Ajax Hacking for the Discerning Pro Wrestling Fanatic

by Gorgeous_G

I am an unrepentant professional wrestling fan.  I am also an unrepentant nerd.

If you mix these things together, you will find the seedy, pop-up-riddled underbelly of the Internet known as pro wrestling websites.  Most wrestling sites have never met a banner ad that they didn't like.  Now, since I'm not interested in my computer getting herpes or in the general tasering of gnomes, I use Adblock Plus (adblockplus.org) in Firefox.  This keeps most of the evil stuff at bay.

But I'm not here to talk to you about my surfing habits.  I'm here to talk about the most egregious advertising offender I've ever seen, PWInsider (www.pwinsider.com).  Go ahead and go to that site in Internet Explorer.  I dare you.  It is an eye-searing mess of flash, banners, and interstitials.  The problem is, they're pretty decent with their news reporting so, as a fan, you either have to wade through the flashing mess, or use Adblock.  As I've said, I choose the latter path.

About May of 2008, someone at PWInsider must have heard of Adblock because, when I clicked on article links, I got a message saying "Ad-blocking software is not allowed" in place of the article text.

I was a little peeved but, more than anything, I was obscenely interested in how the ad-block-block code worked.  So I poked around in the source code for a while, and found that the article text was displayed using an Ajax request, sent unencoded, using part of the URL of the regular article page.

There was also a boolean query variable, b, which was determined based on whether the interstitial ad loaded or not.

if b=true, no article for you!

So this URL:

http://www.pwinsider.com/ViewArticle.php?id=40024&p=1

Was being translated to this Ajax request:

http://www.pwinsider.com/ajax/commands/getarthtml.php?id=40024&pn=1&b=false

If you pasted that last one into an address bar, presto!

You got the plain HTML of the article, and nothing else.  I bashed together a quick 'n' dirty Greasemonkey script to automatically transform the URL.  I had my hack, and I was happy.

But that wasn't the end of the story.

PWInsider also has something called an Elite membership.  You pay a monthly subscription fee, and you're granted access to podcasts and exclusive news, in addition to an ad-free site.  I personally have no interest in their podcasts, but the site creators use some dirty tricks to try to entice you to give them your money.

They'll put up a headline like "Former WWE Champion Found Dead with Wife and Son" and, when you click through to find out who it is, the article will just be an ad for the Elite site.  So, I had my hack in place and I inadvertently clicked on one of the Elite teaser headlines.  Much to my surprise, I saw a stern warning about not sharing my Elite login with anyone, and a set of working links to post-game podcasts!

There was no password protection on their paid content whatsoever, only on the HTML front-end to get into the Elite site.

Now, I may be a dirty ad-blocking leech as far as the creators of the site are concerned, but I'm not trying to put anyone out of business.  Those guys make a living off of their Elite content.  At the same time, I had my doubts about them taking my hack seriously, so I wrote up an article for 2600 and submitted it.  I also sent an anonymous email detailing the hack to the guy who codes the site.  A short while later, the security hole was plugged and the ad-block-blocker was removed, and everyone was happy.  By the time the 2600 editors got around to reviewing my article, the hack was useless, so it didn't get published.

One morning, while eating my breakfast, I was checking my news, clicked through to a link on PWInsider, and was met with another stern admonishment about using ad-blocking software.  So, on a whim, I dug through my email archives for my old script, and installed it to see if it worked.

Not only did it work, but it once again gave me access to the Elite content!

This time, the actual checking is being done by this piece of code:

<script type="text/javascript"> 
  abp = false; 
</script> 

<script type="text/javascript" src="include/adframe.js"> </script> 

<script language="javascript"> 
  document.write(unescape('[A whole bunch of double and triple-escaped JS code, omitted for publishing]')
</script>

And adframe.js consists of one line: abp = true;

So they're trying to fool Adblock into thinking that adframe.js is an ad loader.

The escaped code looks for the value of abp, and spits out the warning instead of the article text if the value is false, which it will be if adframe.js is blocked.

Whitelisting http://www.pwinsider.com/include/adframe.js will get around the ad-blocking.

Here is the very ugly code for my article-text-only/inadvertent-Elite-access hack.

You'll need Mozilla Firefox and the Greasemonkey extension.

Will I warn them about the security hole again?  Certainly... once this article published. ;)

Do-Fixer-Neo.js:

// ==UserScript== 
// @name          Do Fixer Neo 
// @description   Fix PWInsider's crappiness 
// @author        Gorgeous_G 
// @version       1 
// @include       http://*.pwinsider.com/* 
// @include       http://*.pwinsiderxtra.com/* 
// ==/UserScript==  
var url = window.location.href;
var queryList = url.split('?');
var splitagain = queryList[1].split('&');
var newurl = ("http://www.pwinsider.com/ajax/commands/getarthtml.php?" + splitagain[0] + "&pn=1");
window.location.href = newurl;

Code: Do-Fixer-Neo.js
Return to $2600 Index