[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200303200928.h2K9S6iP093621@mailserver2.hushmail.com>
Date: Thu, 20 Mar 2003 01:28:06 -0800
From: <rain_song@...hmail.com>
To: bugtraq@...urityfocus.com
Subject: ProtWare "HTML Guardian" has pathetic "encryption"
For $40 or $70, ProtWare's "HTML Guardian" (http://www.protware.com)
claims to "encrypt html code and javascripts, [making] it impossible
to reuse them." Unfortunately, "HTML Guardian" does not do anything
more than to obfuscate the HTML source code. There is no encryption.
In fact, the JavaScript that "encrypts" that data is included in the
HTML code at the end (just translate the HTML hex to HTML ascii).
Basically how it works is this:
original = abcdefgh
encrypted = acegbdfh
They simply take every other letter, smash them together, then append
the leftovers all into one string. $70 encryption, woohoo!!
Attached is a Perl script that re-assembles their "encrypted" code.
The script takes a file as input, and in that file is a modified version
of the HTML source code. In this file, just have the big JavaScript
variable included from the HTML source code (minus the single quote characters).
An example of this "encrypted" HTML can be retrieved from ProtWare's
demo page at http://www.protware.com/e_demo.htm.
Download attachment "protpop.pl" of type "application/octet-stream" (861 bytes)
Powered by blists - more mailing lists