[lug] unescaping url encoded document

[Zan Lynx]

On 11/6/09 1:21 PM, Kenneth D Weinert wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> This is sort of amusing. I got a scam email telling me that the IRS was
> going to give me a refund of $773.00 and all I had to do was fill in the
> form and send it off.
>
> I clicked on it just to see where they were really sending it and did a
> "View Source" in my browser.  Here are the first 4 lines (4th line
> truncated):
>
> <Script Language='Javascript'>
> <!-- HTML Encryption provided by IRS -->
> <!--
> document.write(unescape('%3C%21%44%4F%43%54%59%50%45%20%48%54%4D%4C%20%50
>
>
> It displays fine, but I'm just curious what the submit button does and
> wondered if anyone had an easy shortcut to translate the URL Encoding
> into plain text outside of a browser.
>
> An interesting variation, at least one I hadn't seen before.

Sometimes it is a simple expansion. Other times it expands into more 
Javascript, and the only easy way to find the output is to actually run it.

There is a Perl module that wraps SpiderMonkey, the Mozilla/Firefox 
Javascript interpreter. SpiderMonkey can be used to decode these with 
some extra effort.

-- 
Zan Lynx
zlynx at acm.org

"Knowledge is Power.  Power Corrupts.  Study Hard.  Be Evil."