Archive for the ‘General’ Category

All-In-One HTML + Javascript + CSS Formatter

Thursday, January 29th, 2009

I do a lot of pen testing on web applications. From time to time, I have to analyze and understand how the web page code works. However, my task becomes complicated as web applications typically use some sort of source code compression. This makes it very hard to understand the code and hampers the readability to a large extent.

A web page is composed of three major content types, namely HTML content, Javascript Code and CSS styling code. I felt the need of a tool that could beautify or format the entire web page source code. I use Burp Suite, my favorite web proxy tool. However, it does not have source code formatting feature, it just colors the web page by choosing different colors for html tag names, html attribute values, javascript, css, etc.

I looked on the internet for free alternatives, but I could not find free tools that could format the entire web page. Most of them could only format either one of HTML or Javascript or CSS. So, I decided to write a perl script myself. I used the libraries HTML::Tidy by Dave Raggett and Javascript::Beautifier by Einars Lielmanis. And I have written my own CSS formatting code.

Example of HTML Formatting

Example of CSS Formatting

Example of Javascript Formatting


In addition, I have done one more improvement by formatting the javascript code in html event handlers. I picked the comprehensive event handlers list from XSS Attacks Book by RSnake, Jeremiah, Pdp, Anton Rager and Seth Fogie. Another excellent book to have on your shelf.

Example of Event Handler Code Formatting (see the onload and onclick event handlers)


And finally the …

Inferno’s All-In-One HTML + Javascript + CSS Formatter
Paste your Source Code below

I would advise trying any of the search engines’ source code like google, yahoo, etc. Their code is highly compressed. If you have any problem using the text box above, try using this Link.

Plans for future additions include
* Add custom event handlers and variables (e.g. expr variable in Samy Worm Code)
* Javascript Deobfuscation
* More configuration Options
* Burp Proxy Plugin

Please provide your valuable suggestions to improve this tool. This tool is completely free for your use.

Share:
[del.icio.us] [Digg] [Facebook] [Google] [LinkedIn] [Reddit] [StumbleUpon] [Technorati] [Twitter] [Yahoo!] More »

Tags: , , , , ,
Posted in General, Solutions, Tools | 2 Comments »

Welcome to Inferno’s Blog !!

Friday, January 23rd, 2009

Hello Everyone,

I am “Inferno” from California, United States. I have just started my blog this week. It will be all about my research and knowledge in the application security area, especially concentrating on web application security.

I am deeply inspired by works of Security Researchers – Robert “RSnake” Hansen and Jeremiah Grossman, and follow their blogs closely, just like most people in the web app security space :) .

My Email Address is Inferno {at} SecureThoughts.com

Share:
[del.icio.us] [Digg] [Facebook] [Google] [LinkedIn] [Reddit] [StumbleUpon] [Technorati] [Twitter] [Yahoo!] More »

Posted in General | No Comments »