Reverse Engineer And Modify D-Link Binary Firmware File

Some time ago I’ve published an article(post?) about blocking ads using the router,
while it works just fine for non-html files, such as scripts, images and such,
it isn’t so great solution for blocking iframes that shows HTML content,
why?

well..
when the (original firmware) D-Link router software identify a forbidden domain,
it sends out a series of responses, ending with a html page (HTML 1.0 302 redirect -> 200 response page),

while for <script> elements it works perfectly, since it renders an invalid script,
– blocked domain, which shows ads, for example in an iframe in the page (such as eBay),
will still block the original content, but will show an iframe, well… filled with the D-Link’s blocked page msg:

icompile.eladkarako.com_reverse_engineer_dlink_dir655_router_firmware_ads_page_2016-01-20_175855
Continue reading

JavaScript Ninja Fundamentals – Tracking Impressions

➫➬ Some time saver advice, look for jQuery plugins that does few of those sub-tasks, embedded them as-is into your code.. 👌


⋰ Stuff You Want To Know… ⋱   👀

  • have scroll until the widget-container is in the viewport (the part of screen visible).
  • the tab + the window are currently focused.
  • mouse/ touch hover each widget container, each recommendation container, each image, each text description.
  • amount of time of “attention” by mouse hovering above element, or viewport time.
  • repeating /new user, by your 3rd-party cookie (your domain, for example widgets.kyler.com)
  • 👉 new awesome API

Continue reading

Vary: Accept-Encoding

Specify a Vary: Accept-Encoding header

bootstrapcdn-vary-accept-encoding-2

Bugs in some public proxies may lead to compressed versions of your resources being served to users that don’t support compression. Specifying the Vary: Accept-Encoding header instructs the proxy to store both a compressed and uncompressed version of the resource.
Continue reading

JavaScript Ninja Technics – Reverse Engineer Facebook Client-Protection #1 – Console Rewrite-Disable

I located the Facebook’s console buster script using Chrome developer tools. Here is the script with minor changes for readability (some non-crucial parts removed).

Object.defineProperty(window, "console", {
    value: console,
    writable: false,
    configurable: false
});

var i = 0;
function showWarningAndThrow() {
    if (!i) {
        setTimeout(function () {
            console.log("%cWarning message", "font: 2em sans-serif; color: yellow; background-color: red;");
        }, 1);
        i = 1;
    }
    throw "Console is disabled";
}

var l, n = {
        set: function (o) {
            l = o;
        },
        get: function () {
            showWarningAndThrow();
            return l;
        }
    };
Object.defineProperty(console, "_commandLineAPI", n);
Object.defineProperty(console, "__commandLineAPI", n);

With this, the console auto-complete fails silently while statements typed in console will fail to execute (the exception will be logged).

References: