[Daxda]

Hello there,
does someone know a way to deobfuscate the proxies on the popular website hidemyass?
I'm working on some new decoding patterns for my Proxy scraper and am struggling to find any useful information on how to decode/deobfuscate this specific website.

Any input would be highly appreciated!


*edit: if this is the wrong section to ask for this question feel free to notify me, thought I'd ask it in here because the tool is written in C#

[hellomen]

I guess hidemyass uses php and PHP isn't decode/crack able
and as most site uses the proxy into the PHP to protect it I guess there is no single way that you grab the proxies from the outside...

[Daxda]

What a shame!
Seems like this is one of the few sites I can't create a logic for

[45114564t]

It's pretty easy (but boring).

first create a httpwebrequest specific to request a list of proxy's.
then you'll notice all IP/ports segments are generated/obfuscarated like the following:

Code:

<td><span><style>
.so6d{display:none}
.ehy-{display:inline}
.WHPt{display:none}
.UsLX{display:inline}
.PDtg{display:none}
.Q-C3{display:inline}
</style><span style="display:none">17</span><span class="PDtg">17</span><div style="display:none">17</div><span style="display:none">84</span><div style="display:none">84</div>94<span style="display:none">137</span><span></span>.<span class="so6d">13</span><span></span><span style="display:none">97</span><div style="display:none">97</div><span class="WHPt">157</span><div style="display:none">157</div><span style="display:none">179</span><div style="display:none">179</div><span class="UsLX">202</span><span class="so6d">214</span><span class="UsLX">.</span><span style="display:none">2</span><span class="so6d">2</span><div style="display:none">2</div><span style="display:none">8</span><span style="display:none">122</span><span class="WHPt">122</span><div style="display:none">122</div><span style="display:none">136</span><span class="PDtg">136</span><span></span><span class="31">187</span><span class="70">.</span><span class="so6d">91</span><div style="display:none">91</div><span class="WHPt">94</span><div style="display:none">94</div><span style="display:none">98</span><span class="UsLX">241</span></span></td>    
<td>80</td>

step1, create a blacklist of the classes that are hidden (display:none) in the initial list.

Code:

.so6d{display:none}    <- this one
.ehy-{display:inline}
.WHPt{display:none}    <- this one
.UsLX{display:inline}
.PDtg{display:none}    <- this one
.Q-C3{display:inline}

so blacklist = {so6d, WHPt, PDtg}

now loop through every element:

Code:

<span class="PDtg">17</span>
<span style="display:none">17</span>
<div style="display:none">17</div>

1. contains: display:none? -> don't use number/dot
2. contains blacklisted class? -> don't use number/dot

sometimes there are numbers between the elements, always add those.
I think there were some exceptions but this will solve 90% of them (if you want 100% refresh the page and the obfusceration works in your favour..) You can add additional dots "." after every inserted number, and in the end just trim all exessive dots.

The exersize is mainly string manipulation. (or htmlelements but that could take some time to get use to).

[45114564t]

It's pretty easy (but boring).

first create a httpwebrequest specific to request a list of proxy's.
then you'll notice all IP/ports segments are generated/obfuscarated like the following:

Code:

<td><span><style>
.so6d{display:none}
.ehy-{display:inline}
.WHPt{display:none}
.UsLX{display:inline}
.PDtg{display:none}
.Q-C3{display:inline}
</style><span style="display:none">17</span><span class="PDtg">17</span><div style="display:none">17</div><span style="display:none">84</span><div style="display:none">84</div>94<span style="display:none">137</span><span></span>.<span class="so6d">13</span><span></span><span style="display:none">97</span><div style="display:none">97</div><span class="WHPt">157</span><div style="display:none">157</div><span style="display:none">179</span><div style="display:none">179</div><span class="UsLX">202</span><span class="so6d">214</span><span class="UsLX">.</span><span style="display:none">2</span><span class="so6d">2</span><div style="display:none">2</div><span style="display:none">8</span><span style="display:none">122</span><span class="WHPt">122</span><div style="display:none">122</div><span style="display:none">136</span><span class="PDtg">136</span><span></span><span class="31">187</span><span class="70">.</span><span class="so6d">91</span><div style="display:none">91</div><span class="WHPt">94</span><div style="display:none">94</div><span style="display:none">98</span><span class="UsLX">241</span></span></td>    
<td>80</td>

step1, create a blacklist of the classes that are hidden (display:none) in the initial list.

Code:

.so6d{display:none}    <- this one
.ehy-{display:inline}
.WHPt{display:none}    <- this one
.UsLX{display:inline}
.PDtg{display:none}    <- this one
.Q-C3{display:inline}

so blacklist = {so6d, WHPt, PDtg}

now loop through every element:

Code:

<span class="PDtg">17</span>
<span style="display:none">17</span>
<div style="display:none">17</div>

1. contains: display:none? -> don't use number/dot
2. contains blacklisted class? -> don't use number/dot

sometimes there are numbers between the elements, always add those.
I think there were some exceptions but this will solve 90% of them (if you want 100% refresh the page and the obfusceration works in your favour..) You can add additional dots "." after every inserted number, and in the end just trim all exessive dots.

The exersize is mainly string manipulation. (or htmlelements but that could take some time to get use to).