Skip to main content

Bypassing free online article limits

I was looking around for information on Brotli compression, and came across an article behind protection (login or membership required). Information behind these paywalls is more and more common, as companies are using these in order to maintain their revenue in an digital era. Myself, like other people, do not want to login or create an account to view this content (it is also likely found on another site) - so I poked around to see if the information was accessible without logging in.

Keeping this investigation confidential, I will not be mentioning the website in question or post any screenshots what I found. The flaw has also been reported to the company to ensure they can fix their security hole.

How I bypassed the paywall

In articles that implement a paywall, there is typically the beginning of the online article that is visible, only for a short while. At the end of the readable article, the text fades out to white, abruptly ends, or is ended by a Sign In/Register to view the whole article button. 

Now, having experience with web development, I know a thing or two about websites - mainly that what you see might not entirely be the whole story. Poorly or rushed websites might look polished, but are very brittle when you start pulling the covers.

Brittle website representation (credits to http://www.mkaugaming.com)
What your brittle website's architecture can look like

The screenshot is from a game called Forts, and is available on Steam. I recommend it if you like physics-based RTS games.

So what I did first on this webpage was Inspect by right-clicking the text right above the Sign In/Register to view the whole article to see if the entire website's contents were really on the page but hidden by css.

Example of a paywall implementation
Where we inspect the text

I didn't find the whole article under the covers, and so I didn't think I'd uncover anything else - until I saw a <script> tag below the previewed content and some code that looked like this:
if(typeof(readCookie('nsdr')) == 'undefined'){
    // code
}
I didn't give this much thought and guessed that perhaps they are showing information on the page based on a cookie named nsdr. So I ran the following code in my console and refreshed the webpage:


Lo-and-behold I was seeing the entire article! Quite easy don't you think?


What was wrong

This company is validating client-side if a user is able to view content, instead of what they should be doing, which is validating a user is authenticated (and showing the user their content) on the server. Learn your lesson and never trust the user.

Comments

  1. I was diagnosed as HEPATITIS B carrier in 2013 with fibrosis of the
    liver already present. I started on antiviral medications which
    reduced the viral load initially. After a couple of years the virus
    became resistant. I started on HEPATITIS B Herbal treatment from
    ULTIMATE LIFE CLINIC (www.ultimatelifeclinic.com) in March, 2020. Their
    treatment totally reversed the virus. I did another blood test after
    the 6 months long treatment and tested negative to the virus. Amazing
    treatment! This treatment is a breakthrough for all HBV carriers.

    ReplyDelete
  2. Accessing a Free Assignment Sample is a great way to understand proper formatting, structure, and referencing. These samples serve as a guide for students working on their own assignments and can significantly improve the quality and accuracy of their academic writing across different subjects.

    ReplyDelete

Post a Comment

Popular posts from this blog

UI redesigns are mostly a waste of time

To preface the article, I primarily work on, and prefer, back-end code. I've been involved in both web and software development for over 4 years now and worked with many front-end and back-end frameworks. New Twitter UI Before all of the UI designers that read this go out and riot and champion against me for saying UI redesigns are a waste of time, let me say that I do value design . I think at the bare minimum, a product or website needs to be usable , and if you possess a good eye and steady hand , you should feel compelled to create something that looks pleasing. David Just stop redesigning the UI all the time . UI redesigns, in my opinion, are a waste of time 95% of the time. Let me explain further. No one cares Come see our fresh new look ! What about our new  material design , come see! I'm sorry, but besides fixing the UI where it impacts the usability of your application, no one is raving about how a redesign makes the application any better. ...

How to block online ads with the hosts file

Am I the only one who is skeptical clicking on ads I see online? Yes, I know it is the lifeblood of entrepreneurs , but I really don't care to view more than I have to. We all know the 7 +- 2 rule ; we have a limit of the amount of information we can take in at a single time. It's a fact. We are not infinite in our abilities alone - let's just let the computers do the thinking for us .   Inline Adsense ads While I recently tried to set up a more elegant solution, I wanted to share with you how you have the power to block ads (in case you didn't know already) and regain [more] control of what you are looking at online. Extensions This is the easy answer, just install Adblock Plus ( Chrome ). Adblock Plus on the Chrome web store Adblock does it all for you. Ads? No more. It's really a golden bullet. However, if you want to grow as a developer, sometimes it pays to try and do things in a different way in order to learn how more things work und...

Two productivity tricks in Visual Studio you need to be using

Up your productivity game by using these two tricks you probably didn't know existed in Visual Studio. Being more productive F1 key Starting with the best, the F1 key. You didn't know this key did something did you, well, you'll be surprised to know that the F1 key opens up a help page on whatever you have your cursor on. Don't know what a keyword means or does, don't know what the parameters of Parallel.ForEach are, hit F1. Use that F1 key! Clicking the F1 key while your cursor is over the SameSiteMode as shown in the above screenshot, takes us to this page where we can learn more about the SameSiteMode. The task list For when you want to clean up your code base, open up the task list  and get on to fixing those bugs! The task list opens a window that shows all instances of your //TODOs (as well as other symbols in your code). You can open this window by going to View > Task List or (ctrl + \, T). Take this example. An example ...