...

View Full Version : help with analyzing code



chrismccoy
05-07-2007, 01:24 PM
i am link trading with a site that has some javascript that i am unaware what it is doing, so i am trying to find out if he is cheating or not.




<script type="text/javascript">var began_loading = (new Date()).getTime(); function done_loading() { (new Image()).src = '/timer.gif?dual_no&u=' + self.location + '&t=' + (((new Date()).getTime() - began_loading) / 1000); }</script><style type="text/css"> <!-- A.bb {color:#33CCFF} A:hover {color:#33CCFF;text-decoration:underline;} --></style><META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE"><META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE"><TITLE>Butts</TITLE><SCRIPT>
bV=parseInt(navigator.appVersion);
bNS=navigator.appName=="Netscape";
bIE=navigator.appName=="Microsoft Internet Explorer";
function cl(e) {
var li;
if (!e) var e = window.event;
if (e.target){
li = e.target;
if (li.nodeType==3) li = li.parentNode;
}
else if (e.srcElement) li = e.srcElement;
if (li.tagName.toUpperCase() == 'A'){
if (li.href.indexOf('psjout.html') > -1){
if ((bNS && e.which == 3) || (bIE && e.button==2)) window.setTimeout("checkit('"+li.target+"')",3000) ;
else window.setTimeout("checkit('"+li.target+"')",3000) ;
}
}
}
function checkit(ta){
http = createRequestObject();
if (http != null) sndReq(ta);
}
function sndReq(ta) {
http.open('GET', '/checkit.html?t='+ta);
http.onreadystatechange = handleResponse;
http.send(null);
}
function createRequestObject() {
var ro;
if (window.XMLHttpRequest) { try { ro = new XMLHttpRequest(); } catch (e) { ro = null; } } else if (window.ActiveXObject) { try { ro = new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { try { ro = new ActiveXObject("Microsoft.XMLHTTP"); } catch (e) { ro = null; } } }
return ro;
}
function handleResponse() {
if(http.readyState == 4){
var response = http.responseText;
response = response.replace(/^\s*|\s*$/g,"");
var update = new Array();
if(response.indexOf('|' != -1)) {
update = response.split('|');
if (update[0] == 'OK'){
document.subber.target=update[1];
document.subber.action=update[2];
if (update[2].indexOf('?') > -1) document.subber.method='POST'; else document.subber.method='GET';
document.subber.submit();
}
}
}
}
function shorten(s,m){
if (s.length > m) return (s.substring(0,m-2)+'..'); else return s;
}
function midshorten(s,m){
if (s.length > m) return (s.substring(0,m/2)+'..'+s.substring(s.length-m/2)); else return s;
}
function conv(s){
s=s.toLowerCase();
s=s.replace(/ /g,"-");
s=s.replace(/\//g,"-");
return s;
}
document.onmousedown = cl;
if (document.layers) window.captureEvents(Event.MOUSEDOWN);
if (bNS && bV<5) window.onmousedown = cl;
var http = '';

</SCRIPT>


any help is greatful

cyberlogi
05-08-2007, 08:42 AM
okay the first function 'cl' is attached to the mouse clicks of the entire document. If the click was on an anchor tag, this function initiates an AJAX call to "'/checkit.html?t='+ta" where 'ta' is some 'target' value attached to anchor tags in the document. Then the system waits for the AJAX response.

I don't see how this code could be malicious; it seems more likely that they use this code to track anchor clicks.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum