| View previous topic :: View next topic |
| Author |
Message |
cmxflash
-
Joined: 11 Dec 2004
Posts: 872
|
 Posted: Thu Jan 18, 2007 7:04 pm Post subject: Hiding content from source code (Firefox) |
 |
|
Today I discovered that it is possible to execute javascript in Firefox (2.0.0.1) by using the refresh header.
This could be used in many ways, like hiding content from the source code.
| Code: | <?php
if (eregi("firefox", $_SERVER['HTTP_USER_AGENT'])) {
header("Refresh: 0; Javascript: if (confirm('Do you belive I can hide this message from the page source code?')) { alert('Damn right'); } else { alert('You\\'re wrong.'); }");
}
?><html>
<head>
<title>Test</title>
</head>
<body>
<p>Kebab ftw</p>
</body>
</html> |
However, using document.write seems to make Firefox load the page forever, even if it is fully loaded. Not sure if this could be a way to securly load a document using AJAX and hiding the source URL from the user.
Even if this isn't really useful, it is pretty cool to show your buddies how you are able to run Javascript that isn't in the source code.  |
|
| Back to top |
  |
 |
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
| Posted: Fri Jan 19, 2007 1:00 am Post subject: Re: Hiding content from source code (Firefox) |
|
|
cmxflash,
That's a very nice trick. Thanks for sharing it with us.
_________________
Support Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
 |
|
cmxflash
-
Joined: 11 Dec 2004
Posts: 872
|
| Posted: Sun Feb 25, 2007 1:41 pm Post subject: |
|
|
Just found another interesting way of hiding the source code in Firefox, using onUnload. Not sure if this can be used for cross-side scripting, since Firefox belives it's on another page when redirected back.
| Code: | <?php
if (isset($_GET['n'])) {
die("Source code hidden.\n\nGo away");
}
if (!isset($_GET['do'])) {
header("refresh: 0; url=index.php?n");
}
?>
<html>
<head>
<title>Testing page</title>
</head>
<body onunload="location.href='index.php?do'">
<h1>Schalla!</h1><p>Hidden source code</p>
</body>
</html> |
|
|
| Back to top |
|
|
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
| Posted: Mon Feb 26, 2007 3:11 pm Post subject: |
|
|
cmxflash,
Interesting. Does other browsers suffer/have the same way of doing things?
_________________
Support Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
|
|
cmxflash
-
Joined: 11 Dec 2004
Posts: 872
|
| Posted: Mon Feb 26, 2007 3:57 pm Post subject: |
|
|
| aprelium wrote: | | Does other browsers suffer/have the same way of doing things? |
The script prevents both IE and Firefox from leaving the page since the javascript is executed after the user has entered the new URL. Only Firefox (and probably other browsers based on the same engine) hides the source code. I tried to steal session cookies from another web site using this method, however I was unable to do so. |
|
| Back to top |
|
|
puertoblack2003
-
Joined: 08 Oct 2006
Posts: 87
|
| Posted: Mon May 28, 2007 2:32 pm Post subject: |
|
|
| how do this work do i created a index.html and put it in the folder directory??? |
|
| Back to top |
|
|
hc2995
-
Joined: 07 Aug 2006
Posts: 644
Location: Maryland, USA
|
| Posted: Mon May 28, 2007 3:25 pm Post subject: |
|
|
no, this is a PHP script, you need PHP to be installed and functioning
_________________
Where have i been? School got heck-tick, had to move half way around the state, then back... and then i had to change jobs, so iv been away for a while :P |
|
| Back to top |
 |
|
|
