Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: How did they do this?
1 point by chm on May 23, 2013 | hide | past | favorite | 6 comments
First of all, I'm sorry for the nondescript title. I don't know how else to ask.

I visited this website (http://chemistry.tutorvista.com/organic-chemistry/nitro-group.html) and was immediately greeted with a Google Chat-like message in the bottom right corner. Here's the transcript:

  Tutor:  Hi, I'm a Chemistry Tutor.
  May I help you?
  Do you want to take a free tutoring session with me?
  me:  o.O
  Tutor:  Let us start working on the whiteboard.
  Please wait while the whiteboard loads
  Redirecting to whiteboard
In less than 30 seconds after loading, someone had managed to engage a conversation with me and redirect my browser, without my consent, to their "Whiteboard" page. I am using Ghostery with NoScript in Firefox 20 on OS X. The only page with JS enabled was TutorVista's, so everything was apparently done on-page.

How did they do this, and does this pose a security threat?

By the time I finished writing this, FF pushed an update. I'll try again under 21 to see if it still works.

Update: It still works in 21. It seemed very real at first, but I'm pretty sure it's a trigger-redirect. The messages are exactly the same. Still, I'm suspicious of how kosher the script is.



It isn't a real person, its all done in Javascript. Seems to me like your NoScript isn't working properly, or isn't configured properly.

The Javascript is run from here: http://image.tutorvista.com/js/top_chat_box_popup.js?17

The code responsible for redirecting you is here: function startMsg_popup(type) { if(type == 'payment'){ addMsg_popup(tutor_name,"We have the right package for you.",1500,function(){ addMsg_popup(tutor_name,"Please answer a few questions on the following page.",1500, function(){ addMsg_popup("sys","Loading Questionare",500,function(){ gotoquestionare_popup(); }); }); });

    }
    else{ 
        addMsg_popup(tutor_name,"Let us start working on the whiteboard.",2000,function(){
            addMsg_popup(tutor_name,"Please wait while the whiteboard loads",2000, function(){
                addMsg_popup("sys","Loading Whiteboard",1000,function(){
                    gotowhiteboard_popup();
                });
            });
        });
    }
}

Edit: More details there is a function called "areakeyup_popup" which is called every on every keyup event. It checks to see if the enter key was pressed. If it does it calls "startMsg_popup" which springs into action the "Please wait while the whiteboard loads" message, before calling, "gotowhiteboard_popup" which creates and submits a form for you pragmatically, `redirecting` you to their `whiteboard`.


Presumably, they either used Javascript via:

document.location.href = "http://www.google.com/ "

or the HTML meta redirect:

<meta http-equiv="refresh" content="0;url=http://www.google.com/ ">

Both of which can redirect your browser to another location.


So the redirect was there all along, waiting for a trigger?


More than likely, the way I would do it would be to wait for content entry, IE, your "o.O", post my message along with a redirect for a few seconds lag. To give you time to read that you were being redirected before redirecting you.


I was wrong

-------------------------------

After reviewing the source code, they use javascript to submit a form which redirects you to another website, carrying along some marketing data such as what brought you to them, etc.


They have an iFrame of http://www.tutorvista.com/iframe_container/iframe_popup_buyn...

with their own JavaScript of http://image.tutorvista.com/js/buynow_popup.js?9

It's not a real person.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: