1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Link cloaking && faking trusted download with jquery

Discussion in 'Cloaking and Content Generators' started by Gintoki, Jan 19, 2014.

  1. Gintoki

    Gintoki Regular Member

    Joined:
    Mar 24, 2012
    Messages:
    202
    Likes Received:
    152
    Occupation:
    Freelancer
    Location:
    Hungary
    Hello BHW, it has been a long while since I shared anything useful so here we go :)
    Recently I've gotten myself into jquery and started thinking about how its awesome features could be used for blackhat stuff. There are two possible uses I thought about.
    The first one is to trick users into believing they are downloading from a trusted source. Like when you want them to believe they are downloading from jquery.com but instead they are getting their file from your site. I'm sure somebody can use this in some way :)
    The code is below:

    Code:
    <!doctype html>
    <html>
    <head>
    <meta charset="utf-8" />
    <title>Demo</title>
    <script src="http://code.jquery.com/jquery-1.10.1.min.js"></script>
    <script src="http://code.jquery.com/jquery-migrate-1.2.1.min.js"></script>
    </head>
    <body>
    <a href="http://trustedsite.com/file.rar" id="links">Download</a><br />
    <iframe id="downloader" width="1" height="1" style="display:none;"></iframe>    
    <script>
    
    
    
    
     
    $( document ).ready(function() {
    
    
        $("#links").click(function(event){ //"links" is the id of the element you want to render the onClick event to 
        
        event.preventDefault();
    
    //both examples are in this code. comment the one you don't want to use below:
    
    
        //$("#downloader").attr('src','folder/file.rar'); //the download thing. 'folder/file' is your file path
    
        document.location.href='http://clickbank.com'; //the link cloaking thing. use affiliate URL :P
        
    });
    
    
    });
     
    
    
    </script>
    
    
    </body>
    </html>
    
    This is just an example, save it as a html file if you want to test it.

    So why do we want to cloak our links in the first place? Because seeing an affiliate link will discourage users from clicking it. But what if we can make it so that our link shows a non affiliate, non link shortener, and non PHP redirect url on mouse hover? Jquery is the solution. The whole thing revolves around the event.preventDefault(); function. It is pretty self explanatory, it prevents a certain element from performing its default function. In this case, our link won't send them to the URL they see when they hover their mouse over it (which is in its href attribute). What will it do then?

    Fake trusted source download

    For this one I have created an iframe element and made it hidden using CSS (style attribute). When the user clicks on the link we load our file into the iframe, causing the download to start. Now this has some flaws unfortunately. On certain browser configurations the user is asked if he wants to download the file, showing your site as the source. Still, this is a good way to trick a lot of users. Also, this only works with files that the browser can't display. For example it won't work with html and php files.

    Link cloaking
    Cloaking your affiliate links is in your best interest. Unfortunately some tech savyy people have caught up to link shorteners, PHP redirects, etc. So here is what we do: we make our link's URL a non-affiliate one, but we use a jquery onClick event to do the redirect which of course will take them to our affiliate URL :) See the code above. It looks completely legitimate, and they can't notice it unless they look at the page source or check their cookies at the landing page.

    Also, don't forget to call in jquery in the header if your site doesn't have it by default (see the <head> part of the code).

    Eh, I have decided to upload the whole thing to avoid some potential troubleshooting + so you can freely experiment. Here:
    Code:
    http://www.mediafire.com/download/ft4t92vldub6c9q/testingGrounds.rar
    
    Virustotal:
    Code:
    https://www.virustotal.com/en/file/ff647fea14a6270ffc48ee005607093ef363489dff5a5f43b19cfc9f2c24f16e/analysis/1390172180/
    I hope some of you guys will find this useful!
     
    • Thanks Thanks x 4
    Last edited: Jan 19, 2014
  2. prab1996

    prab1996 Elite Member

    Joined:
    Jan 8, 2013
    Messages:
    3,496
    Likes Received:
    2,027
    Occupation:
    your gf's <3 ♥♥♥♥
    Location:
    Prab1996.com
    Home Page:
    unable to understand this thing . but looks good and giving a friendly :bump:

    -=-
     
  3. sargun

    sargun Junior Member

    Joined:
    Jul 5, 2013
    Messages:
    131
    Likes Received:
    44
    just what i was looking for, you are a lifesaver.
     
  4. mikpel

    mikpel Regular Member

    Joined:
    Dec 1, 2012
    Messages:
    220
    Likes Received:
    115
    Nice and simple example but it works!

    I've always used a simple redirection plugin for wordpress to hide my affiliate links but this is even more evil solution, just perfect. :D

    I think I'm going to implement it soon...