Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Encrypt mailto email addresses with inline JavaScript

I have the following JavaScript code:

<script type='text/javascript'>
    var v2="xxxxx";
    var v7=unescape("%2%3432jklsjdkls%");
    var v5=v2.length;
    var v1="";
    for(var v4=0;v4<v5;v4++){
        v1+=String.fromCharCode(v2.charCodeAt(v4)^v7.charCodeAt(v4));
    }
    document.write('<a href="javascript:void(0)" onclick="window.location=\'mail\u0074o\u003a'+v1+'?subject='+'\'">'+'test(at)test(dot)com<\/a>');
 </script>

This code is on one line and I have no other possibility than this. Now I have to change the email address, but I need the v2 and v7 which I can't create.

Do you know where this snippet comes from? Do you know another algorithm which is secure (not only taking the ASCI values)? Here the ASCII codes, a XOR catenation and the encrypted value + key are used.

like image 462
testing Avatar asked Feb 08 '12 12:02

testing


2 Answers

I would go about something simpler and equally-effective like this:

<a href="javascript:window.location.href = 'mailto:' + ['john','smith.com'].join('@')">john<!---->@<!---->smith.com</a>

  • mailto: link is obfuscated and unreadable for bots
  • html comments are used as junk so spam bots won't read the text of the link, while are hidden to a user. There can be any type of junk for example a <span> with display: none
like image 58
Zaffy Avatar answered Nov 15 '22 21:11

Zaffy


Here are two external tools mentioned. For both you need to generate your Javascript code first with your email.

JavaScript eMail Encrypter

<!-- Add these lines to <head></head> -->
<script type="text/javascript"> <!--
function UnCryptMailto( s )
{
    var n = 0;
    var r = "";
    for( var i = 0; i < s.length; i++)
    {
        n = s.charCodeAt( i );
        if( n >= 8364 )
        {
            n = 128;
        }
        r += String.fromCharCode( n - 1 );
    }
    return r;
}

function linkTo_UnCryptMailto( s )
{
    location.href=UnCryptMailto( s );
}
// --> </script>

<!-- Use above link to generate your crypted email (example): -->
<a href="javascript:linkTo_UnCryptMailto('nbjmup;uftuAuftu/dpn');">test [at] test [dot] com</a>

ANTI-SPAM EMAIL LINK OBFUSCATOR

<script type="text/javascript" language="javascript">
<!--
// Email obfuscator script 2.1 by Tim Williams, University of Arizona
// Random encryption key feature coded by Andrew Moulden
// This code is freeware provided these four comment lines remain intact
// A wizard to generate this code is at http://www.jottings.com/obfuscator/
{ coded = "[email protected]"
  key = "594NIGdDgELkcwoAbPQirZaYCn1mWhURt0syV7Ojpqf8H3XMFvlezJTS2ux6KB"
  shift=coded.length
  link=""
  for (i=0; i<coded.length; i++) {
    if (key.indexOf(coded.charAt(i))==-1) {
      ltr = coded.charAt(i)
      link += (ltr)
    }
    else {     
      ltr = (key.indexOf(coded.charAt(i))-shift+key.length) % key.length
      link += (key.charAt(ltr))
    }
  }
document.write("<a href='mailto:"+link+"'>Example</a>")
}
//-->
</script><noscript>Sorry, you need Javascript on to email me.</noscript>

This tool was originally conceived and written by Tim Williams of The University of Arizona. The code to randomly generate a different encryption key each time the tool is used was written by Andrew Moulden. Ross Killen of Celtic Productions Ltd has also created a PHP version to enable use of this technique in web applications.

This code is distributed as freeware, provided the authors' credits etc remain exactly as shown.

like image 40
testing Avatar answered Nov 15 '22 23:11

testing