1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

HTML encryption...

Discussion in 'BlackHat Lounge' started by q3ick, Jan 29, 2009.

  1. q3ick

    q3ick Regular Member

    Joined:
    Oct 27, 2008
    Messages:
    414
    Likes Received:
    115
    Occupation:
    Full Time Student -- Working On My Masters In Busi
    Location:
    Places
    Home Page:
    What would you recommend that I use to encrypt my soource code from peering eyes?
     
  2. hwolfpack6

    hwolfpack6 BANNED BANNED

    Joined:
    Dec 11, 2008
    Messages:
    646
    Likes Received:
    175
    Well anybody can get your source code, so you really can't use disable right click...anybody who is determined to can just save your home page and open it up in their text editor.

    Go ahead and call me a nerd now, but when I was younger, I used to play a game called RuneScape, and I vaguely remember not being able to view their source code...I can't remember how they did it though.
     
  3. the_demon

    the_demon Jr. Executive VIP

    Joined:
    Nov 23, 2008
    Messages:
    3,177
    Likes Received:
    1,563
    Occupation:
    Search Engine Marketing
    Location:
    The Internet
    You can encrypt your javascript and php respectively... You can encrypt your whole html page but it won't show anything up for users not using it... Also, it's possible for anyone to decrypt with enough time and patience. You can use php & htaccess combo to prevent direct file access of css and similar files but, if people save page as they can still get to your css. You can also use what I call "tight coding" meaning you strip all the white space, encrypt javascript files, compress css files and use names like c.jpg instead of car.jpg. You can also code in multiple languages so that most people will have no idea what the he11 is going on. Making it a real b1tch to clone. Also, hard coding urls makes it even more of a pain to clone. Also, replacing things that use javascript with php (such as outputting the date) means a user wishing to clone has to make the script himself to recreate it adding yet another challenge. Also strip all comments from code making it increasingly difficult to understand. Further stll you could limit the number of file simultaneously open / user and the amount of bandwidth allowed per IP making it really annoying for anyone trying to clone your site... Especially if you use anti-proxy code.

    Recently I saw one lyrics website that encoded their lyrics using character codes so that's all you would see when viewing source. And they pulled a few other tricks to make it impossible to copy lyrics without extreme difficulty.
     
    Last edited: Jan 29, 2009
  4. Avitar

    Avitar Newbie

    Joined:
    Jan 29, 2009
    Messages:
    0
    Likes Received:
    0
    It's not possible due to the architecture of html pages.. at least not how you think because html pages are not encrypted. The best you can do is obfuscate the code.. which is more trouble then its worth.

    If you want a hands on attempt at breaking javascript code look up starfleet acadamy.. they have a site built for users to practice ethical hacking when it comes to javascript injection.

    There is however ways to use a website to pass hidden bits of data in alternative ways through embedding data in images or fake files that you can download (which are encrypted or are truecrypt volumes). Source code stealing is for neophytes though since html is easy to build from scratch in usually less time then it takes to steal.
     
  5. ukescuba

    ukescuba Jr. VIP Jr. VIP Premium Member

    Joined:
    Feb 24, 2008
    Messages:
    994
    Likes Received:
    634
    Occupation:
    Mobile Marketer & QR Code Junkie
    Location:
    San Antonio, TX
    Home Page:
    would google be able to decipher it?

    if not its gunna screw with your onsite optimization right?