Jump to content
Sign in to follow this  

Read JavaScript output

Recommended Posts



right now I'm doing a script, which should automate some steps (disable/enable switch port) in a web interface of a Network Switch.

The things I have done so far by using WININET: 1. login/logout 2. enable/disable port

What's missing: Read out the port state (enabled/disabled).

The Problem:

The Webinterface is programmed very crappy. The portstatus page, which shows the state of each port consists of javascript.

So when I "download" the page's sourcecode I only see some javascript.

Now I have to get the values, that are produced by the javascript, any suggestions?

The page:

<html><head><title></title></head><script>var css_type = top.fIw.css_type ;function window_onload(){ for(i=1; i<=top.fIw.phy_port_cnt; i++) document.getElementById("pstt").rows[i].onclick=toclick;}var vender_id ;</script><script language="Javascript" src="css.html"></script><script language="Javascript" src="fake_server.html?vender_id=1"></script><body onload="window_onload()"><div id="realpage" align="center" style="display:none;"><p class='page_title' align="center">Port Current Status</p><table border='0' cellspacing="1" id="pstt"><tr align="center"><td class="table_title" nowrap>Port No</td><td class="table_title" nowrap>Media</td><td class="table_title" nowrap>Link</td><td class="table_title" nowrap>State</td><td class="table_title" nowrap>Auto Nego.</td><td class="table_title" nowrap>Speed/Duplex</td><td class="table_title" nowrap>Rx Pause</td><td class="table_title" nowrap>Tx Pause</td><script language="Javascript">switch(vender_id){ case 0: case 1: case 8: case 9: document.write( '<td class="table_title" nowrap>Port Description</td>' ) ; break ; default: break ;}</script></tr><script language="Javascript">var i, j ;var d = document ;for( i=0; i<top.fIw.phy_port_cnt; i++ ){ d.write( '<tr style="cursor:pointer" class="table_body" align="center"><td>'+(i+1)+'</td>'); switch(vender_id){ case 0: case 1: case 8: case 9: for( j=0; j<8; j++ ) d.write( '<td></td>' ); break ; default: for( j=0; j<7; j++ ) d.write( '<td></td>' ); break ; } d.write( '</tr>' );}</script></table></div><input type="hidden" name="hiderowidx" id="hiderowidx" value=-1></body></html><script>var tb=document.getElementById("pstt");var hideidx = document.getElementById("hiderowidx");var bg_color, fg_color, dk_color ;var si, sj;switch(vender_id){ case 0: case 1: case 8: case 9: var colu = 9; break ; default: var colu = 8; break ;}top.fIw.dt.get_flag = top.fIw.dt.pst.fl_in = 1 ;si = setInterval( "polling()", 50);function polling(){ switch( css_type ){ case 7: bg_color = "#EEEEEE" ; fg_color = "#060606" ; dk_color = "#AAAAAA" ; break ; default: bg_color = "#d5ebfe" ; fg_color = "#1D3956" ; dk_color = "#7Db1c2" ; break ; } if( top.fIw.dt.pst.fl_in==0 ) { clearInterval(si); for(i=0; i<2; i++) { if(top.fIw.dt.pst.sfp[i].sfpmodule==1) tb.rows[i+top.fIw.phy_port_cnt-1].cells[0].innerHTML = '<a href="java script:tofiber('+(i+(top.fIw.phy_port_cnt-2))+')">'+(i+top.fIw.phy_port_cnt-1)+'</a>'; else tb.rows[i+top.fIw.phy_port_cnt-1].cells[0].innerHTML = (i+top.fIw.phy_port_cnt-1); } for(i=0;i<top.fIw.phy_port_cnt;i++) { tb.rows[i+1].cells[1].innerHTML = " "+changeStatus( 0, top.fIw.dt.pst.p[i].media_type )+"  "; tb.rows[i+1].cells[2].innerHTML = " "+changeStatus( 1, top.fIw.dt.pst.p[i].linked )+"  "; tb.rows[i+1].cells[3].innerHTML = " "+changeStatus( 2, top.fIw.dt.pst.p[i].enabled )+"  "; tb.rows[i+1].cells[4].innerHTML = " "+changeStatus( 3, top.fIw.dt.pst.p[i].auto_nego )+"  "; tb.rows[i+1].cells[5].innerHTML = " "+changeStatus( 4, (top.fIw.dt.pst.p[i].speed<<8)|top.fIw.dt.pst.p[i].duplex )+"  "; tb.rows[i+1].cells[6].innerHTML = " "+changeStatus( 5, top.fIw.dt.pst.p[i].rxp )+"  "; tb.rows[i+1].cells[7].innerHTML = " "+changeStatus( 6, top.fIw.dt.pst.p[i].txp )+"  "; switch( vender_id ){ case 0: case 1: case 8: case 9: tb.rows[i+1].cells[8].innerHTML = " "+top.fIw.dt.pst.p[i].desc+"  "; break ; defualt: break ; } } document.getElementById("realpage").style.display = "" ; top.fIw.dt.get_flag = top.fIw.dt.pst.fl_in = 1 ; si = setTimeout( "polling()", 5000) ; }}function toclick(evt){ var intRowIndex=0; intRowIndex=this.rowIndex; if(intRowIndex==undefined) return; for(j=0; j<colu; j++) tb.rows[intRowIndex].cells[j].style.backgroundColor=dk_color; if(hideidx.value != -1 && hideidx.value!=(intRowIndex)) for(j=0; j<colu; j++) tb.rows[hideidx.value].cells[j].style.backgroundColor=bg_color; hideidx.value = intRowIndex;}function changeStatus(type,arg){ var str=""; switch(type) { case 0: { if(arg==1) str="TP"; else if(arg==0) str="Fiber"; }break; case 1: { if(arg==1) str="Up"; else str="Down"; }break; case 2: { if(arg==1) str="Enabled"; else if (arg==0) str="Disabled"; else str="------"; }break; case 3: { if(arg==1) str="Enabled"; else if (arg==0) str="Disabled"; else str="------"; }break; case 4: { var sp = (arg>>8)&255; var du = arg&255 ; if(sp==0) str="10M/"; else if(sp==1) str="100M/"; else if (sp==2) str="1G/"; else if (sp==255) str="---/"; if(du==0) str+="Half"; else if (du==1) str+="Full"; else if (du==255) str+="----"; }break; case 5: { if(arg==0) str="Off"; else if(arg==1) str="On"; else str="------"; }break; case 6: { if(arg==0) str="Off"; else if(arg==1) str="On"; else str="------"; }break; } return str;}var click_flag=1 ;function tofiber(pno){ if(click_flag==0)return; click_flag = 0 ; top.fIw.dt.getarg = pno; top.fIw.dt.pfiber.port_no = pno; top.fIw.dt.get_flag=top.fIw.dt.pfiber.fl_in=1; sj = setInterval( "showfiber()", 50);}function showfiber(){ if(top.fIw.dt.pfiber.fl_in==0) { clearInterval(sj);window.open("portfiber.html", "Fiber", "toolbar=0,location=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=0,width=550,height=500"); }}</script>

The code not even is formated (fuck the manufactor).

The page (its more than you can see on the picture, strange thing is, that you can only see the output in explorer, when you see the full page (portstatus is iframed)

Posted Image

Im very thankfull for every hint!



Share this post

Link to post
Share on other sites
Richard Robertson

You may also want to look at "fake_server.html?vender_id=1" because this is imported as a javascript source. I really have no idea why a page would be designed like this.

Share this post

Link to post
Share on other sites

In general network switches generate such webpages from a small chip,in real time, and that explains the formatting.

I'd advise you to examine what the page sends back to the switch in the address bar.

I attempted to visit the address you've provided but (as one would hope) no page downloaded!

Who makes the netswitch? What hints are in the user manual?

EDIT:removed the massive quote.

Edited by SIone

Perilous to all of us are the devices of an art deeper than we ourselves possess.

Share this post

Link to post
Share on other sites

I already examined the http header in wireshark (thats how I found out the login thing and the accept/disable of ports). The webserver the switch runs is tinyhttpd but thats not really helpfull :). Best would be to hack the webserver or take a different switch >_<. Anybody know any security issues: thttpd/2.04 10aug98 ?

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  


Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.