xAjaxSec

Encrypt Ajax response with xAjaxSec

Logo ResourceSpace Logo Wordpress Logo Prestashop Logo Joomla

Exemple with encryption

Here is the content of the Ajax target (resource ID 881):

[[!xAjaxSec? &debug=`0` &cypher=`0` &run=`[[dummyAjaxProcessor]]`]]

Script for this demo:


<script type="text/javascript" src="assets/components/xajaxsec/js/xajaxsec-all-min.js"></script>
<script>
    var cypher = true;
    var pass="[[++xajaxsec_pass]]";
    $("#get_response_html").on("click",function(){
        //console.log("clicked");
        $.post("[[~881]]", { k: "[[++xajaxsec_pkey]]"}, function( data ) {
            /* html, text data */
            console.log(data);
            $("#result").append(data);
            if(cypher==true){
                $(".decrypt").on("click", function(){
                    console.log("cypher: activé, décrypter...");
                    var result_dec = CryptoJS.AES.decrypt(data, pass, {format: CryptoJSAesJson}).toString(CryptoJS.enc.Utf8);
                    console.log(result_dec);
                    //$("#result_dec").empty();
                    $("#result_dec").append(result_dec);
                    $(".decrypt").attr("disabled","disabled");
                });
            }
        });
        $(this).attr("disabled","disabled");
        $(".decrypt").removeAttr("disabled");
    });
</script>

You can check in the browser developer tools the response.

Try a direct access to AJAX target

Result

Click on the "Get response" button, the Ajax response sent by the server, absolutely unreadable, even in developer tools console will be displayed:

Result (decrypted)

The response decrypted via Javascript: