in a hacker way, yes, but I dread the idea of finally giving those "I want to hide my precious HTML so it can't be stolen" people what they want.
I'm curious to know how it works; obviously serving the JavaScript from a PHP script lets you validate the script call before running it. That's probably why I can't just access invisible.php to see what the JS is. I assume the PHP script checks the referring page and if it's not the right one, zoop, no output. I was thinking of trying to access invisible.php with a spoofed referrer header, but I don't have the right tools and wasn't interested in acquiring them.
As for what the JavaScript actually does, my bet is that it inserts the content of the page at runtime (and then removes it again once the page has rendered). Obviously the trick is JavaScript-based; and it does something at least faintly fancy, since it doesn't work in Netscape 4. (Then again, what does work in Netscape 4?)
Aha, here we go...
code:
document.write("Hello World. See if you can find the source for this webpage ;)");
document.write("You can't? How sad...<br>");
document.write("Maybe some guy, at <a href=http://www.ozoneasylum.com>Ozone Asylum</a><br>");
document.write("found a clever way to hide those sources, after all");
document.toast="breadandButter";
document.problem="invisible";
It's not all of it, of course; it doesn't tell me how you did what you did. But it definitely reveals the HTML source.
edit: Oh, and happy 4000!
[This message has been edited by Perfect Thunder (edited 03-19-2003).]
|
InI
Paranoid (IV) Mad Scientist
From: Somewhere over the rainbow Insane since: Mar 2001
|
posted 03-19-2003 12:31
The poster has demanded we remove all his contributions, less he takes legal action.
We have done so.
Now Tyberius Prime expects him to start complaining that we removed his 'free speech' since this message will replace all of his posts, past and future.
Don't follow his example - seek real life help first.
|
Petskull
Maniac (V) Mad Scientist
From: 127 Halcyon Road, Marenia, Atlantis Insane since: Aug 2000
|
posted 03-19-2003 12:35
Yeah, I'd telnet on over but I've no mood for it right now.... sweet hack though... you'll probably keep out 99% of people this way..
so true, ini... so true....
Code - CGI - links - DHTML - Javascript - Perl - programming - Magic - http://www.twistedport.com
ICQ: 67751342
[This message has been edited by Petskull (edited 03-19-2003).]
|
DL-44
Maniac (V) Inmate
From: under the bed Insane since: Feb 2000
|
posted 03-19-2003 15:35
interesting in a technical sort of way maybe...but...why?
|
InI
Paranoid (IV) Mad Scientist
From: Somewhere over the rainbow Insane since: Mar 2001
|
posted 03-19-2003 15:46
The poster has demanded we remove all his contributions, less he takes legal action.
We have done so.
Now Tyberius Prime expects him to start complaining that we removed his 'free speech' since this message will replace all of his posts, past and future.
Don't follow his example - seek real life help first.
|
HZR
Bipolar (III) Inmate
From: Cold Sweden Insane since: Jul 2002
|
posted 03-19-2003 18:15
And if the user has JavaScript disabled...
|
Perfect Thunder
Paranoid (IV) Inmate
From: Milwaukee Insane since: Oct 2001
|
posted 03-20-2003 01:10
Actually, in Netscape 4 the page just failed, whether I accessed invisible.php or no_src.html. The way I got the source code was by de-associating Opera 5 from PHP files, then trying to download invisible.php. Opera 5 gave me the option of saving the file, and hey, there was the JavaScript.
|
Suho1004
Maniac (V) Inmate
From: Seoul, Korea Insane since: Apr 2002
|
posted 03-20-2003 01:23
Yup, interesting in a technical way, but something I would never want to implement. Like HZR said... what if the user has JavaScript turned off?
That and the fact that I can't imagine why I would ever want to hide my HTML...
Anyway, congrats on cracking that little nut, InI.
|
Perfect Thunder
Paranoid (IV) Inmate
From: Milwaukee Insane since: Oct 2001
|
posted 03-20-2003 04:54
Well, the people who do want to hide their HTML usually seem to have some belief that their HTML markup is worth stealing; and that there's some negative consequence to someone stealing it. I don't understand the viewpoint. I mean, a) if you want closed source, don't write an interpreted client-side language, and b) what the hell can you do with HTML that's not already thoroughly documented? Hiding your code just makes you look both paranoid and arrogant. ("My code is better than yours, and you're out to steal it!")
That's why I said that InI's solution was good stuff from a hacker viewpoint -- it was an interesting problem, and he's got a solution that'll work against anyone who's not really determined. InI set out to solve the problem, and he did. But I don't have much respect for anyone who actually uses it to hide his HTML.
|
counterfeitbacon
Paranoid (IV) Inmate
From: Vancouver, WA Insane since: Apr 2002
|
posted 03-20-2003 05:01
quote: document.write("Hello World. See if you can find the source for this webpage ");
document.write("You can't? How sad...<br>");
document.write("Maybe some guy, at <a href=http://www.ozoneasylum.com>Ozone Asylum</a><br>");
document.write("found a clever way to hide those sources, after all");
document.toast="breadandButter";
document.problem="invisible";
I used HTTrack to download the website, and looked through all the files.
It was in: "invisible.html"
|
H][RO
Bipolar (III) Inmate
From: Australia Insane since: Oct 2002
|
posted 03-20-2003 07:00
lol i just used IE and went save as and that gave me all the files, nothing hard about it at all you dont need any *tricks* or fancy programs for that.. Is there any way to stop ppl downloading your php files?
[This message has been edited by H][RO (edited 03-20-2003).]
|
InI
Paranoid (IV) Mad Scientist
From: Somewhere over the rainbow Insane since: Mar 2001
|
posted 03-20-2003 09:04
The poster has demanded we remove all his contributions, less he takes legal action.
We have done so.
Now Tyberius Prime expects him to start complaining that we removed his 'free speech' since this message will replace all of his posts, past and future.
Don't follow his example - seek real life help first.
|
dizzyrascal
Obsessive-Compulsive (I) Inmate
From: Insane since: Mar 2003
|
posted 03-20-2003 12:26
<html>
<HEAD>
<META http-equiv=Expires content=0>
<META http-equiv=Cache-Control content=no-cache>
<META http-equiv=Pragma content=no-cache>
<SCRIPT language=javascript src="invisible.php" type=text/javascript>
</SCRIPT>
</HEAD>
<BODY>Hello World. See if you can find the source for this webpage You can't? How sad...<BR>Maybe some guy, at <A href="http://www.ozoneasylum.com">Ozone Asylum</A><BR>found a clever way to hide those sources, after all </BODY>
</html>
THERE IS UR SOURCE CODE MAD SCIENTIST
|
InI
Paranoid (IV) Mad Scientist
From: Somewhere over the rainbow Insane since: Mar 2001
|
posted 03-20-2003 12:36
The poster has demanded we remove all his contributions, less he takes legal action.
We have done so.
Now Tyberius Prime expects him to start complaining that we removed his 'free speech' since this message will replace all of his posts, past and future.
Don't follow his example - seek real life help first.
|
InI
Paranoid (IV) Mad Scientist
From: Somewhere over the rainbow Insane since: Mar 2001
|
posted 03-20-2003 12:50
The poster has demanded we remove all his contributions, less he takes legal action.
We have done so.
Now Tyberius Prime expects him to start complaining that we removed his 'free speech' since this message will replace all of his posts, past and future.
Don't follow his example - seek real life help first.
|
H][RO
Bipolar (III) Inmate
From: Australia Insane since: Oct 2002
|
posted 03-20-2003 12:57
OMG that is not me, man i dont know what im talking about???
>>Anyway, I'm willing to bet you're in a very young age and very happy to play with CAPS
in forums all around the web and go challenging Mad Scientists with your obvious total understanding
of coding. It's ok, go hormonal, but for informatics sake, don't ever talk code again.
>>
I've got an idea, go get a clue before badmouthing people you know nothing about, since i never said anything bad about what you did, and dont make stupid assumptions. p.s I hate ppl that use CAPS and i never use it, go check my posts if you're so insecure you have to start calling people *Kids* just because someone figure out your oh my god - master plan to hide html...
>>
observe the files you get when downloading
my page as you did.
There's no "invisible.php" in it,
>>
For your information... when i saved the page in I.E, it also saved a filed called invisible.php which had all of the contents in it, so wether it exists or not is irrelivant it still gives you the document.writes etc in the code that was used...If you dont beleive go try it yourself guru... How is that different to what you are doing... Enlighten me oh *you're so great* one...
|
H][RO
Bipolar (III) Inmate
From: Australia Insane since: Oct 2002
|
posted 03-20-2003 12:59
*Go hormonal*
lol get a clue
|
InI
Paranoid (IV) Mad Scientist
From: Somewhere over the rainbow Insane since: Mar 2001
|
posted 03-20-2003 13:03
The poster has demanded we remove all his contributions, less he takes legal action.
We have done so.
Now Tyberius Prime expects him to start complaining that we removed his 'free speech' since this message will replace all of his posts, past and future.
Don't follow his example - seek real life help first.
|
DL-44
Maniac (V) Inmate
From: under the bed Insane since: Feb 2000
|
posted 03-20-2003 14:29
Ini - you've got some SERIOUS fucking issues man.
I'm closing this down as it has *definately* exceeded it's usefulness.
Enough is enough man.
|
InI
Paranoid (IV) Mad Scientist
From: Somewhere over the rainbow Insane since: Mar 2001
|
posted 03-20-2003 14:43
The poster has demanded we remove all his contributions, less he takes legal action.
We have done so.
Now Tyberius Prime expects him to start complaining that we removed his 'free speech' since this message will replace all of his posts, past and future.
Don't follow his example - seek real life help first.
|
DL-44
Maniac (V) Inmate
From: under the bed Insane since: Feb 2000
|
posted 03-20-2003 14:55
Closing because I'm tired of you throwing your fucking hissy-fits.
Bye bye
|
InI
Paranoid (IV) Mad Scientist
From: Somewhere over the rainbow Insane since: Mar 2001
|
posted 03-20-2003 15:00
The poster has demanded we remove all his contributions, less he takes legal action.
We have done so.
Now Tyberius Prime expects him to start complaining that we removed his 'free speech' since this message will replace all of his posts, past and future.
Don't follow his example - seek real life help first.
|
Emperor
Maniac (V) Mad Scientist with Finglongers
From: Cell 53, East Wing Insane since: Jul 2001
|
posted 03-20-2003 15:16
Are we finished now?
Well I for one am tired of this so lets see if we can't close this one for good eh?
[edit: Ooooooooooo look another reopened thread - this is awfully undignified we Mad Scis should try and set some kind of standard - back to the depths with you foul thread your stench offend the heavens itself]
___________________
Emps
FAQs: Emperor
|