Encrypt Ajax response with xAjaxSec

Logo ResourceSpace Logo Wordpress Logo Prestashop Logo Joomla

Exemple with encryption

Here is the content of the Ajax target (resource ID 881):

[[!xAjaxSec? &debug=`0` &cypher=`0` &run=`[[dummyAjaxProcessor]]`]]

Script for this demo:

<script type="text/javascript" src="assets/components/xajaxsec/js/xajaxsec-all-min.js"></script>
    var cypher = true;
    var pass="[[++xajaxsec_pass]]";
        $.post("[[~881]]", { k: "[[++xajaxsec_pkey]]"}, function( data ) {
            /* html, text data */
                $(".decrypt").on("click", function(){
                    console.log("cypher: activé, décrypter...");
                    var result_dec = CryptoJS.AES.decrypt(data, pass, {format: CryptoJSAesJson}).toString(CryptoJS.enc.Utf8);

You can check in the browser developer tools the response.

Try a direct access to AJAX target


Click on the "Get response" button, the Ajax response sent by the server, absolutely unreadable, even in developer tools console will be displayed:

Result (decrypted)

The response decrypted via Javascript: