What does this Javascript anti-robber code do?


What does this Javascript anti-robber code do?

<html><head></head><body onload="challenge();">
eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('1 6(){2.3=\'4=5; 0-7=8; 9=/\';a.b.c()}',13,13,'max|function|document|cookie|Anti-Robot|ee2c23967cffbc6dff69153929fd8155017def99|challenge|age|86400|path|window|location|reload'.split('|'),0,{}))

A few weeks ago I saw a discussion about Parsear sites where one of the members posted this anti-robo code it was also reported that the software used by him during the process spent an exorbitant time trying to download a single page and in the end there was only this anti-robot code robo and no content of the desired page, unfortunately I no longer have the link to the discussion or the site whose page has this anti-robo.

Note: It was informed that he was using the PhantomJS software configured with a user-agent (which in theory should make him look like chrome/firefox).

Obs2: This is the original formatting of the code


The original code is:

function challenge() {
    document.cookie = 'Anti-Robot=ee2c23967cffbc6dff69153929fd8155017def99; max-age=86400; path=/';

It basically sets the Anti-Robot cookie and then refreshes the page.

Probably the cookie is used later verified on the server to prevent a form being submitted or a request being made by automated scripts.

Perhaps the value of the cookie is invalidated on every request and generated again, as a token with a limited lifetime. This is a common technique in several frameworks of different languages ​​to avoid duplicate requests (user clicks twice on the button, the browser makes 2 submits, but the second one is ignored by the server because the token was already used in the first request) and some breaches of safety.

However, one would need to evaluate the code in context to be sure.

Scroll to Top