Parsing CloudFlare-protected emails

Ruri

Sometimes on websites you see something like this

<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="LONG HEX STRING HERE">[email&#160;protected]</a>

In order to decrypt it, you can make use of the Jint interpreter and write this LoliScript piece of code:

PARSE "<SOURCE>" LR "cfemail=\"" "\"" -> VAR "LONGHEX"

## DECODING
BEGIN SCRIPT JavaScript
function cfDecodeEmail(encodedString) {
    var email = "", r = parseInt(encodedString.substr(0, 2), 16), n, i;
    for (n = 2; encodedString.length - n; n += 2){
    	i = parseInt(encodedString.substr(n, 2), 16) ^ r;
		email += String.fromCharCode(i);
    }
    return email;
}

var EMAIL = cfDecodeEmail(LONGHEX);
END SCRIPT -> VARS "EMAIL"
PRINT <EMAIL>

It will print the email in cleartext ^_^

Kermit

thanks

B1rdY

very useful
take note yall

mega_1

Noted.... Tnx Ruri