1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Javascript HTML Cloak/Hide Source

Discussion in 'Cloaking and Content Generators' started by Reefer, Feb 20, 2010.

  1. Reefer

    Reefer Junior Member

    Joined:
    Jan 3, 2010
    Messages:
    194
    Likes Received:
    71
    Occupation:
    BALLIN
    Location:
    no lie
    I wanted to hide the source from people viewing my page on it (since they could just view the source to see the links I was providing them with, which were only meant to be seen if an offer was complete). With a little research, I've figured out an easy way to accomplish this (at least to the point where it becomes easier to do the survey or leave the site rather than decrypting).

    Step 1: write your html code

    Step 2: replace all single quotes (') with escaped single quotes (\')

    Step 3: copy the html code you want cloaked.
    go to online js obfuscator
    Code:
    http://www.daftlogic.com/projects-online-javascript-obfuscator.htm
    and enter in your html code with the following addition:
    Code:
    <!--
    document.write('YOURHTMLCODE');
    -->
    (add document.write' before the html and '); afterwords)

    and press "Obfuscate It!"

    Step 4: copy the enrypted code to a new file called "hidden.js" with the additional following code:
    Code:
    <!--
    ENCRYPTEDCODEHERE
    -->
    (Add <!-- before the encrypted code and --> afterwords)
    Save the file.

    Step 5: in the actual html page, where you want your encrypted html to show up, enter:
    Code:
    <script text="text/javascript" src="hidden.js"></script>
    Step 6: upload both files to the same directory.

    Have fun.
     
    • Thanks Thanks x 2
  2. shadowpwner

    shadowpwner Regular Member

    Joined:
    Apr 19, 2009
    Messages:
    300
    Likes Received:
    73
    major lols.

    You know you'll never rank, if Google can't find your content? Google can't read javascript, fyi.
     
  3. Reefer

    Reefer Junior Member

    Joined:
    Jan 3, 2010
    Messages:
    194
    Likes Received:
    71
    Occupation:
    BALLIN
    Location:
    no lie
    no kidding - i thought google would decrypt my javascript.

    there are plenty of uses for this, took me a while to figure out how to do this so I thought i'd share.
     
  4. XIIII

    XIIII Registered Member

    Joined:
    Jan 19, 2010
    Messages:
    63
    Likes Received:
    8
    Who still using browser's default "view source" page if they meant to copy your content? Tons of plugins are there to duplicate a website in minutes...

    It make sense to encrypt your JavaScript but not the html codes.
     
  5. Newbie.

    Newbie. Registered Member

    Joined:
    Dec 12, 2009
    Messages:
    52
    Likes Received:
    19
    Thanks for the share but I agree with the others on this one.
     
  6. Reefer

    Reefer Junior Member

    Joined:
    Jan 3, 2010
    Messages:
    194
    Likes Received:
    71
    Occupation:
    BALLIN
    Location:
    no lie
    Trust me. This is a very helpful script for many people. If you can't see the use in it yet, you don't need to use it.
     
    • Thanks Thanks x 1
  7. 9errors

    9errors Newbie

    Joined:
    Nov 2, 2008
    Messages:
    29
    Likes Received:
    4
    Occupation:
    Self Employed
    not true. google is now able to parse javascript to certain degree. they are able to parse swf files too. adobe developed a tool and pass it on to major search engines that allow them to index text content that are stored in swf files.
     
  8. drkenneth

    drkenneth Executive VIP

    Joined:
    Nov 13, 2008
    Messages:
    285
    Likes Received:
    176
    Occupation:
    Developer/Entrepreneur
    Location:
    USA
    Google CAN parse Javascript, though it sure as hell doesn't like it/won't rank it highly. It deals with it as more of a 'blackhat busting' measure rather than a 'ranking javascript encoded sites' measure; it is bound to do poorly.
     
  9. stoned raider

    stoned raider Registered Member

    Joined:
    Aug 4, 2008
    Messages:
    94
    Likes Received:
    22
    G surely can read JS no problem

    problem is that JS or flash functioning is browser-dependable (on/off) , html is the official "language" for displaying content, its been here for a long time

    JS is usually used for some shady shit
     
  10. JiiJi

    JiiJi Newbie

    Joined:
    Feb 12, 2010
    Messages:
    1
    Likes Received:
    0
    This technique is very good for doorway pages. I used it before, now I have a problem with big G and doors..
     
  11. aftershock2020

    aftershock2020 Senior Member

    Joined:
    Oct 19, 2007
    Messages:
    981
    Likes Received:
    477
    This is an easy fix, guy. All you have to do is post your content through a php page within your site that is secure in a hidden subdirectory on your server/hosting account. The trick is to put all of your data ' within php ' tags. Echo your content through php...the entire page. Google will read everything within it and rank you with no problem.

    You take your entire content and put it as:

    <?php

    echo ' entire page content goes here ';

    ?>



    Then, you take the blank php page that the user actually lands on and post an include link to the path of the page line this:

    <?php

    include_once('pagelink.php here');

    ?>

    It's that simple. As php content doesn't display in the view source of a browser, there is no need to do anything to it other than basic encryption for protection practices to secure your data.

    Other than that, it is a done deal. The process is all about preventing your source content from being seen in the view source, which for those asking if it is still used, IT IS, every day. Google has no problem with this process due to the fact that their spiders have no problem reading php and clearly can see and know what you are doing on your site. That's all they care about.

    Note: You can just do the first step and have the problem resolved but, I personally use the second step to keep my code cleaner and more systematic. It is a personal choice, eithor way works.


    Hope this helps.



     
    Last edited: Mar 8, 2010
  12. drkenneth

    drkenneth Executive VIP

    Joined:
    Nov 13, 2008
    Messages:
    285
    Likes Received:
    176
    Occupation:
    Developer/Entrepreneur
    Location:
    USA
    Sorry, but that will not work at all. PHP is executed on the serverside--what you're doing is identical to not encoding the source at all and simply putting it in a public .html file. A simple view-source will show it all--be it google or some newb in IE.


    Encoding the HTML with Javascript is the only way to go if you want to hide from inexperienced users. Still--all it takes is someone with firebug to see what you're doing HTML-wise. If you want to hide links and stuff effectively, code clicks into Javascript events and obfuscate/encode the execution functions. That way makes it irritating to disassemble the actions, even for experienced users. (Though far from impossible.) It still leaves your HTML exposed, but very little 'secret sauce' is usually in the HTML anyway.
     
  13. aftershock2020

    aftershock2020 Senior Member

    Joined:
    Oct 19, 2007
    Messages:
    981
    Likes Received:
    477
    Um, no. Sorry yourself, hotshot. Anyone with any knowledge of php knows that view source can't see php code at all, mainly because it is server-side.

    You obviously don't understand when it comes to php, html, or how they work for that matter. That is php 101 that it is protected from view source.

    Then, to say that it doesn't ' encode ' the content, which you obviously meant ' encrypt ' the content/code...is further proof of your inexperience.
    Php wrapped html or any other code for that matter is ' encoded '.

    As for ' encryption ', I clearly stated that there is no needto encrypt it due to the fact that it CAN'T be seen by the user of view source in the first place and therefore, no reason to encrypt it for this purpose. However, security practices are wise, as I also stated in my previous post.


    Finally, to state that this process is the like of a public html file, you again prove your knoweldge of the language to be noob at best. Just because it is a simple process and posts within the same directory as html, it is 100% unreadable by view source, with a couple of simple php tags encasing the content, instead of all of the overbearing javascript ' encryption garbage that you are talking about doing, which doesn't complete the task as my two ' simple ' tags do. You can still see the source with javascript, I know, I use it daily for select coding. However, you can't with php.

    As for your own contradiction in stating " php is serverside " , ( correctly ' server-side ' )...

    That is the only way you can keep the view source from seeing the content, is to keep it server-side, while allowing it to pass through to the viewer but not to be shown as anything other than design/dynamic code display, not text format, which is what view source is for...viewing the ' text format/view ' of the code on a user-end page. IF it is server-side, there is nothing to access with the user-side based view source.


    So, before you state if it will work or won't, be sure and know what you are talking about. The method I posted is used every day by thousands of programmers to serve just this purpose - concealing the content code from view source.


    Check your own claim here: " A simple view-source will show it all--be it google or some newb in IE. "

    Got to any php based site and see if you can view source the php code, partner, I dare you to prove me wrong. View source can NOT see php wrapped code. You will see the javascript, you will see the html, you will see the xml. You will NEVER see the php in view source.

    Best of luck with that javascript method that by your own admission is a failure for the task you are attempting to accomplish... " It still leaves your HTML exposed, but very little 'secret sauce' is usually in the HTML anyway. "

    Sounds like a real winner there.



     
    • Thanks Thanks x 1
    Last edited: Mar 8, 2010
  14. drkenneth

    drkenneth Executive VIP

    Joined:
    Nov 13, 2008
    Messages:
    285
    Likes Received:
    176
    Occupation:
    Developer/Entrepreneur
    Location:
    USA
    I am sorry but you're are extremely mistaken. Not only are you wrong but your communication comes across extremely negatively.

    PHP functional code is hidden, that's a given. However, PHP does NOTHING to hide HTML at all. Look at this site--it's coded in PHP and you can see all HTML no problem.

    Completely 100% false.

    Woah buddy make up your mind! Yes you cannot see the actual PHP code, this is 100% true and I am not arguing otherwise. He wants to hide the HTML! You just said, in the same post, that the HTML will be encoded and now you're saying you will see the HTML? :eek:

    You seem to have PHP execution being serverside and the actual data sent to the clients completely mixed up. If the user can see it, then it was clearly sent to the client in some form. PHP does nothing to help you in that regard.

    Please stop misleading people; it is not good at all if people believe you. Anyone trying what he is saying, just go to your page and use view source. You'll see all output HTML in plaintext.

    This is coming from experience writing tens of thousands of lines of PHP. Writing applications that read web data with raw packets. Etc.
     
  15. aftershock2020

    aftershock2020 Senior Member

    Joined:
    Oct 19, 2007
    Messages:
    981
    Likes Received:
    477
    Whatever you say bud. You win! I'm here to answer and help, not to get into a pissing contest over who knows what, as you obviously think you know everything, short of the technique that I'm talking about. Reefer will use the suggestion or not. I have no time to waste proving what works. I know it does and use it.

    Best of luck with that.

     
    Last edited: Mar 10, 2010
  16. drkenneth

    drkenneth Executive VIP

    Joined:
    Nov 13, 2008
    Messages:
    285
    Likes Received:
    176
    Occupation:
    Developer/Entrepreneur
    Location:
    USA
    I'm not trying to get into a "pissing content" -- I just simply don't want people to think they are safe when they are not. Maybe your wording is unclear, but from what I'm understanding you're saying was wrong. I don't think I know "everything" -- however, the case your speaking of is fairly basic PHP use and is definitely not correct for the purpose you've stated.
     
    Last edited: Mar 10, 2010
  17. aftershock2020

    aftershock2020 Senior Member

    Joined:
    Oct 19, 2007
    Messages:
    981
    Likes Received:
    477
    Think what you want to think or not, you've already proven how much of a child you are by de-repping me for disagreeing with you and then keeping this up to try and provoke me into a fight on here...dude, grow up, seriously.

    Whatever you say, guy...last post on this thread from me, as there is nothing left to say on the matter. Again, nothing to prove, nothing to defend. Best of luck, sincerely. You appear to need it.


     
    Last edited: Mar 10, 2010
  18. drkenneth

    drkenneth Executive VIP

    Joined:
    Nov 13, 2008
    Messages:
    285
    Likes Received:
    176
    Occupation:
    Developer/Entrepreneur
    Location:
    USA
    The de-rep is not for disagreeing, it's for being extremely disrespectful/using personal attacks in response to me disagreeing with you--something I would not consider very reputable. I had in no way attempted to directly attack you, your response however was quite the opposite.

    I am not trying to provoke you into a fight. If you want to continue discussing this then PM me--this isn't the proper place to get into an argument.

    I vehemently stand behind your method not hiding HTML source from view source. I understand you say "there's nothing to defend," but I cannot, in good conscience, not correct something that I believe is incorrect when it could have consequences for the less experienced users on this forum.
     
    • Thanks Thanks x 1
  19. WorkingDog

    WorkingDog Newbie

    Joined:
    Mar 8, 2010
    Messages:
    15
    Likes Received:
    13
    drkenneth is 100% correct.

    Anyone can view everything you send to the browser. As drkenneth points out, you can make it difficult for inexperienced users to see stuff, but at the end of the day, anyone who wants to can discover what gets sent to his browser. All you can do is make it a little more difficult for the user. And I mean "little" literally - using tools like Firebug and httpwatch it's not really difficult at all.

    Playing around with how you generate the content in PHP (or any other server side scripting) won't make the slightest difference at the browser end.

    I'm not sure why reefer wants to display a page containing the links he doesn't want the user to see (however obfuscated or encoded) until an offer is complete. Why not just display a different page once whatever action you need themm to take has been taken?
     
    • Thanks Thanks x 2
  20. aftershock2020

    aftershock2020 Senior Member

    Joined:
    Oct 19, 2007
    Messages:
    981
    Likes Received:
    477
    WorkingDog,

    Actually, you can't read ' anything ' in the browser, as php doesn't send ' through ' the browsers, it only reflects the content from the server-side but as it doesn't come through the browser itself in full text format, you can NOT see php code in the browser by even firebug or any other non-standard practices.

    If you hack the server, where the files are stored, sure, you can rip every file out of there with no issue but that still has nothing to do with the browser and php, as that would be a full hack and not just a view source issue.

    Here is a link showing an example of what I'm talking about:

    http://php.about.com/od/troubleshooting/qt/view_source.htm

    You can't see php code in a standard browser, it is impossible, as the code is designed for working server-side commands to build the content within the broswer without revealing the actual processing data itself.

    You guys may be mistaking the content of exposed html and javascript links that haven't been properly concealed but, you won't see any of the php wrapped code, as it ' doesn't come through the broswer ' , which is why it builds faster uploads of pages when you go to a php site vs. an html page. It processes the data on the server-side and not within the broswer/on the page itself.

    It's php 101 stuff, man. Like I've said before, check this stuff out yourselves by actual trial in the field.






     
    Last edited: Mar 11, 2010