1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hide from inspect element?

Discussion in 'BlackHat Lounge' started by sergbot, Oct 3, 2016.

  1. sergbot

    sergbot Junior Member

    Joined:
    Jan 20, 2010
    Messages:
    174
    Likes Received:
    23
    Hey, So I'm currently trying to put some things on webpages that would benefit me, but at the same time, I want to hide it, because it would be unflattering if someone found out that on my website there are some juicy secrets. So I need some way to hide content from insect element. I was thinking about putting it in the iframe and making it so that iframe can only be accessed from a specific domain, but i think people can still use inspect element to see what I have.
     
  2. judaculla

    judaculla Jr. VIP Jr. VIP

    Joined:
    Oct 11, 2014
    Messages:
    337
    Likes Received:
    124
    Location:
    USA
    Ultimately, anything your webpage is loading will be visible to the inspector because it is publicly loaded. Think maybe more in terms of obfuscation than actually hiding. Loading element through js, using json packets, etc.. Can make understanding the code displayed in the editor much less inticing to understand.

    Look around at the code for some larger sites that have advertising programslike facebook or linkedin. These companies have very large incentives to make their data publicly displayed in a manner which makes scraping difficult. They market access to their data, so it hurts them if others are able to access it in a prifitable manner, such as large scale scraping. For this reason, almost all major companies no longer offer public apis, and now reqhkre the registration of 'apps' for data access. Now, all this data is still needed for public display, so hiding isnt an option. If you look at someones fb profile, it is very easy to understand visually. However, fb uses a lot of dynamic css generation which makes it a nightmare for people trying harvest data from them.

    Ultimately, as matt cutts has been quoted saying, you have to break the spirits of people who behave in a manner in which youd like to avoid. If your data has to be made public, as is often the case with websites, make it obscenely hard to sift through for those who are trying to rip you off and theyll probably just move along to the next guy.
     
  3. sergbot

    sergbot Junior Member

    Joined:
    Jan 20, 2010
    Messages:
    174
    Likes Received:
    23
    Well lets say i have a youtube video that's loaded invisible. You can obfuscate the code all you want but i think that will be there.
     
  4. judaculla

    judaculla Jr. VIP Jr. VIP

    Joined:
    Oct 11, 2014
    Messages:
    337
    Likes Received:
    124
    Location:
    USA
    YouTube views are pretty cheap to just buy.

    I'm making this up....BUT maybe you could embed it in an iframe, that is resized to a ridiculously small size?
     
  5. tasburrfoot

    tasburrfoot Regular Member

    Joined:
    Dec 16, 2008
    Messages:
    323
    Likes Received:
    152
    If it's a YouTube video, use a in a 1px by 1px Js based player, and then just encode the URL through some completely unnecessarily long js functions, thus the actual video won't be seen AND the link will be hidden from scrapers.