Bypassing Minor Website Security

by Galahad  (galahad@galahadhq.com)

This article describes several tricks some websites use to protect their content, limit the number of times you use their services, and even spy/collect information on you.

It also describes methods to bypass this sort of mild security.  Keep in mind that this article is for educational use only.  The sites that apply these methods of security may do so in an effort to protect their copyrighted content.  It is every artist's right to give out his work for a price, and you must respect that.  I do not endorse stealing (though in this case the crime is cheating at worst).

This is only for you to learn of these tricks, how to bypass them, and how to use them for your own website, so that we can crack them, hehe.

In this article I'll be using Windows 98 SE and Internet Explorer 6.

If you use another operating system or browser, find the settings equivalent to those described on your browser or OS.  I'd like to mention that this article is written for beginners, and I am quite sure that most of the methods described are already known to, and maybe used by, the more advanced.  But then again, I might surprise you.

Let me also mention that any websites mentioned here are merely used as examples.  I do not mean to harass these sites.  I only included them because they bear good examples of the "tricks" I describe.

Right-Click Suppression

Problem:  Ah yes, good old right-click suppression.  This is the method to "protect" the site's viewable content from being saved to disk through disabling the right click of the mouse.  This is also the most annoying and the easiest to bypass.  The sites that use this are usually quite amateurish (have you ever noticed that no professional website has right-click suppression?) and it can be very annoying for the user of the website.

Solution:  What we want to do here is save the text, the images, and the video that is on the website onto disk.  How do you do that?  Simple.  Just view the website.  Now it's on your hard disk.  "How?" you may ask.  Well, what the webmasters that use right-click suppression don't realize is that when you view text or image or video on their site, it's downloaded into your Temporary Internet Files folder automatically.  So the files they try so desperately to protect are already on your computer.  So the only problem is how to get to the files on your computer.  I'll explain how, and I'll also describe a few alternative methods to do this.

Method A:  View the website.  Once the whole page has been downloaded, go View -> Source.  This should open up your Notepad/WordPad.  Now, what we need to find is the name of the file we want.  Look for text nearest to the picture in question.

For instance: "This is a picture of a full moon" is shown on the page right next to the picture on the page.  So in the source code of the document (View -> Source) search for "This is a picture of a full moon".  Now, if the picture came in after the text, then look for the picture name after this text.

An example of what the picture will look like is:

<IMG SRC="abcd.gif" WIDTH="620" HEIGHT ="200">

Where abcd.gif is the name of the picture you're after.

Now open your Windows Explorer, go to the Windows folder, then to the Temporary Internet Files folder.  Search for: abcd

Note that I didn't include the file extension: .gif

There is a reason for that.  When the search finishes, you should see something like: abcd[1].gif

That's the file.  If there are multiple results, they will look like: abcd[1].gif and abcd[2].gif

This means that there was another image named abcd.gif on another site.  Open them both to see which one is the one you're after.  Once you find it, copy it to a folder you want, and there you go.

The next method is a simpler way to do the above:

Method B:  Open the web page you want.  Go File -> Save As and save it somewhere on your computer.  We'll name the file: Gamestation

Now, go to that file on your computer.  In the same folder that contains Gamestation.htm there should be a folder named: Gamestation_file

Open that folder.  It contains all the pictures contained on that sites.

The next method is a more complex version of the above, that involves removing the JavaScript code that causes this right-click suppression from the file saved locally.  You'll need a HTML editor program, though you can simply open the .htm file from Notepad.

Method C:  Open the saved Gamestation.htm through your HTML editor or Notepad/WordPad.  Near the beginning of the source code, somewhere in between the <HEAD> and the </HEAD> tags, there should be some code in between a <SCRIPT> and a </SCRIPT> tag.

It should look like the following:

<SCRIPT language=JavaScript1.1>
<!-- Begin function right(e) {
  if (navigator.appName == 'Netscape' && (e.which == 3 || e.white == 2))
    return false;
  else if (navigator.appName == 'Microsoft Internet Explorer' && (event.button == 2 || event.button == 3)) {
    alert ("Right click has been disabled. Please don't steal.");
    return false;
  }
return true;
}
document.onmousedown=right;
if (document.layers) window.captureEvents(Event.MOUSEDOWN);
  window. onmousedown=right;
// End -->
</SCRIPT>

Found it?

Delete that piece of code.  Now save the file, and open it from your web browser.  You should find that there is no more right-click suppression.

Cookie Protection

Problem:  Some sites offer services for free, but only for a few times a day.  For instance, gamewallpapers.com contains downloadable wallpapers of various games.  You can download two or three and then you get a message: "Daily Wallpaper Limit Reached."  To view more wallpapers, you have to pay an amount of money or wait for the next day to see a few more.

Solution:  In this case, the site places a cookie on your system.  Whenever you visit the site, it will view that cookie, and see how many, if any, wallpapers you have seen that day.  What we have to do is block the site from opening the cookie.  There are two ways to do this.

The first will allow you to view as many wallpapers as you like.

The second is in case the first doesn't work, and you'll have to repeat the process every time you view three wallpapers.

Method A:  Open Internet Explorer.  Go Tools -> Internet Options.  On the window that will pop up, click on the Security tab.  Near the bottom of the window, there should be a Custom Level button.  Click on it.

In the new window that will pop up, scroll down until you see Cookies.  Under Cookies there are two sub-titles: Allow cookies that are stored on your computer and Allow per-session cookies (not stored).

Each of these two has three selections: Disable, Enable, and Prompt.  Select Disable for both of them.  Click O.K. and Yes on the message that will pop up.

Note that from this screen you can click Default Level to restore your settings as they were before if you have any problems.  Now click Apply and click O.K..  Close your browser, reopen it, and go to the page with the limitations, in our case gamewallpapers.com.  Presto!  Unlimited access to the content!

What?  It didn't work?  When you go to the page it says: "Your web browser uses an HTTP proxy that filters out cookies" or something similar?  Oh well.  Guess we'll have to try the other method:

Method B:  Open your Windows Explorer.  Go to the OS directory (Windows in my case), then to the Cookies directory (or wherever your computer stores your cookies).  Now, look for (manually or by searching) a cookie that contains the address of the site in question.  In my case it's gamewallpapers.com.  (Note:  There may be more than one.  If so, select them all.)

Found it?  Now delete the little bugger!  Next, open Internet Explorer.  Go to Tools -> Internet Options.  From here look for Temporary Internet Files.  In this area click the Delete Files... button, make sure there's a check mark in the box next to Delete all offline content, and click O.K.  When it's done deleting, click Apply and click O.K..  Then open the website and get the files.  The thing is, once you hit the limit again, you'll have to repeat the entire process.  Better hope the files are worth the trouble...

Web Bugs

Problem:  A web bug is a small graphic on a web page or in an e-mail message designed to monitor who is reading the page or message.  Web bugs are usually GIF images, 1-by-1 pixels in size, so are most probably virtually invisible.  They are usually placed on Web pages by third-parties interested in collecting data about visitors to those pages.

Solution:  You can't exactly remove a web bug from a website.  And even if you downloaded the whole site and removed the web bugs from the source code of the local file, you would still need to actually find the web bug, and that's not easy.  In the source code of the page in question, you should look for tags in the code that start with IMG SRC, for instance:

<IMG SRC="images/bug.gif">

The size of the image should be 1-by-1 pixel (WIDTH="1" HEIGHT="1"), and the location of the image will usually be on another website:

<IMG SRC="http://ad.doubleclick.net/images/bug.gif">

A much easier way to find web bugs is using an Internet Explorer add-on called "Bugnosis," which can be downloaded from www.bugnosis.org, where you can also find more detailed documentation on web bugs.

The Bugnosis add-on locates the web bugs in a web page you're viewing and replaces it with an image you select.  This way you can make the web bugs appear, though this won't halt their activity.  To block web bugs you must use an advertisement blocker (a few good ones are recommended at the Bugnosis site).
Return to $2600 Index