First things first, I’m cheap! 🙂 I can’t afford to buy a static IP for my domain and I can’t afford those fancy certificates… So no SSL/HTTPS for me.
What I’m trying to accomplish here is to roll-out my own “HTTP encryption”. Here’s what I have accomplished so far:
- Modified an existing proxy script (Glype/PHProxy) to “encrypt” (base64 for now) the echo output. (I’m wrapping the entire content in a body element, btw)
- Written a GreaseMonkey script to “decrypt” the encrypted output.
The thing works on simple websites. But when I’m loading complex websites (like a browser game), the javascripts are broken (btw, the script can render the game perfectly when I turned off my encryption).
Upon inspection via FireBug, I’ve noticed that the contents of the head element is being placed in the body element. This doesn’t always happen so I suspected that the PHP is throwing malformed output, but I decoded the base64 using an offline tool and the HTML looks okay.
Here’s a sample output from the PHP:
<html><body>PGh0bWw+DQo8aGVhZD4NCjx0aXRsZT5IZWxsbzwvdGl0bGU+DQo8L2hlYWQ+DQo8Ym9keT4NCjxoMT5IZWxsbyBXb3JsZDwvaDE+DQo8L2JvZHk+DQo8L2h0bWw+</body></html>
Here’s the decoded HTML from Firebug (after being processed by the GM script):
<html>
<head>
<title>Hello</title>
</head>
<body>
<h1>Hello World</h1>
</body>
</html>
Here’s my GM script to decode the PHP output:
function utf8_decode (str_data) {
var tmp_arr = [],
i = 0,
ac = 0,
c1 = 0,
c2 = 0,
c3 = 0;
str_data += '';
while (i < str_data.length) {
c1 = str_data.charCodeAt(i);
if (c1 < 128) {
tmp_arr[ac++] = String.fromCharCode(c1);
i++;
} else if (c1 > 191 && c1 < 224) {
c2 = str_data.charCodeAt(i + 1);
tmp_arr[ac++] = String.fromCharCode(((c1 & 31) << 6) | (c2 & 63));
i += 2;
} else {
c2 = str_data.charCodeAt(i + 1);
c3 = str_data.charCodeAt(i + 2);
tmp_arr[ac++] = String.fromCharCode(((c1 & 15) << 12) | ((c2 & 63) << 6) | (c3 & 63));
i += 3;
}
}
return tmp_arr.join('');
}
function base64_decode (data) {
var b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
var o1, o2, o3, h1, h2, h3, h4, bits, i = 0,
ac = 0,
dec = "",
tmp_arr = [];
if (!data) {
return data;
}
data += '';
do { // unpack four hexets into three octets using index points in b64
h1 = b64.indexOf(data.charAt(i++));
h2 = b64.indexOf(data.charAt(i++));
h3 = b64.indexOf(data.charAt(i++));
h4 = b64.indexOf(data.charAt(i++));
bits = h1 << 18 | h2 << 12 | h3 << 6 | h4;
o1 = bits >> 16 & 0xff;
o2 = bits >> 8 & 0xff;
o3 = bits & 0xff;
if (h3 == 64) {
tmp_arr[ac++] = String.fromCharCode(o1);
} else if (h4 == 64) {
tmp_arr[ac++] = String.fromCharCode(o1, o2);
} else {
tmp_arr[ac++] = String.fromCharCode(o1, o2, o3);
}
} while (i < data.length);
dec = tmp_arr.join('');
dec = utf8_decode(dec);
return dec;
}
document.documentElement.innerHTML = base64_decode(document.body.innerHTML);
I think the problem is I’m assigning the decoded HTML to document.documentElement.innerHTML, and by doing so it’s putting the entire thing inside the body element?
So the question is, what is the correct way to recreate a HTML document from a string?
Since you are just base 64 encoding, and as @Battle_707 has said the issue is with dom events, why don’t you send a page that redirects to a data url. This way the browser should fire all the right events.
But seriously, just get a certificate and get on dyndns.com, base 64 buys you no extra security
Edit
Since you mentioned moving to AES, if you can find a JS AES implementation you could use my suggestion here and construct the data URL client side and redirect to that.