Methods of Cloaking
It may sound as a surprise to you, but there are actually only 4 possible (HTML) methods known to be able to cloak or ‘stuff cookies’ from another site when visiting a page. (There is also a way to do this using ‘flash’ objects, but that is outside our scope).
• The FRAMESET method
• The IFRAME Tag method
• The IMG tag method
• The EMBED tag method
All four methods are very similar:
The HTML code will allow you to “embed” the page of the targeted affiliated site, causing the visitor to be cookied. The attributes of the (hidden) link can make the included page so small that the visitor will not notice the ‘extra’ site that was loaded during his visit. In that case, it is called ‘Cookie Stuffing’.
The only case that the visitor would suspect something happening is when he has set his browser to ‘ask’ if cookies can be dropped, or when loading the page is so slow that he’ll notice the hidden URL temporarily in the browser’s URL, when it is retrieving all the elements of that page in the background.
There is also a method known as “the pop-under” method, but that is a method that is not always working, as it requires the visitor to allow JavaScript, allow pop-up’s and is using the correct version of browser that can interpret the JavaScript blur() method.
If all those requirements are met, it might work. Although I strongly discourage to use this method.
A. The FRAMESET method
Frames are a way of showing more than one “real” page inside of a browser. You go to one URL, and once you are there, you see several actual, real pages. This functionality is most commonly used by people who want to have their navigation buttons on one page and their content on another page. Then when you click the navigation buttons, the content page changes, but the navigation buttons do not.
Frames pages can also be used to “hide” a page. To do this you create a frames page that doesn’t do anything except display another page inside of it. When you do this, the browser displays the URL of the outer or framing page and doesn’t show the URL of the page being displayed inside.
HTML code:
<html><head>
<script>window.status = ‘ ‘;</script>
<meta http-equiv=”Content-Language” content=”en-us”>
<title>TITLE</title>
<meta name=”keywords” content>
<meta name=”description” content>
</head>
<frameset border=”0″ frameborder=”0″ marginleft=”0″ margintop=”0″ marginright=”0″ marginbottom=”0″ rows=”100%,*”>
<frame src=”http://www.ahiddenpage.com” scrolling=”auto” frameborder=”no” border=”0″ noresize>
<frame topmargin=”0″ marginwidth=”0″ scrolling=”no” marginheight=”0″ frameborder=”no” border=”0″ noresize>
<noframes>
<body>
</body>
</noframes>
</frameset>
</html>
The ol’ well-known “Affiliate Link Cloaker” (and many others) uses this technique. It creates a page on your site that is a frames page that actually displays another page inside of it.
Wouldn’t it be easy to figure out what is happening in this code, you may ask?
Sure. Anyone who is smart enough to hit View / Source would see the frameset code and would also see the (hidden?) URL being displayed inside the frame.
So, the “Affiliate Link Cloaker” “cloaks” (in the meaning of ‘hides’) the URL by expressing it in “Unicode“ or better “HTML Unicode”. Instead of using the natural characters, the “Affiliate Link Cloaker” uses their numeric equivalents. (I’ll talk about how to hide your code later).
For example, an “A” would be represented as “A”.
Trivia: Can you decrypt this URL?
Do you know which site I would be hiding here when using this code?
src=”http://www.Amazon.com”