Home page logo

bugtraq logo Bugtraq mailing list archives

ProtWare "HTML Guardian" has pathetic "encryption"
From: <rain_song () hushmail com>
Date: Thu, 20 Mar 2003 01:28:06 -0800

For $40 or $70, ProtWare's "HTML Guardian" (http://www.protware.com)
claims to "encrypt html code and javascripts, [making] it impossible
to reuse them."  Unfortunately, "HTML Guardian" does not do anything
more than to obfuscate the HTML source code.  There is no encryption.
 In fact, the JavaScript that "encrypts" that data is included in the
HTML code at the end (just translate the HTML hex to HTML ascii).

Basically how it works is this:

original = abcdefgh
encrypted = acegbdfh

They simply take every other letter, smash them together, then append
the leftovers all into one string.  $70 encryption, woohoo!!

Attached is a Perl script that re-assembles their "encrypted" code. 
The script takes a file as input, and in that file is a modified version
of the HTML source code.  In this file, just have the big JavaScript
variable included from the HTML source code (minus the single quote characters).
 An example of this "encrypted" HTML can be retrieved from ProtWare's
demo page at http://www.protware.com/e_demo.htm.

Attachment: protpop.pl

  By Date           By Thread  

Current thread:
  • ProtWare "HTML Guardian" has pathetic "encryption" rain_song (Mar 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]