I am doing research on a subject. The sites which are developed in javascript for eg. https://hp.taleo.net/careersection/2/jobsearch.ftl# . If we click on the paging, the URL doesn't change and yet the contents of the page are changed. Whether there are some variables which are getting submitted and if yes then what are these variables. What would one have to do if one wants the actual hard link the next page for this site or the similar sites. Thanks in advance.
There are no hard URLs... The site is loading it dynamically through ajax.
Inspect the website using Firefox or Chrome/Safari Dev Tools. Open the network tab and submit the form.
Network Tab
As you can see, it's posting the data to that page. Do some investigation and see what you come up with.
You can also try turning off javascript and seeing if it falls back to hard urls.
Related
I searched in SO first, and found this question. How to click a link that has javascript:__doPostBack in href? but it gives the answer in python only.
What I need is, when go through a website, some pages (2,3,4, etc) with links like below:
javascript:__doPostBack('AspNetPager1','2')
javascript:__doPostBack('AspNetPager1','3')
javascript:__doPostBack('AspNetPager1','4')
If I click it, and it will display the next page, but the real url isn't displayed in browser.
So my questions is, how can I convert the javascript link into traceable real url and feed to wget/curl/lynx?
My purpose is to use the tools (wget/curl/lynx) to download these pages one by one by scripting. But because of these javascript:__doPostBack, I can't find a good way to do it.
You can't really do it analytically. __doPostBack could be arbitrarily complex.
What you should do instead is install Firebug (assuming you are using Firefox), activate the Network tab, press "Persist", and then click that button. The Network tab will show you the actual network traffic, and you can deduce the real URLs from that. In fact, you can just right-click on the particular network request that interests you and select "Copy as cURL" and it will put the curl instructions -- complete with things like cookies and headers -- in your paste buffer.
There is a similar function built-in to Chrome.
This might be a silly question which I'll delete if I realise, so if you are reading this then I didn't yet figure it out.
I have some software which is online (addressable) and available but it's a bit of a secret, so instead of just hitting my software when you come to my domain, you are shown a blog that I wrote and hidden within that blog is a link ;)
All well and good.
Now the problem is that users of my software always post screenshots which gives my 1/2 secret URL away. EEEEK yep! So I wanted to have the url be just the plain old normal domain, so as not to make things too easy for them hacky types :p
I have full control over everything here. Clientside / Server / Everything. Initially you hit some jsp and then the GWT app (inside of Tomcat) - you have to provide login details in the GWT app. So I have plenty of places to do this URL hiding / faking but any ideas to help would be great.
...and yes I'm posting this (perhaps isn't too dumb)!
Many thanks in advance.
You can use the javascript history.pushState() here
history.pushState({},"Some title here","/")
For example, on http://yourwebsite.com/secretlink.html, after the JS runs, the URL bar will show http://yourwebsite.com/ without having refreshed the page1. Note that if the user refreshes the page they will be taken to http://yourwebsite.com/ and not back to the secret link.
You can also do something like history.pushState({},"Some title here","/hidden.jsp"), so that if the user refreshes the page you can show them an error page that tells them to find the secret link and open it again.
1. If you pushState() some other domain than your own, a refresh will happen so this cannot be abused to phish sites
Include the inner page as an iFrame
I am doing work for a client and I am beating my head against the wall trying to figure out what is happening on this site. First, he uses godaddy as his host and uses their express email marketing. One of the campaigns he was sending out had a wrong url in it. So that was easy enough to fix once I got logged in. Now, on the email that is sent out there is a link that says "To view this message as a printable PDF document, Click here." and it opens it up in the browser. NOW, I've tried finding the file it opens to change it with no luck. I've tried changing the html file in the directory it points to, but that does nothing and doesn't update the page. Any test page I create and try and open in a browser keeps the url but pulls in a different page (one in particular).
SO, as I've mentioned, in the email version of this, I've gotten it to work, just not in the browser version because I have no idea where it's pulling from or what is overwriting it.
Here is the link
http://nationalproduct.com/emailcampaigns/racing_stepmats/
At the bottom of this page there is a "Printable Version" button. This button should point to here:
/racing_stepmats/pdf/stepmats_racing.pdf#zoom=70
But instead points to here:
/regular_stepmats/pdf/stepmats_regular.pdf#zoom=70
I've also looked at the .htaccess file and there's only one line on there rewrite engine on so there's nothing in the .htaccess that's automatically loading or redirecting that I can see. Any wrong url that a user puts in doesn't go to a page not found, it just keeps what's been typed in the url bar but loads the racing rv mat page. ?:O
I've tried changing it in chrome and firefox in the developer tools and I know how to change the link to be correct, but I have no way of saving it from google or firefox to overwrite, that I know of at least. Any help on this would be greatly appreciated! Thanks in advance!
you just have to edit this part of the source of the page
<area shape="rect"
_mce_shape="rect"
coords="281,787,406,837"
_mce_coords="281,787,406,837"
href="http://nationalproduct.com/emailcampaigns/regular_stepmats/pdf/stepmats_regular.pdf#zoom=70"
_mce_href="http://nationalproduct.com/emailcampaigns/regular_stepmats/pdf/stepmats_regular.pdf#zoom=70">
replacing the wrong URL with the correct one
The owner has 15 different domains and was hosting this site, and all of it's content, in a subfolder. It was on the backend of godaddy where I found all the domains and where they were being hosted. Normally this would have been easier to find but there were hundreds of files and folders on the backend. Thanks for the pointers though ;) Fixed
I intend to create a simple chrome extension (for personal use) that simply detects when the user opens a new tab and redirects him to a certain website. The redirection url can be set in the source code, there is no need for some kind of form to submit it (since this will be, like I said, mostly just used by me and I can change that value easily in the code).
The problem is I don't know where to start from or how to start. Can anyone point me in the right direction? I've read google's "Getting started: Building a chrome extension" by the way.
Thanks a lot!
I wrote an extension sometime ago and published it to the chrome webstore https://chrome.google.com/webstore/detail/instructables-default-all/oeeoefddkogaamghjjoelcgmellpacid?hl=en the source code is available here http://code.nishantarora.in/instructables-default-all-steps-chrome-extension/src
The purpose of this extension is to redirect a user opening an instructable on instructables.com should be shown the url appended with ?ALLSTEPS to load the all steps page for that particular instructable. The code is pretty easy to understand.
I was wondering if there was a way to prevent a user from saving/downloading a web page? Specifically, I mean not letting them have access to the data displayed through my web application on their own machine?
I've heard that this is not possible since the browser must have access to the source code/data, but at the same time, I've noticed that if I to my gmail account, open an email, save the page, but when I try to open that page on my computer, it doesn't work. Furthermore, if I click "view source", I can see that even the source does not display the entire email message, even though the email is opened in my browser.
How it's possible for gmail to prevent me from seeing that email data?
Thats what called rendering pages using dynamic data without refreshing page (AJAX). The entire page source code is not downloaded in one go and components within the page request data asynchronously to display content. Try googling it and you will find more information.
In View source you can only see the HTML, CSS, JavaScript codes. No one can copy any dynamic code (PHP) from view source.
You can't stop anyone to see your html,css code in browser, as we are having view source option.
Maximum what you can do is disable right click on your page. Thant can be done through JavaScript.