Making Wacky Redirect Scripts - Part II

This post is the second part of my quest to test a Javascript Analyzer program I wrote.

1. This script shows the GNU General Public License in the HTML body. The script below reads in the DIV’s innerHTML value and then goes to a specific position in that text to extract a character. This is repeated until all the characters are concatenated to form a script that redirects the user to Google.

2. The Data URI scheme allows you to include data inside of your webpages using Base64 encoding. Web developers typically embed graphics into their webpages to reduce load times. Here’s an example of embedding a graphic file into a webpage.

When this webpage is viewed, however, you don’t see any graphic and your browser gets redirected to Google. What happens is that since I defined the data as “text/html” (as opposed to “image/jpeg”), the base64-encoded text is processed as HTML. You can see that I’ve modified the graphic file by adding a script at the end then converting this file to Base64.

You can even encode Javascript as Base64, define the data appropriately, and add that to your webpage.

3. Using the same modified graphic files as above, I call it using the Object function and define the data as “text/html”.

Here’s a less obvious example.

All this does is open the image file as HTML and render the script which performs the redirect.

What I did was modify the graphic file using a hex editor and added the script tag at the end. By doing this, the graphic remains untouched and still renders correctly.

4. Here’s yet another way to redirect the browser to a website. This is rather simple: I define a couple of variables then force an error. When the browser recovers from the error, the redirect code is executed.

5. Here, I use regex to find a match on a keywords which gets eval’d and executed.

6. For this script, I made a custom object which I can define any way that I want. What I did here was use security buzzwords to make it look like the Javascript code is safe to run.

Posted on: 01/22/2011