#!/usr/bin/perl -T

use strict;
use warnings;

use CGI;
use JavaScript;
use LWP::Simple;
use HTML::TokeParser::Simple;

if (CGI::param('go')) {
   print CGI::header('text/plain');
   my $javascript = fetch_js(CGI::param('url'));
   parse_js($javascript);
} else {
   print_form();
}

sub parse_js {
   my $javascript = shift;
   my $runtime    = JavaScript::Runtime->new();
   my $context    = $runtime->create_context();

   $context->bind_function(name => 'write', func => sub{ print @_});
   return $context->eval($javascript);
}

sub fetch_js {
   my $html   = LWP::Simple::get(shift);
   my $parser = HTML::TokeParser::Simple->new(\$html);

   my ($token,$js);
   while ($token = $parser->get_token) {
      if ($token->is_start_tag('script')) {
         $js = $parser->get_token->as_is;
         last;
      }
   }
   $js =~ s/document\.write/write/g;
   return $js;
}

sub print_form {
   my $q = CGI->new;
   print $q->header(),
      $q->start_html('See the source of cleverSource encrypted page'),
      $q->start_form,
      $q->textfield('url','http://cleverscripts.com/index.php?a=clever
+source'),
      $q->submit('go'),
      $q->end_form,
      $q->end_html,
   ;
}
[download]

jeffa

L-LL-L--L-LL-L--L-LL-L--
-R--R-RR-R--R-RR-R--R-RR
B--B--B--B--B--B--B--B--
H---H---H---H---H---H---
(the triplet paradiddle with high-hat)

Isn't it a criminal offence under US-law to even try to decode encrypted things?

CountZero

"If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

http://www.oreillynet.com/pub/wlg/1657

Makeshifts last the longest.

What you have there is snake-oil. The script you point to translates the page to Base64 encoding. Base64 is not encryption, no matter what people tell you. Base64 is useful for taking binary data and transfering it via plain ASCII (such as for e-mail attachments). 'Encryption' means that the process is (in theory) not reversable without the associated key. Base64 has no key.

----
I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
-- Schemer

Note: All code is untested, unless otherwise stated

Anyone who wishes to steal HTML-code surely can use the javascript decrypt function which is nicely shown at the beginning of this web-page.

I find this to be a solution looking for a problem. After all, dynamic webpages are made by scripts on the server and output (more or less) pure HTML, so what good is it to steal that HTML-code? It gets dynamically created again (differently) next time. If it is a static page, any half-decent HTML-author can re-write it based on what he sees.

The source-code of course remains on the server and cannot be acessed and you don't need this tool for it.

Hint: to steal the HTML-code of their page: just do a CTRL-A (in IE) and copy/paste to Word and "save as HTML". Voilą instantly stolen (ugly) HTML-code.

CountZero

"If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

Abigail

No, he meant the script that page yammers about, not the page itself. As I noted in other comments, the script is just a Base64 converter.

----
I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
-- Schemer

Note: All code is untested, unless otherwise stated

Nah, its not encryption at all. Just a Base64 converter.

----
I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
-- Schemer

Note: All code is untested, unless otherwise stated