-
Notifications
You must be signed in to change notification settings - Fork 18
Decode Rule
Commit 4ee6eb7
(1.3.5) introduced the decode
option to rules. This is used to bypass base64 encoded click-jacking links such as:
https://www.emjcd.com/links-i/?d=eyJzdXJmZXIiOiIwMDAwMDpWUFNsWVQ3ckF4emwiLCJsYXN0Q2xpY2tOYW1lIjoiTENMSyIsImxhc3RDbGlja1ZhbHVlIjoiY2pvIXhpNTktMDAwMDAiLCJkZXN0aW5hdGlvblVybCI6Imh0dHBzOi8vd3d3LnZ1ZHUuY29tL2NvbnRlbnQvbW92aWVzL2RldGFpbHMvTW9vbmxpZ2h0LVNlYXNvbi0xLzEzMzEyMCIsInNpZCI6IltzdWJpZF92YWx1ZV0iLCJ0eXBlIjoiZGxnIiwicGlkIjo5MDExNjczLCJldmVudElkIjoiMGFjZGE1ZDBmNzNlMTFlYzAyYWM3NDliMGExYzBlMGUiLCJjalNlc3Npb24iOiIyZjBjMGNjYi1lMGVmLTA0YzItYjIzYy02NzNjZjA2MTZlMTYiLCJsb3lhbHR5RXhwaXJhdGlvbiI6MCwicmVkaXJlY3RlZFRvTGl2ZXJhbXAiOmZhbHNlLCJjakNvbnNlbnRFbnVtIjoiTkVWRVJfQVNLRUQifQ%3D%3D
The decoded result for the d
parameter results in the following json object:
{
"surfer": "00000:VPSlYT7rAxzl",
"lastClickName": "LCLK",
"lastClickValue": "cjo!xi59-00000",
"destinationUrl": "https://www.vudu.com/content/movies/details/Moonlight-Season-1/133120",
"sid": "[subid_value]",
"type": "dlg",
"pid": 9011673,
"eventId": "0acda5d0f73e11ec02ac749b0a1c0e0e",
"cjSession": "2f0c0ccb-e0ef-04c2-b23c-673cf0616e16",
"loyaltyExpiration": 0,
"redirectedToLiveramp": false,
"cjConsentEnum": "NEVER_ASKED"
}
Using this information we can create the decode rule:
{ "param": "d", "lookFor": "destinationUrl" }
When applied, tidy-url will attempt to decode, parse and extract the destinationUrl
using the d
parameter. If any part of this process fails the rule will be skipped and an error will be logged to the console (assuming silent is false).
If the decoded result is not a JSON object then the result will be considered a URL, ignoring the lookFor
param.
The URL must be valid for this rule to pass.
Input: https://website.com/tracker?d=aHR0cHM6Ly9naXRodWIuY29tLwQ%3D%3D
Result: https://github.com
If the string was successfully decoded and parsed it will be stored in the response data.info.decoded
, even if the destinationUrl
key was not located. This is helpful for debugging.
The following is a working rule for the link at the top of this page.
const rule = {
name: 'emjcd.com',
match: /^www.emjcd.com/i,
decode: { param: 'd', lookFor: 'destinationUrl' }
};
Questions? Comments? Need help?
Feel free to contact me on Discord: drkain