How to see locked HTML code, how to bypass social content lockers and other website info gathering countermeasures
Is it possible to protect the HTML code of a web page?
How to view the source HTML code of a web page if the right mouse button and CTRL+u are locked
If the right mouse button does not work, then just press CTRL+u. I came across a site where CTRL+u also refused to work:
Another option is to find the option “Show source code” in the browser menu. In Firefox, this option is there, but personally it always takes me a lot of time to find it))) In Chrome, I can't find this option at all in the browser menu, so remember the line
If this line is added before any address of the site and all this is inserted into the tab of a web browser, the source code of this page will be opened.
For example, I want to see the HTML of the https://suip.biz/?act=view-source page, then I insert the line view-source:https://suip.biz/?act=view-source in the tab web browser and get the source code in it.
By the way, if it’s hard for you to remember the view-source, then here’s the appropriate service: https://suip.biz/?act=view-source (don’t laugh at its “complexity” - none can remember everything in life, and sometimes it’s really easier to open such page and use it to get the string you need to view the source code).
To do this, press F12, then in the developer tools, go to the Sources tab and click there F8:
Now the CTRL+u key combination will work on the site page, as if it has never been disabled.
Bypassing social content lockers
The social content lockers looks like this:
The point is the following, to view the content, you need to ‘like’ this article on the social network.
“Under the hood” there is everything (usually) like this: “hidden” text is already present in the HTML page, but is hidden with the style property style="display: none;". Therefore, it is enough:
- open the HTML page protected by social content lockers
- find all occurrences style="display: none;" - usually they are not very many.
An example of “hacking” a social content lockers:
<p style="text-align: center;"> <div class="onp-locker-call" style="display: none;" data-lock-id="onpLock251327"> <p><a href="https://bit.ly/2qjwSYc" rel="nofollow">Mirror Link</a></p> </div> </p>
But every time it’s not very convenient to climb into the source code, and I … made an online service that itself retrieves data hidden by social blockers for you, its address: https://suip.biz/?act=social-locker-cracker
It is able to bypass four social content lockers and got a “heuristic” analysis – it turns on if no result found, then it displays the contents of all blocks with style="display: none;".
By the way, if you come across pages that this service cannot bypass – just write a link to the problem page in the comments – I will add the appropriate ‘handler’.
The site that I show in the screenshots seems to spread counterfeit software. I looked at the links with the help of the cracker of social content lockers – it turned out that all the hidden links are absolutely non-bonded: they lead to the demo version of the programs or to the official website. In some articles there are no links at all. I was interested in such “marketing” and I decided to search other sites of the same author.
Search for fake pirate sites
On the “Checking if the site uses CloudFlare” service, we check:
This site is behind CloudFlare – Ha ha, classic!
We look at the history of the IP domain on securitytrails: https://securitytrails.com/domain/macwinsofts.com/history/a
We see there:
- Cloudflare, Inc. - these are today's IP addresses
- GoDaddy.com, LLC - auction, domain parking and the like
- Contabo GmbH - quite possible real hosting where this site is located
So, it is likely that the IP of this site is 22.214.171.124. At present, there is no information on the associated sites on the securitytrails for this IP.
Therefore, we go to the “List of sites on one IP” service, enter 126.96.36.199 as source data and get there:
All sites have a similar modus operandi, everywhere there is a social content locker, everywhere instead of a pirate links there are links to the demo version, links to official sites, or there is simply nothing under the locked content.
Site IP Verification with cURL
For IP verification, I usually use the following command:
curl -v 188.8.131.52 -H 'Host: SITE_ADDRESS'
curl -v 184.108.40.206 -H 'Host: macwinsofts.com'
Or so, if you need to check the site on the HTTPS protocol:
curl -v https://220.127.116.11 -H 'Host: macwinsofts.com'
But server 18.104.22.168 is configured so that absolutely any host, even if you write “dfkgjdfgdfgfd” there, it redirects to the address with HTTPS, that is, to “https://dfkgjdfgdfgfd”. And the server itself does not accept requests via HTTPS at all – the web server is not configured to process them and port 443 is not even open.
In principle, it can be proved indirectly that this server is configured to process the macwinsofts.com host, for example, this request almost instantly causes an error 503:
curl -v 22.214.171.124/wp-content/uploads/2018/10/ReiBoot-Crack-Mw.png -H 'Host: fake.com'
But this request, although it will also cause an error 503, but will force the server ‘to think’ for a long time:
curl -v 126.96.36.199/wp-content/uploads/2018/10/ReiBoot-Crack-Mw.png -H 'Host: macwinsofts.com'
Apparently, there, due to the peculiarities of the settings, endless redirects occur and in the end the connection is reset on timeout.
This method allows including brute-force files and folders:
curl -v 188.8.131.52/.htaccess -H 'Host: macwinsofts.com'
And quite an interesting result is such a query:
curl -v 184.108.40.206/wp-content/uploads/2018/10/ReiBoot-Crack-Mw.png -H 'Host: ya.com'
What is the meaning of these sites? Some of them have .exe files for download – perhaps viruses or some dubious monetization. Although I checked on virustotal – like, the file is not malicious. Those sites that do not have executable files for download, apparently waiting for the growth of traffic, to then begin to distribute this executable file.
Perhaps the owner expects an increase traffic to enable monetization or to spread viruses.
- Open source research with OSRFramework (search by mail, nickname, domain) (73.1%)
- badKarma: Advanced Network Reconnaissance Assistant (59.4%)
- TIDoS-Framework: Web Application Information Gathering and Manual Scanning Platform (59.4%)
- Online Kali Linux programs (FREE) (58.4%)
- How to find out all sites at an IP (57.8%)
- sqlmap usage guide. Part 1: Basic web-site checks (GET) (RANDOM - 7.1%)