Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New Coder
    Join Date
    Sep 2006
    Posts
    12
    Thanks
    0
    Thanked 0 Times in 0 Posts

    help with analyzing code

    i am link trading with a site that has some javascript that i am unaware what it is doing, so i am trying to find out if he is cheating or not.

    Code:
    <script type="text/javascript">var began_loading = (new Date()).getTime(); function done_loading() { (new Image()).src = '/timer.gif?dual_no&u=' + self.location + '&t=' + (((new Date()).getTime() - began_loading) / 1000); }</script><style type="text/css"> <!-- A.bb {color:#33CCFF} A:hover {color:#33CCFF;text-decoration:underline;} --></style><META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE"><META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE"><TITLE>Butts</TITLE><SCRIPT>
    bV=parseInt(navigator.appVersion);
    bNS=navigator.appName=="Netscape";
    bIE=navigator.appName=="Microsoft Internet Explorer";
    function cl(e) {
    var li;
    if (!e) var e = window.event;
    if (e.target){
    li = e.target;
    if (li.nodeType==3) li = li.parentNode;
    }
    else if (e.srcElement) li = e.srcElement;
    if (li.tagName.toUpperCase() == 'A'){
    if (li.href.indexOf('psjout.html') > -1){
    if ((bNS && e.which == 3) || (bIE && e.button==2)) window.setTimeout("checkit('"+li.target+"')",3000) ;
    else window.setTimeout("checkit('"+li.target+"')",3000) ;
    }
    }
    }
    function checkit(ta){
    http = createRequestObject();
    if (http != null) sndReq(ta);
    }
    function sndReq(ta) {
    http.open('GET', '/checkit.html?t='+ta);
    http.onreadystatechange = handleResponse;
    http.send(null);
    }
    function createRequestObject() {
    var ro;
    if (window.XMLHttpRequest) { try { ro = new XMLHttpRequest(); } catch (e) { ro = null; } } else if (window.ActiveXObject) { try { ro = new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { try { ro = new ActiveXObject("Microsoft.XMLHTTP"); } catch (e) { ro = null; } } } 
    return ro;
    }
    function handleResponse() {
    if(http.readyState == 4){
    var response = http.responseText;
    response = response.replace(/^\s*|\s*$/g,"");
    var update = new Array();
    if(response.indexOf('|' != -1)) {
    update = response.split('|');
    if (update[0] == 'OK'){
    document.subber.target=update[1];
    document.subber.action=update[2];
    if (update[2].indexOf('?') > -1) document.subber.method='POST'; else document.subber.method='GET';
    document.subber.submit();
    }
    }
    }
    }
    function shorten(s,m){
    if (s.length > m) return (s.substring(0,m-2)+'..'); else return s;
    }
    function midshorten(s,m){
    if (s.length > m) return (s.substring(0,m/2)+'..'+s.substring(s.length-m/2)); else return s;
    }
    function conv(s){
    s=s.toLowerCase();
    s=s.replace(/ /g,"-");
    s=s.replace(/\//g,"-");
    return s;
    }
    document.onmousedown = cl;
    if (document.layers) window.captureEvents(Event.MOUSEDOWN);
    if (bNS && bV<5) window.onmousedown = cl;
    var http = '';
    
    </SCRIPT>
    any help is greatful

  • #2
    New Coder
    Join Date
    Apr 2007
    Location
    Silicon Valley California
    Posts
    71
    Thanks
    0
    Thanked 0 Times in 0 Posts
    okay the first function 'cl' is attached to the mouse clicks of the entire document. If the click was on an anchor tag, this function initiates an AJAX call to "'/checkit.html?t='+ta" where 'ta' is some 'target' value attached to anchor tags in the document. Then the system waits for the AJAX response.

    I don't see how this code could be malicious; it seems more likely that they use this code to track anchor clicks.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •