How to invoke js without displaying the code

views:

216

answers:

How to invoke js without displaying the code

Hello,

I was wondering, I want to plant a JS tracking code (analytics) in a few websites to track their traffic. But I don't want that when viewing the site's source code people will be able to see that I've embedded the JS tracking code there.

Is it possible? Maybe by using an Apache/PHP trick?

Thanks,

Roy.

+7 A:

Nope it's not possible, for the browser to execute any code at least some of it must be initially visible, even if that code is to then retrieve the tracking code itself.

In addition all the modern web developer tools provide access to any code that is loaded so anyone can use those to see anything you've attempted to load discretely.

The more important question is why you want to hide that you're tracking people?

olliej 2009-04-27 07:24:25

I'm trying to detect a relation between websites. One of the easiest ways to do that is by:- Checking duplication in content- Comparing IP/Subnet- Checking the site's code for similarities- Checking the site's content for suspicious behavior like links pointing to similar websites, same banners, same authors and more...Although some websites analyize the log files for traffic, most websites networks use a central tool with JS/GIF invocation code.I wanted to make sure there isn't a way to hide the code.

Roy Peleg 2009-04-27 07:30:39

+1 A:

It's not possible, but you could just name your script file something innocent like "mouseover.js".

Greg 2009-04-27 07:26:25

Or 'accessibility.js' ;)

thomasrutter 2009-04-27 07:31:35

Or "plzdontseethis.js" !! ;-)

Cerebrus 2009-04-27 07:45:15

herebedragons.js

Schnalle 2009-04-27 07:54:47

...or jquery.pack.js.

Deniz Dogan 2009-04-27 08:30:17

It's not possible: JS code has to be run by the web browser, which means that -- which ever way you try put it -- it has to be readable by the browser and thus by anyone that inspects the page.

You could try obfuscating the JS, but that won't stop anyone that is determined to see what's happening.

You could ask yourself what the odds are that more than a few people will check whether you're tracking them -- I wouldn't expect it.

Lennaert 2009-04-27 07:26:43

+2 A:

It's not absolutely possible with Javascript. Javascript always runs in the context of the user's browser, so it always means that the user will have access to see the script. You can obfuscate it, or try some tricks similar to anti-hotlinking on the JS code, but it will still be relatively easy for someone to figure out what the code does with a simple tool like Firebug.

You can, however, track your traffic without JavaScript. Analytics uses JavaScript for portability, and because some of the data it accesses can only be accessed with JavaScript. However, there are more passive ways of tracking your traffic which don't require JavaScript, such as any log analyzer like AWstats. You just don't get some of the cool features of Analytics.

thomasrutter 2009-04-27 07:26:49

You can't technically hide the code... But you can scramble it so it's not readable to anybody. I used http://hivelogic.com/enkoder/form by Dan Benjamin to scrable some JS on my page (in this case I scrambled my email address). It scrambles it so the browser can execute it, but it's not humanly readable...

Then you can just call it as a function like I did in from this script http://www.jamischarles.com/css_js/email_encoder.js. Give it a try.

Jamis Charles 2009-04-27 15:03:09

ansaurus

tags:

views:

answers:

How to invoke js without displaying the code

related questions