Parsing CloudFlare-protected emails


  • Admin

    Sometimes on websites you see something like this

    <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="LONG HEX STRING HERE">[email&#160;protected]</a>
    

    In order to decrypt it, you can make use of the Jint interpreter and write this LoliScript piece of code:

    PARSE "<SOURCE>" LR "cfemail=\"" "\"" -> VAR "LONGHEX"
    
    ## DECODING
    BEGIN SCRIPT JavaScript
    function cfDecodeEmail(encodedString) {
        var email = "", r = parseInt(encodedString.substr(0, 2), 16), n, i;
        for (n = 2; encodedString.length - n; n += 2){
        	i = parseInt(encodedString.substr(n, 2), 16) ^ r;
    		email += String.fromCharCode(i);
        }
        return email;
    }
    
    var EMAIL = cfDecodeEmail(LONGHEX);
    END SCRIPT -> VARS "EMAIL"
    PRINT <EMAIL>
    

    It will print the email in cleartext ^_^



  • 8fb71511-1799-40bf-ad5f-e8f3a6b293ed-image.png
    012dd44b-c9a6-48e5-bab8-92cd06eac030-image.png
    thanks ❤


  • Mod

    very useful 🙂
    take note yall



  • Noted.... Tnx Ruri


Log in to reply