神刀安全网

Experimental URL Abuse – revisited

Make an encrypted host-free page

There is no need to use your own webhost to serve a webpage. You can use this page to generate special URL that loads the page you create. When you have the URL, save it or share it on social media and forums. You can also encrypt it so that only people with the password can view your page.

Write your page here in HTML (or try a demo):


You can preview your page:

Set a friendly name It will be visible before decryption.

Set a password The longer the better.

Make the encrypted page

Make an unencrypted page

Here are useable urls.

html <a> tag:

forum post:

plain url:

link:

Having very long URLs may not work. 10kB seems to be the limit for reddit. HN is limited to 5kB. Using URL shortning services can work, but they have different limits depending on the provider. The browsers themselfs are fine with 100kB or more.

The contents of you page is compressed using LZString.js and optionally encrypted using mjsCrypt.js, and stored in the hash of a loader URL. The page loader reads the contents of the URL hash and decrypts and expands the page, setting the value of body.outerHTML. Scripts will work as they are compiled and executed after the page is loaded. Cookies and localStorage will not work between pages as they are both wiped clean when the page loads.

The encryption is unproven, and may only act as a deterent. This page and the loading pages are served over HTTP without SSL so do not trust it with actual confidential infomation. This is a toy. I hope you can have fun with it. All source code is freely avaliable in the page source.

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » Experimental URL Abuse – revisited

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址