Understanding F5 “bobcmn” Javascript detection
If you’ve seen a response like this from a website;
(function(){
var securemsg;
var dosl7_common;window[“bobcmn”] = “1111101010101020000000220000000520000000021f86dd03200000096300000000300000000300000006/TSPD/300000008TSPD_101300000005https200000000200000000”;
window.aht=!!window.aht;try{(function(){try{var __,i_,j_=1,o_=1,z_=1,s_=1,S_=1,Ji=1,li=1;for(var oi=0;oi_j;if(l)return OI(!1);l=Ij&&ij+lj<_;l=OI(l);ij=_;Ij||(Ij=!0,Jj(function(){Ij=!1},1));return l}oj();var zj=[17795081,27611931586,1558153217];
function Zj(_){_="string"===typeof _?_:_.toString(36);var l=window[_];if(!l.toString)return;var O=""+l;window[_]=function(_,O){Ij=!1;return l(_,O)};window[_].toString=function(){return O}}for(var sj=0;sj<zj.length;++sj)Zj(zj[sj]);OI(!1!==window.aht);
(function Sj(){if(!oj())return;var l=!1;function O(l){for(var z=0;l–;)z+=Z(document.documentElement,null);return z}function Z(l,z){var O="vi";z=z||new s;return O_(l,function(l){l.setAttribute("data-"+O,z.Zz());return Z(l,z)},null)}function s(){this.jo=1;this.io=0;this.Sj=this.jo;this.c=null;this.Zz=function(){this.c=this.io+this.Sj;if(!isFinite(this.c))return this.reset(),this.Zz();this.io=this.Sj;this.Sj=this.c;this.c=null;return this.Sj};this.reset=function(){this.jo++;this.io=0;this.Sj=this.jo}}
var S=!1;function z(l,z){if(!oj())return;var O=document.createElement(l);z=z||document.body;z.appendChild(O);O&&O.style&&(O.style.display="none");oj()}function J_(z,O){if(!oj())return;O=O||z;var Z="|";function s(l){l=l.split(Z);var z=[];for(var O=0;O<l.length;++O){var S="",I_=l[O].split(",");for(var J_=0;J__}
function J(_){var l=arguments.length,O=[];for(var Z=1;Z>b>>0};})();
/TSPD/088481ad69ab2000b270b96268cc0e553e2472504e457123c9fbd2b9bab56ec1bcd49acbc8338cd8?type=7
Please enable JavaScript to view the page content.
Then you’ve been blocked by F5 Network’s Javascript detection, and unless your next requests have the correct Cookies, then you’ll be dumped back to this page. The cookies are IP and time specific.
Now, you can try and pick through the javascript, (please leave a comment, if you find anything), or you can use PhantomJS to execute the front page, and return the cookies, with a script such as;
var page = require(‘webpage’).create();
page.open(‘https://www.somewebsite.com’, function(status) {
setInterval(function(){
if (phantom.cookies.length > 0)
{
var strCookie = “”;
for(var i in phantom.cookies)
{
var cookie = phantom.cookies[i];
strCookie += cookie.name + “=” + cookie.value + “;”;
}
console.log(strCookie);
phantom.exit();
}
},1000);
});
This script will write our the required cookies, which must then be sent along with any subsequent requests. Note that the cookies are limited by time and IP, so you need to make the subsequent request from the same IP address as PhantomJS.
Network Programming in .NET 