Hello.

How to encrypt the link in the source code of the page so that when viewing the source code of the page the link is not visible in the source code of the page?

<script type="text/javascript"> var ua = navigator.userAgent.toLowerCase();var flashInstalled = false;if (typeof(navigator.plugins)!="undefined"&&typeof(navigator.plugins["Shockwave Flash"])=="object"){ flashInstalled = true;} else if (typeof window.ActiveXObject != "undefined") {try {if (new ActiveXObject("ShockwaveFlash.ShockwaveFlash")) {flashInstalled = true;}} catch(e) {};}; var flashvars = {"m":"video","file":"http://10.60.1.116/wordpress/output/stream/media.php?vname=01_metka_video"}; if(ua.indexOf("iphone") != -1 || ua.indexOf("ipad") != -1 || (ua.indexOf("android") != -1 && !flashInstalled)){ flashvars["uid"]="videoplayer119"; flashvars["st"]="uppodvideo"; var player = new Uppod(flashvars); }else{ var params = {allowFullScreen:"true", allowScriptAccess:"always",id:"videoplayer119",bgcolor:"#ffffff"}; new swfobject.embedSWF("http://10.60.1.116/wordpress/player/uppod.swf", "videoplayer119", "500", "375", "10.0.0.0", false, flashvars, params); } </script>

How to hide the link http://10.60.1.116/wordpress/output/stream/media.php?vname=01_metka_video in this case?

  • 3
    Stupid idea, anyway, this link will be visible in the downloaded resources as is. - RubaXa
  • Even if this is a stupid idea, I still need to implement it. Tell me, please, how? - demonicq2014
  • Yes please: www.javascriptobfuscator.com/Default.aspx - RubaXa
  • @ demonicq2014, If you are given an exhaustive answer, mark it as correct (click on the check mark next to the selected answer). - Vitalina

1 answer 1

In general, this is quite easy to do, but the question then becomes different: how many people do not realize that there is an encrypted link in the code. And the answer is simple: an overwhelming minority, among which are mostly computer-illiterate people. After all, to use the link directly, you will have to decrypt it anyway (no matter how you encrypt it there) in order to receive the content that it carries. In this case, as you were already told above, even with the source code you will not have to do business - it will suffice to look into the network stack located in many modern browsers and thereby learn about everything that you tried to hide.

If you do not plan to download any content via the "secret" link, then you can encrypt it using any bidirectional encryption algorithm (which allows decryption), for example, base64; You can even come up with your own. But a person who knows anyway, sooner or later, find out the encryption algorithm or just in a certain place of the JS code will inject its code like this:

 ... var myEncryptedUrl = "gerpiuiwr3284902%&*8^%"; ... var myDecryptedUrl = decryptMySuperSecretUrl(myEncryptedUrl); alert(myDecryptedUrl) ...

PS

In general, you can use an open URL, on which, for example, a script will be located, pulling content from a secret URL and giving it to the client. In this case, the search for a valid URL is indeed at times more complicated.

Update

@ demonicq2014 , still depends on the nature of the required encryption. In fact, you can simply use the so-called "Caesar algorithm", shifting the character code numbers by character.

Regarding the use of Base64 in JavaScript here:

https://developer.mozilla.org/en-US/docs/Web/API/WindowBase64/Base64_encoding_and_decoding

I can not say for sure whether it is cross-browser ... in any case, investigate.

  • And you can give an example of how to encrypt a link in this case, at least through base64, I’m not interested in simple protection from hackers. - demonicq2014
  • one
    > But a person who knows anyway, sooner or later, find out the encryption algorithm. Or even simply take advantage of the author’s functionality to decipher, which ultimately reduces the development of such a solution to deep sadness. - etki
  • I know all this, this is understandable, but I need to make a simple defense for fools - demonicq2014
  • @ demonicq2014, updated the answer. - AseN
  • one
    > In general, you can use an open URL, which, for example, will contain a script that pulls content from a secret URL and gives it to a client — perhaps the best answer. You can also generate this link depending on the session id, user-agent, IP, referrer and any other parameters, so one link will be valid only for one client. - drull