Techniques for Hiding JavaScript in Web Source

JavaScript is a customer side programming dialect, along these lines it chips away at the customer's machine, so you can't really conceal anything from the customer.

Jumbling your code is a decent arrangement, yet it's insufficient, on the grounds that, in spite of the fact that it is hard, somebody could unravel your code and "take" your script.

1. Hiding Via Programming Language Like PHP

This is the only working way to completely hide your JavaScript code from the client just like PHP or ASP code.
Here we'll need the help of PHP. Here is the code:

<meta http-equiv="Content-Type" content="text/html; charset=windows-1256" />
<title>Hide Javascript Code</title>
<!--Here we call our Javascript page the first time it'll provide us with our javascript code -->
<script language="javascript" src="./javascript.php"></script>
We call the same page again AND THIS IS SECOND PART OF THE TRICK.
because after we called it the first time it will set the session value to FALSE which mean it will print NOTHING
<script language="javascript" src="./javascript.php"></script>
    Try to save this page or go straight from your browser to the (javascript.php) page<br>
    and see if you can get my javascript code.<br>

    |                                                                                                        |
    |    Script name: Hide Javascript Code.                                                        |
    |    Script date: 16/12/2007                                                                    |
    |    Script author: Mahr Bakr                                                                        |
    |                                                                      |
    |    Script goal: Hiding the javascript code from the client like PHP & ASP        |
    |    Script license: Free for personal and commercial.                                    |
    |    *******************************************************    |
    |    Keep this note or at least point to me as the author of the script            |
    |    *******************************************************    |

    @session_start(); //Start our session.
    header("Cache-Control: no-store, no-cache"); //Tell the browser to not cache this page (don't store it in the internet temp folder).
    header("Content-type: text/javascript"); //Let the browser think that this is a Javascript page.
    //If the session value is TRUE that means the client has opened the main page (which creates our session and sets its value to TRUE).
    if ($_SESSION["PrintTheJavaScript"] == true){
        //Now we can print our javascript code using PHP's echo command.
        echo '
        // Here is our hidden javascript source.
        var Something="This is a real hidden Javascript code";
        // End of our hidden javascript source.
        //If the client tried to open the page straight from the browser (he is trying to see our hidden code).
        // Print some fake code or don't print anything.
    //Set the session value to false AND THIS IS FIRST PART OF THE TRICK.
    //because we are going to call this page again and it'll print nothing (because $_SESSION["PrintTheJavaScript"] <> TRUE)
    //so even if the client tried to SAVE the page this page will be saved empty.
    $_SESSION["PrintTheJavaScript"] = false;
 2.   Use Html Encrypter The part of the Head which has 
 <link rel="stylesheet" href="styles/css.css" type="text/css" media="screen" /> <script type="text/javascript" src="script/js.js" language="javascript"></script>  copy and paste it to HTML Encrypter and the Result will goes like this and paste it the location where you cut the above sample  <Script Language='Javascript'> <!-- HTML Encryption provided by --> <!-- document.write(unescape('%3C%6C%69%6E%6B%20%72%65%6C%3D%22%73%74%79%6C%65%73%68%65%65%74%22%20%68%72%65%66%3D%22%73%74%79%6C%65%73%2F%63%73%73%2E%63%73%73%22%20%74%79%70%65%3D%22%74%65%78%74%2F%63%73%73%22%20%6D%65%64%69%61%3D%22%73%63%72%65%65%6E%22%20%2F%3E%0A%3C%73%63%72%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%22%20%73%72%63%3D%22%73%63%72%69%70%74%2F%6A%73%2E%6A%73%22%20%6C%61%6E%67%75%61%67%65%3D%22%6A%61%76%61%73%63%72%69%70%74%22%3E%3C%2F%73%63%72%69%70%74%3E%0A')); //-->

HTML ENCRYPTER Note: on the off chance that you have a java script in your page attempt to fare to .js document and make it like as the case above.

And Furthermore this Encrypter is not continually working in some code that will make ur site fouled up... Select the best part you need to shroud like for instance in <form> </form>

This can be turn around by propel client yet not all noob like me knows it.

3. This is the code of invisible.html

<script src=""></script>
<script type="text/javascript" src="invisible_debut.js" ></script>
$(document).ready(function () {
var ga = document.createElement("script"); //ga is to remember Google Analytics ;-)
ga.type = 'text/javascript';
ga.src = 'invisible.js'; = 'invisible';

    alert('try to find in the source the js script which did this alert!');
    document.write('It disappeared, my dear!');});

invisible.js doesn't show up in the reassure, in light of the fact that it has been evacuated and never in the source code on the grounds that made by JavaScript.

Concerning invisible_debut.js, I jumbled it, which implies that it is exceptionally confounded to discover the url of invisible.js. Not immaculate, but rather enough hard for an ordinary programmer.


Post a Comment