HTML Obfuscator — client-side
Paste HTML, pick techniques, then click
Obfuscate
.
Input HTML
Tip: obfuscation may break inline scripts if aggressive methods used
<!-- Example --> <div class=\"hello\">Hello <strong>world</strong>!</div> <script>console.log('inline');</script>
Obfuscate
Clear
Paste (from clipboard)
Techniques (combine for stronger obfuscation)
Convert to HTML entities
Char codes (\xHH / &#NNN;)
Wrap in base64 + decoder
Split & join strings
Insert deceptive comments
Randomize attribute names (light)
Obfuscation intensity
6
Output (obfuscated)
Copy
Download .html
`; } } // If aggressive: produce script that reconstructs via split-join and eval const buildEvalWrapper = (payload, intensity=6)=>{ const parts = []; const chunk = Math.max(10, Math.floor(payload.length/(Math.max(2,Math.floor(intensity/2))))); for(let i=0;i
"'"+p.replace(/'/g,"\\'")+"'").join(','); return ``; } // Main obfuscator function obfuscate(raw){ const entities = q('#tech_entities').checked; const charcodes = q('#tech_charcodes').checked; const base64 = q('#tech_base64').checked; const split = q('#tech_split').checked; const comments = q('#tech_comments').checked; const randAttr = q('#tech_randomize').checked; const intensity = Number(q('#intensity').value); let out = raw; if(randAttr) out = randomizeAttributes(out); if(comments) out = insertComments(out, intensity); // If user requested char codes, convert either to decimal entities or hex escapes if(charcodes){ // mix decimal entities for HTML text and hex escapes for JS sections ( // naive split: handle script contents specially out = out.replace(/
]*>([\s\S]*?)<\/script>/gi, (m,inner)=>{ const esc = toHexEscapes(inner); return ' markers if they were entity-encoded out = out.replace(/<script([^&]*)>/gi,'
').replace(/<\/script>/gi,''); } if(split){ // if base64/wrapper requested later, we should prepare accordingly; here we can split strings in scripts // for simplicity, wrap the whole document in a join wrapper: buildEvalWrapper out = buildEvalWrapper(out, intensity); } if(base64){ if(split){ // if already wrapped as eval wrapper, base64 that wrapper const inner = out; const b = btoa(inner); out = ``; } else { // encode raw into base64 and wrap const b = btoa(out); out = ``; } } // Final fallback: if none selected, do a light obfuscation: replace < with its entity if(!entities && !charcodes && !base64 && !split && !comments && !randAttr) { out = out.replace(/ q('#intVal').innerText = q('#intensity').value); q('#obf').addEventListener('click', ()=>{ const raw = q('#input').value || ''; try{ const res = obfuscate(raw); q('#output').textContent = res; }catch(e){ q('#output').textContent = '// Error during obfuscation: '+e.message; } }); q('#clear').addEventListener('click', ()=>{ q('#input').value=''; q('#output').textContent=''; }); q('#copy').addEventListener('click', ()=>{ const t=q('#output').textContent||''; if(!t) return alert('Nothing to copy'); navigator.clipboard.writeText(t).then(()=>alert('Copied to clipboard')); }); q('#download').addEventListener('click', ()=>{ const blob = new Blob([q('#output').textContent||''], {type:'text/html'}); const url = URL.createObjectURL(blob); const a=document.createElement('a'); a.href=url; a.download='obfuscated.html'; document.body.appendChild(a); a.click(); a.remove(); URL.revokeObjectURL(url); }); q('#paste').addEventListener('click', async ()=>{ try{ const text = await navigator.clipboard.readText(); q('#input').value = text; }catch(e){ alert('Clipboard read failed') } }); // Small helper: encode via atob/btoa might fail for non-latin1; provide polyfill using UTF-8 // btoa/atob Unicode-safe wrappers (function(){ window.btoa = window.btoa||function(str){return btoa(unescape(encodeURIComponent(str)))}; window.atob = window.atob||function(b64){return decodeURIComponent(escape(atob(b64)))}; })();