HTML Obfuscation with "custom" key

byartic6 -
0

I have seen websites that allow you to encode HTML so the browser can still read it but you can make it unreadable in the source code, an example of this is a website like this, which is a quiz website but the answers are in the code:



However if you try to peek at the source code you will notice is not in human readable format meaning the answers cannot be extracted from the code as below:


This syntax is very simple to enable obfuscation the command looks like this:

.\Obfuscate-Html.ps1 -FilePath "VisualReport.html" -CustomKey "SkeletorRulez"

The script for this is below, however remember that its always best to keep a copy of the original HTML for future editing.

Script : Obfuscate-Html.ps1

# HTML Obfuscation Script with Custom Key
param (
    [Parameter(Mandatory=$true)]
    [string]$FilePath,
    [Parameter(Mandatory=$true)]
    [string]$CustomKey
)

$ErrorActionPreference = 'Stop'

# Read the input file
$content = Get-Content -Path $FilePath -Raw

# Convert content and key to byte arrays
$contentBytes = [System.Text.Encoding]::UTF8.GetBytes($content)
$keyBytes = [System.Text.Encoding]::UTF8.GetBytes($CustomKey)

# Apply XOR cipher with key
for ($i = 0; $i -lt $contentBytes.Length; $i++) {
    $contentBytes[$i] = $contentBytes[$i] -bxor $keyBytes[$i % $keyBytes.Length]
}

# Convert to Base64 after encryption
$encrypted = [Convert]::ToBase64String($contentBytes)

# Create the output HTML with decryption function
$output = @"
<!DOCTYPE html>
<html>
<head>
<script>
(function() {
    function decrypt(encryptedContent) {
        // Convert Base64 to byte array
        const encrypted = atob(encryptedContent);
        const bytes = new Uint8Array(encrypted.length);
        for (let i = 0; i < encrypted.length; i++) {
            bytes[i] = encrypted.charCodeAt(i);
        }
        
        // Create key byte array (generated differently in browser)
        const keyBytes = new Uint8Array([
            $(($keyBytes | ForEach-Object { $_ }) -join ',')
        ]);
        
        // Apply XOR decryption
        for (let i = 0; i < bytes.length; i++) {
            bytes[i] = bytes[i] ^ keyBytes[i % keyBytes.length];
        }
        
        // Convert back to text
        return new TextDecoder().decode(bytes);
    }
    
    // Get and decrypt content
    const decrypted = decrypt('$encrypted');
    document.write(decrypted);
})();
</script>
</head>
<body>
</body>
</html>
"@

# Save the file
$outputPath = $FilePath -replace '\.html$', '.obfuscated.html'
Set-Content -Path $outputPath -Value $output -Force
Write-Host "Saved to: $outputPath"
Tags
Previous Post Next Post

نموذج الاتصال