Javascript/AJAX obfuscation

[Jackolantern]

Do you obfuscate your Javascript code? If so, how do you do it? I have found a few websites that offer browser-based obfuscation applications, but it seems that perhaps these could be easily cracked. I have noticed that most major websites that use AJAX, like Gmail, Amazon, etc. use very heavy forms of obfuscation.

[hallsofvallhalla]

i have looked into this very little. It can be done and I know I will have to learn how. Just not there yet

[Jackolantern]

Well, there are a couple that I found that work right in the browser. You just copy and paste your code into the top window, hit the "Obfuscate" button, and it is transferred into a mess of characters in the bottom window. I have used several for Java and .NET applications since it is so easy to get to the bytecode or MIL underneath and fairly easy to re-write it back into source (particularly .NET's MIL). However, all of those obfuscators took a considerable amount of time to complete their task. So I am not sure if the Javascript applications that do it in the browser are doing everything they could be. They would probably work fine anyway, since once the code has lost its format and most of its readability, it would be almost impossible to piece it back together and figure out how to use it.

EDIT: Here is a web-based obfuscator to play around with. You can just copy'n'paste the obfuscated code from the bottom window and put it right back in the file and run it as is (it actually should run faster). It looks impossible to understand function calls and their implementation to me, but perhaps someone with more knowledge of obfuscation techniques could piece it back together. For a high-profile application, that could be very bad.