Back to Epicmafia

Hidden Link Detector

The
over 9 years

https://greasyfork.org/en/scripts/11623-hidden-link-detector

As many of you know, hidden links can be a significant for threat one's security all throughout the Internet, not limited to just Epicmafia. To combat this threat, have made a greasemonkey script that will detect and alert you of any hidden links on the current page. This script works on every website, including sites that have real-time updates like Skype.

If you haven't already, install the tampermonkey extension for chrome or the greasemonkey extension for FireFox so you can install my script.

Instructions

Normal links will be unaffected, links that go to a destination other than what they appear to go to are highlighted in yellow, and any links that will run JavaScript when they're clicked are highlighted in red.

Hovering over the links will also show you the real destination, or in the case of a JavaScript link, the script that will be run when you click on it.

As always, notify me of any issues or exploits you may find in the script.

admin
over 9 years
alright all fixed
cub
over 9 years

Zhuorb says

So hidden links aren't actually hidden?

How does one fall for them lol


markdown hidden links still work using this trick, see my profile for reference
Satan
over 9 years

Croned says

Will I get any reward/compensation for the competition stats tool, an issue which I already emailed you about and you read, but never replied to?


lmfao
Zhuorb
over 9 years
So hidden links aren't actually hidden?

How does one fall for them lol
Miloo7
over 9 years

lilin says


Miloo7 says

Lucid, you promised this, please deliver




dumb idea

if they are really saying nasty stuff kick them??


I was thinking this will help you reread in ranked games not just muting someone in unranked.
cub
over 9 years
i have faith in phill
Giga13
over 9 years
wonky wheel
Hibiki
over 9 years
its heartbreaking to see lucid interested in fixing all this stuff but not having the time to sit down and do it. it's like he's your workaholic dad who promised to fix your bike but he's busy, can't help it, etc and eventually you just learn to bike with the wonky wheel
cub
over 9 years
hi
Hibiki
over 9 years
hello to you too cub
cub
over 9 years
im saying goodbye to my last hidden links
deletedover 9 years
hi foxie, are u clever?
cub
over 9 years
itp testing alternatives

javascript://x%0aalert(%22hello%20%22+auth_top.textContent)

[url=x://]y[/url]
[url]x://[/url]

[url=ftp://]y[/url]
[url]ftp://[/url]

bug( affecting nobody at all ): ftp isn't recognized as a valid protocol in url tags
cub
over 9 years
javascript://x%0aalert%28%22with%20clicks%22%29

filthy cheats
deletedover 9 years

Miloo7 says

Lucid, you promised this, please deliver




dumb idea

if they are really saying nasty stuff kick them??
Miloo7
over 9 years
Lucid, you promised this, please deliver

Giga13
over 9 years
This is so great, thanks to all involved!
admin
over 9 years
it will terminate if any of the images along the redirects are not an image
cub
over 9 years
ok it blocked a nefarious poking fake image

also what if i give it 4 fake images?

anyway tbh once you add csrf checks to all actions, this extra server strain won't be necessary anymore
cub
over 9 years

admin says

foxie, it follows the redirects, up to 4, to check to see if the final destination is an image or not


prince
over 9 years

moon says


mist says


xela says

*backflips into thread*

yo lucid, profile pets

*sashays outta here*


don't do this.





admin
over 9 years
foxie, it follows the redirects, up to 4, to check to see if the final destination is an image or not
AdrenalineMime
over 9 years
rip hibiki's profile(s)
cub
over 9 years
additionally i think every profile(/markdown) image is broken
cub
over 9 years
it accepted my redirect (check the image url)

confirmed vulnerable but really that won't be a problem with csrf