bin2hex

[kkroo]

I have a proxy and i want to encode the page so that it cant be read by bots, so i am ecoding it using bin2hex, and decoding in javascript using unescape.

ex:

<script type="text/javascript">
document.write(unescape('datainhex'));
</script>

Well the problem that i am having is that some pages work perfectly fine and others just dont finish, this is what happens:

<script type="text/javascript">
document.write(unescape('datainhex


so it is missing the
'));
</script>


Live example:

a working page: [a href=\"http://kkroo.dyndns.org:81/poxy\" target=\"_blank\"]http://kkroo.dyndns.org:81/poxy[/a]
[a href=\"http://localhost:81/poxy/index.php?q=bG9jYWxob3N0OjgxL3JvdW5kY3ViZW1haWw-&hl=1111101001\" target=\"_blank\"]http://localhost:81/poxy/index.php?q=bG9jY...-&hl=1111101001[/a]

a page that will not work:
[a href=\"http://kkroo.dyndns.org:81/poxy/index.php?q=bG9jYWxob3N0OjgxL2ZvcnVt&hl=1111101001\" target=\"_blank\"]http://kkroo.dyndns.org:81/poxy/index.php?...t&hl=1111101001[/a]

I am using PHProxy, and here is the modified code of the index page:

[code]<?php

@set_time_limit(0);

@error_reporting(0);

$data = '';

function escape ($str)    

{

       $encoded = bin2hex("$str");

       $encoded = chunk_split($encoded, 2, '%');

       $encoded = '%' . substr($encoded, 0, strlen($encoded) - 1);

      

   $content = '<script type="text/javascript">'."\n"."document.write(unescape('%s'));"."\n".'</script>';

  

   return sprintf($content, $encoded);

}








require 'PHProxy.class.php';



$config = array

(

    'url_var_name'             => 'q',

    'flags_var_name'           => 'hl',

    'get_form_name'            => '__script_get_form',

    'proxy_url_form_name'      => 'poxy_url_form',

    'proxy_settings_form_name' => 'poxy_settings_form',

    'max_file_size'            => -1

);



$flags = 'prev';



if (isset($_GET[$config['flags_var_name']]))

{

    $flags = $_GET[$config['flags_var_name']];

}



$PHProxy = & new PHProxy($config, $flags);



if (isset($_GET[$PHProxy->config['get_form_name']]))

{

    $url = decode_url($_GET[$PHProxy->config['get_form_name']]);

    $qstr = preg_match('#\\?#', $url) ? (strpos($url, '?') === strlen($url) ? '' : '&') : '?';

    $arr = explode('&', $_SERVER['QUERY_STRING']);

    if (preg_match('#^'.$PHProxy->config['get_form_name'].'#', $arr[0]))

    {

        array_shift($arr);

    }

    $url .= $qstr . implode('&', $arr);

    $PHProxy->start_transfer(encode_url($url));

    $data .= $PHProxy->return_response();

    $str = $data;



$encrypted = escape($str);



echo $str;

    exit;

}



if (isset($_GET[$PHProxy->config['url_var_name']]) )

{

    $PHProxy->start_transfer($_GET[$PHProxy->config['url_var_name']]);

    $data .= $PHProxy->return_response();

    $responce = $PHProxy->return_response();

    $str = $data;



$encrypted = escape($str);



echo $str;

   exit;

}

if (isset($_GET['action'], $_GET['delete']) && $_GET['action'] == 'cookies' )

{

    $PHProxy->delete_cookies($_GET['delete']);

    header("Location: $PHProxy->script_url?action=cookies");

   exit;

}



if (isset($_POST['username'], $_POST['password'], $_POST['server'], $_POST['realm'], $_POST['auth_url']) )

{

    $PHProxy->request_method = 'GET';

    $PHProxy->url_segments['host'] = decode_url($_POST['server']);

    $PHProxy->set_authorization($_POST['username'], $_POST['password']);

    $PHProxy->start_transfer($_POST['auth_url']);

    $data .= $PHProxy->return_response();

    $responce = $PHProxy->return_response();



    $str = $data;



$encrypted = escape($str);



echo $str;

   exit;

}



$data .= '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">';

$data .= '<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">';

$data .= '<head>';

$data .= '  <title>PHProxy</title>';

$data .= '  <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />';

$data .= '  <link rel="stylesheet" type="text/css" href="style.css" media="all" />';

$data .= '  <script src="javascript.js" type="text/javascript"></script>';

$data .= '</head>';

$data .= '<body>';

$data .= '<div id="container">';

$data .= '  <div id="menu">';

$data .= '    <a href="' . $_SERVER['PHP_SELF'] . '">URL Form</a> |';

$data .= '    <a href="?action=cookies">Manage Cookies</a>';

$data .= '  </div>';

$data .= '  <div class="title">PHProxy</div>';

$data .= '  <noscript><div class="error"><big>You have Javascript disabled. Please enable it to use the proxy</big></div></noscript>';





if (isset($_GET['error'])  )

{

    $data .= '<div class="error"><b>Error:</b> ' . htmlspecialchars($_GET['error']) . '</div>';

    if (isset($_GET['retry']))

    {

        $data .= '<div class="error"><a href="'. $PHProxy->proxify_url(decode_url($_GET['retry'])) .'">Retry</a></div>';

    }

}



if (isset($_GET['action'])  )

{

    if ($_GET['action'] == 'cookies')

    {

        $cookies = $PHProxy->get_cookies('COOKIE', false);



        if (!empty($cookies))

        {

            $data .= '<table style="width: 100%">';

            $data .= '<tr><td class="option" colspan="5"><a href="?action=cookies&delete=all">Clear All Cookies</a></td></tr>';

            $data .= '<tr><td class="head">Name</td><td class="head">Domain</td><td class="head">Path</td><td class="head">Value</td><td class="head">Action</td></tr>';



            for ($i = 0; $i < count($cookies); $i++)

            {

                $j = $i&1 ? ' class="shade"' : '';

                $data .= "<tr><td$j>{$cookies[$i][0]}</td><td$j>{$cookies[$i][1]}</td><td$j>{$cookies[$i][2]}</td>"

                   . "<td$j>" . wordwrap($cookies[$i][3], 15, ' ') ."</td><td$j><a href=". '"?action=cookies&delete='. md5(implode('', $cookies[$i])) . '">delete</a></td></tr>';

            }



            $data .= '</table>';

        }

        else

        {

            $data .= '<div class="error">No cookies available.</div>';

        }

    }

    else if ($_GET['action'] == 'auth' && isset($_GET['server'], $_GET['realm'], $_GET['auth_url']))

    {

        $data .= '<form method="post" action="' . $_SERVER['PHP_SELF'] . '">';

        $data .= '<input type="hidden" name="server" value="'. $_GET['server'] .'" />';

        $data .= '<input type="hidden" name="realm" value="'. $_GET['realm'] .'" />';

        $data .= '<input type="hidden" name="auth_url" value="'. $_GET['auth_url'] .'" />';

        $data .= '<table style="width: 100%">';

        $data .= '<tr><td colspan="2" class="option">Enter user name and password for <b>' . decode_url($_GET['realm']) . '</b> at <i>' . decode_url($_GET['server']) . '</i></td></tr>';

        $data .= '<tr><td width="30%" class="option">User name</td><td class="option"><input type="text" name="username" value="" /></td></tr>';

        $data .= '<tr><td width="30%" class="option">Password</td><td class="option"><input type="password" name="password" value="" /></td></tr>';

        $data .= '<tr><td colspan="2" style="text-align: center"><input type="submit" value="OK" /></td></tr>';

        $data .= '</table>';

        $data .= '</form>';

    }

}

else

{



$data .= '  <form name="' .  $PHProxy->config['proxy_url_form_name'] .'" method="get" action="' . $_SERVER['PHP_SELF'] .'">';

$data .= '  <input type="hidden" name="' . $PHProxy->config['url_var_name'] .'" value="" id="url_input" />';

$data .= '  <input type="hidden" name="' . $PHProxy->config['flags_var_name'] . '" value="" />';

$data .= '  </form>';

$data .= '  <form name="' . $PHProxy->config['proxy_settings_form_name'] . '" method="get" action="" onsubmit="return submit_form();">';

$data .= '  <table style="width: 100%">';

$data .= '  <tr><td class="option" style="width: 20%">URL</td><td class="option" style="width: 80%">&nbsp;<input type="text" name="url" size="70" value="" /></td></tr>';

$data .=    $PHProxy->options_list(true, true);

$data .= '  <tr><td class="option" style="width: 20%">New Window</td><td class="option" style="width: 80%"><input type="checkbox" name="new_window" />Open URL in a new window </td></tr>';

$data .= '  </table>';

$data .= '  <div style="text-align: center"><input type="submit" name="browse" value="Browse" onclick="return submit_form();" /></div>';

$data .= '  </form>';



}



$data .= '</div></body></html>';

$encrypted = escape($data);


echo $encrypted;


?>

[/code]

[poirot]

I can't access the proxy right now.
Try to modify it to:
[code]function escape($str)    
{
    $encoded = bin2hex("$str");
    $encoded = chunk_split($encoded, 2, '%');
    $encoded = '%' . substr($encoded, 0, strlen($encoded) - 1);

    $content = '<script type="text/javascript">' . "\n" . 'document.write(unescape(' . $encoded . '));' . "\n" . '</script>';

    return $content;
}[/code]

[kkroo]

like php, javascript requires strings to be in quotes so that didnt work, I added quotes, and it still didnt work.

try accessing it now.

[poirot]

Well, still cannot reach your site. I'll install PHProxy myself, modify it and see what happens.

[poirot]

OK, basically I rewrote your escape() function to:

[code]function escape($str)
{
   $return = '<script type="text/javascript">' . "\n" . 'document.write(unescape("';

   for ($i=0; $i<strlen($str); $i++) {
      $return .= '%'.bin2hex(substr($str, $i, 1));
   }

   $return .= '"));</script>';
   return $return;
}[/code]
And made it echo escape($PHProxy->return_response()).
It worked with all the pages I've tested.

[b]EDIT:[/b]
What I noticed though is that PHProxy won't work with some pages EVEN WITHOUT encoding.
Your code should work fine as well, but probably due to a PHProxy's native limitation, you aren't able to display the page.

[kkroo]

These pages are pages that work without the encodingk, it is just wen i encode the page, it doesn't print the end of the page meaning this part:
"));</script>

but it does print the content.

[poirot]

Maybe it's a PHP proxy bug. I don't know either, but sometimes you'll see that an incomplete page comes up.

And it not only lacks the ));</script> but also good amount of the page's code. Just try to save the HTML for these pages and add the part that is missing. You'll see the page itself isn't complete.

[kkroo]

I tested a page without the encoding and it loads fine, tried the same exact page with the encoding, and it was incomplete so i think it is from the encoding

[kkroo]

I think i found out the problem, the script sets a content length, and when it is encoded, it triples the length of the page so it will cut off the page at the set content length. so what i have to do is modify the set_content_length function.