SlideShare a Scribd company logo

JavaScript Obfuscation

Download as PPT, PDF
n|u - The Open Security Community
n|u - The Open Security Community

null Banglore June - 2012 Meet

EducationTechnology
1 of 31
JavaScript Obfuscation
Prasanna Kanagasabai •Working in Information Security for more than 8 years •Have a passion towards Security •Enjoys programming in JS, Python and .NET
Topics to be covered • JavaScript • JavaScript Obfuscation • JavaScript D-Obfuscation Techniques
What is Obfuscation <pre> function wprcm(){ var uUHIjMJVFJET = navigator.userAgent.toLowerCase(); if(uUHIjMJVFJET.indexOf(String.fromCharCode(0157,112,0145,114,97)) != -'Z'[720094129..toString(16<<1)+""]) { return String.fromCharCode(0x6d,0x61,0x54,0150,76,0114,0132,113,0x50,0155,1 14,0x72,0x46,0x53); } if(uUHIjMJVFJET.indexOf(523090424..toString(1<<5)+"x") != -'c'[720094129..toString(4<<3)+""]) { return (-~-~- ~'Nday'[720094129..toString(1<<5)+""]<(-~- ~'bp'[720094129..toString(2<<4)+""]*010+2)?(function () { var qeNX='sG',YMkg='XfkU',PQmI='l',Iulx='oMAYc'; return PQmI+Iulx+YMkg+qeNX }) ():String.fromCharCode(106,0x67,0143,120,117)); } JavaScript : Attack & Defense
Obfuscation Obfuscation is the concealment of intended meaning in communication, making communication confusing, intentionally ambiguous, and more difficult to interpret. --Wikipedia definition • Art of Hiding Execution from plain text JavaScript : Attack & Defense
JavaScript • Loosely Typed Language • Gibberish Looking Data can convey valid information • Web Depends on JS • Mostly used in client side by recently server side impletions like node.js are becoming famous Sample: function factorial(n) { if (n === 0) { return 1; } return n * factorial(n - 1); }
Why Create Obfuscated Code 1. Bypass WAF’s. 2. Decrypt Exploit Packs 2. Bypass filters (in-house and commercial). 3. hide implementation details. 4. Social engineering payloads.
JavaScript : Attack & Defense
Let’s deobfuscate the script by replacing “document.write” with “alert”. JavaScript : Attack & Defense
JavaScript : Attack & Defense
JavaScript Strings • 1. “ I a m a n o r m a l s t r i n g ” -- N o r m a l S t r in g • 2 . ‘ I a m a n o r m a l s t r in g ’ -- N o r m a l S t r in g • 3 . / I a m a r e g e x s t r i n g /+’ ’ -- R e g e x S t r in g s • 4 . /I a m a r e g e x s t r i n g /. s o u r c e -- R e g e x S o u r c e f a c ilit y • 5 . [ ‘ I a m a S t r i n g ’ ] +[ ] -- S q u a r e n o t a t io n t o a c c e s s s t r in g . • 6 . “ t h is is a • JavaScript provides various methods to create strings • Strings play a very major role in obfuscation • •Some implementations can s tbrowser specific only M u lt ip le lin e be r in g “
Operators • JavaScript supports many infix operators: +,-,~,++,--,!, • Plays a very active role in obfuscation
Regular Expressions (RE) • What is Regular Expressions ? • Browsers Support RE as function and arguments to it. • The result is either first matched or if parentheses is used the result is stored in a array.
Comments • // single Line comments • /**/ is a multiline comments. • JavaScript supports <!---> HTML comments inline in JavaScript.
Escapes • Allows addition of Character out of the ASCII Charest in the code without breaking the code • / is a example of a escape
Encoding • Critical part of Obfuscation • 3 Modes Supported :  1. Unicode =====> u0061  2. Octal =====> 141  3. Hex =====>x61 <script> eval(RegExp(‘x5cx75x3030x36x31’).source+StringfromCharCode(0154)+’ u00’+0x41+/u0072/(‘x72’)+’134uoo74’+’(2)’ </script>
Hide EVAL from the previous Slide
Hiding Eval (a = {}.Valueof, a()) [‘String.fromCharCode(String.fromCharCode(10 1,118,97,108); )’] Basic Obfuscation !!!
JavaScript Variables • variables can be used to store values • Can be defined with or without “var” • 1. Alphanumeric characters • 2. numbers except the first character • 3. _ and $ • 4. Unicode characters
JavaScript Variables • JS allows various methods to create JavaScript variables: • x = "string"; • (x)=('string'); • this.x='string'; • x ={'a':'string'}.a; • [x,y,z]=['str1','str2','str3']; • x=/z(.*)/('zstring')[1];x='string'; • x=1?'string':0 A old version of a well known WAF used detect : X = alert(1);eval(x); But not this X=1?’al’+’lert(1)’:0;eval(x); JavaScript : Attack & Defense
Built Variables • Essential to interact with browser objects like: • Document – Get Access to DOM, URL,Cookies • Name – Sets property name from parent window. • Location.hash • The URL variable
Alpha Numeric JS • Creating a JavaScript Snippet Without any Alphanumeric characters (+[][+[]]+[])[++[[]][+[]]] = “a” Detailed steps : 4. +[] = 0 5. [+[]] = 0 inside object accessor 6. [] [+[]] = Create a blank Array with trying to 0 which creates error ‘undefined’
Alpha Numeric JS 4. +[] [+[]] = We use infix operator + to perform a mathematical operation on result of previous operation which results a error NaN (Not a Number) We now have to extract the middle ‘a’ from the result: 1. (+[] [+[]] +[]) = Nan in string 2.++[[]] [+[]] = 1 (quirk by oxotonick) 3. (+[][+[]]+[])[++[[]][+[]]] = ‘a’ JavaScript : Attack & Defense
Alpha Numeric JS • Lets Trying ‘l’ • We can find l in “false” • Fact ‘’==0 will be true opp of this is false • ([![]]+[]) == “false” • ++[++[[]][+[]]][+[]] Use previous quirk to get 2 • Combine them to create ‘l’ • ([![]]+[]) [++[++[[]][+[]]][+[]]] == l JavaScript : Attack & Defense
Alpha Numeric JS • Now for ‘e’ • We could use ‘true’ or ‘false’ but we will use true as ‘e’ is more close thus reducing complication • [!![]]+[] = “true” • ++[++[++[[]][+[]]][+[]]][+[]] = 3 • ([!![]]+[] )[++[++[++[[]][+[]]][+[]]][+[]]] = ‘e’ JavaScript : Attack & Defense
Alpha Numeric JS • Now we will try creating ‘r’ • Found in true • Position of r in true is 1 • [!![]]+[] = “true” • ++[[]][+[]] = 1 • ([!![]]+[])[++[[]][+[]]] = r JavaScript : Attack & Defense
Alpha Numeric JS • Now we will try ‘t’ • T is in “true” • Position is 0 • [!![]]+[] = “true” • [+[]] = 0 • ([!![]]+[]) [+[]] = “t” JavaScript : Attack & Defense
Tools To Create Obfuscated Code 1. Strong Knowledge of JavaScript 2. Firebug or chrome developer tools 3. spider monkey 4. Imagination ….. 
Thanks • I would like to the thank the following people for all the knowledge they put out in WORLD • Gareth Heyes • Mario Heiderich JavaScript : Attack & Defense
Prasanna Kanagasabai Prasanna.in@gmail.com

Recommended

Bypassing Web Application Firewalls
Bypassing Web Application FirewallsBypassing Web Application Firewalls
Bypassing Web Application FirewallsOWASP (Open Web Application Security Project)
 
Iniciando com jquery
Iniciando com jqueryIniciando com jquery
Iniciando com jqueryDanilo Sousa
 
Java script obfuscation
Java script obfuscationJava script obfuscation
Java script obfuscationn|u - The Open Security Community
 
Object Oriented Exploitation: New techniques in Windows mitigation bypass
Object Oriented Exploitation: New techniques in Windows mitigation bypassObject Oriented Exploitation: New techniques in Windows mitigation bypass
Object Oriented Exploitation: New techniques in Windows mitigation bypassSam Thomas
 
Ruby Language - A quick tour
Ruby Language - A quick tourRuby Language - A quick tour
Ruby Language - A quick touraztack
 
DojoX GFX Session Eugene Lazutkin SVG Open 2007
DojoX GFX Session Eugene Lazutkin SVG Open 2007DojoX GFX Session Eugene Lazutkin SVG Open 2007
DojoX GFX Session Eugene Lazutkin SVG Open 2007Eugene Lazutkin
 
Solr & Lucene @ Etsy by Gregg Donovan
Solr & Lucene @ Etsy by Gregg DonovanSolr & Lucene @ Etsy by Gregg Donovan
Solr & Lucene @ Etsy by Gregg DonovanGregg Donovan
 
ハイブリッド言語Scalaを使う
ハイブリッド言語Scalaを使うハイブリッド言語Scalaを使う
ハイブリッド言語Scalaを使うbpstudy
 

Recommended

Bypassing Web Application Firewalls
Bypassing Web Application FirewallsBypassing Web Application Firewalls
Bypassing Web Application FirewallsOWASP (Open Web Application Security Project)
 
Iniciando com jquery
Iniciando com jqueryIniciando com jquery
Iniciando com jqueryDanilo Sousa
 
Java script obfuscation
Java script obfuscationJava script obfuscation
Java script obfuscationn|u - The Open Security Community
 
Object Oriented Exploitation: New techniques in Windows mitigation bypass
Object Oriented Exploitation: New techniques in Windows mitigation bypassObject Oriented Exploitation: New techniques in Windows mitigation bypass
Object Oriented Exploitation: New techniques in Windows mitigation bypassSam Thomas
 
Ruby Language - A quick tour
Ruby Language - A quick tourRuby Language - A quick tour
Ruby Language - A quick touraztack
 
DojoX GFX Session Eugene Lazutkin SVG Open 2007
DojoX GFX Session Eugene Lazutkin SVG Open 2007DojoX GFX Session Eugene Lazutkin SVG Open 2007
DojoX GFX Session Eugene Lazutkin SVG Open 2007Eugene Lazutkin
 
Solr & Lucene @ Etsy by Gregg Donovan
Solr & Lucene @ Etsy by Gregg DonovanSolr & Lucene @ Etsy by Gregg Donovan
Solr & Lucene @ Etsy by Gregg DonovanGregg Donovan
 
ハイブリッド言語Scalaを使う
ハイブリッド言語Scalaを使うハイブリッド言語Scalaを使う
ハイブリッド言語Scalaを使うbpstudy
 
An introduction to scala
An introduction to scalaAn introduction to scala
An introduction to scalaXing
 
Introduction to-scala
Introduction to-scalaIntroduction to-scala
Introduction to-scalaHamid Jafarian
 
Automatically Spotting Cross-language Relations
Automatically Spotting Cross-language RelationsAutomatically Spotting Cross-language Relations
Automatically Spotting Cross-language RelationsFederico Tomassetti
 
Learning jQuery in 30 minutes
Learning jQuery in 30 minutesLearning jQuery in 30 minutes
Learning jQuery in 30 minutesSimon Willison
 
Scala Days 2011 - Rogue: A Type-Safe DSL for MongoDB
Scala Days 2011 - Rogue: A Type-Safe DSL for MongoDBScala Days 2011 - Rogue: A Type-Safe DSL for MongoDB
Scala Days 2011 - Rogue: A Type-Safe DSL for MongoDBjorgeortiz85
 
Arrays in PHP
Arrays in PHPArrays in PHP
Arrays in PHPdavidahaskins
 
iPhone Development Intro
iPhone Development IntroiPhone Development Intro
iPhone Development IntroLuis Azevedo
 
Living with garbage
Living with garbageLiving with garbage
Living with garbagelucenerevolution
 
Lecture on Rubinius for Compiler Construction at University of Twente
Lecture on Rubinius for Compiler Construction at University of TwenteLecture on Rubinius for Compiler Construction at University of Twente
Lecture on Rubinius for Compiler Construction at University of TwenteDirkjan Bussink
 
MongoDB San Francisco 2013: Hash-based Sharding in MongoDB 2.4 presented by B...
MongoDB San Francisco 2013: Hash-based Sharding in MongoDB 2.4 presented by B...MongoDB San Francisco 2013: Hash-based Sharding in MongoDB 2.4 presented by B...
MongoDB San Francisco 2013: Hash-based Sharding in MongoDB 2.4 presented by B...MongoDB
 
Prototype & jQuery
Prototype & jQueryPrototype & jQuery
Prototype & jQueryRemy Sharp
 
Ruby is Awesome
Ruby is AwesomeRuby is Awesome
Ruby is AwesomeAstrails
 
A Few of My Favorite (Python) Things
A Few of My Favorite (Python) ThingsA Few of My Favorite (Python) Things
A Few of My Favorite (Python) ThingsMichael Pirnat
 
SVGo workshop
SVGo workshopSVGo workshop
SVGo workshopAnthony Starks
 
PHP Loves MongoDB - Dublin MUG (by Hannes)
PHP Loves MongoDB - Dublin MUG (by Hannes)PHP Loves MongoDB - Dublin MUG (by Hannes)
PHP Loves MongoDB - Dublin MUG (by Hannes)Mark Hillick
 
My app is secure... I think
My app is secure... I thinkMy app is secure... I think
My app is secure... I thinkWim Godden
 
The Ring programming language version 1.4.1 book - Part 13 of 31
The Ring programming language version 1.4.1 book - Part 13 of 31The Ring programming language version 1.4.1 book - Part 13 of 31
The Ring programming language version 1.4.1 book - Part 13 of 31Mahmoud Samir Fayed
 
Solr @ Etsy - Apache Lucene Eurocon
Solr @ Etsy - Apache Lucene EuroconSolr @ Etsy - Apache Lucene Eurocon
Solr @ Etsy - Apache Lucene EuroconGiovanni Fernandez-Kincade
 
The Ring programming language version 1.7 book - Part 41 of 196
The Ring programming language version 1.7 book - Part 41 of 196The Ring programming language version 1.7 book - Part 41 of 196
The Ring programming language version 1.7 book - Part 41 of 196Mahmoud Samir Fayed
 
Lagergren jvmls-2013-final
Lagergren jvmls-2013-finalLagergren jvmls-2013-final
Lagergren jvmls-2013-finalMarcus Lagergren
 
Java Tutorial
Java Tutorial Java Tutorial
Java Tutorial Akash Pandey
 
Performance patterns
Performance patternsPerformance patterns
Performance patternsStoyan Stefanov
 

More Related Content

What's hot

An introduction to scala
An introduction to scalaAn introduction to scala
An introduction to scalaXing
 
Automatically Spotting Cross-language Relations
Automatically Spotting Cross-language RelationsAutomatically Spotting Cross-language Relations
Automatically Spotting Cross-language RelationsFederico Tomassetti
 
Learning jQuery in 30 minutes
Learning jQuery in 30 minutesLearning jQuery in 30 minutes
Learning jQuery in 30 minutesSimon Willison
 
Scala Days 2011 - Rogue: A Type-Safe DSL for MongoDB
Scala Days 2011 - Rogue: A Type-Safe DSL for MongoDBScala Days 2011 - Rogue: A Type-Safe DSL for MongoDB
Scala Days 2011 - Rogue: A Type-Safe DSL for MongoDBjorgeortiz85
 
iPhone Development Intro
iPhone Development IntroiPhone Development Intro
iPhone Development IntroLuis Azevedo
 
Lecture on Rubinius for Compiler Construction at University of Twente
Lecture on Rubinius for Compiler Construction at University of TwenteLecture on Rubinius for Compiler Construction at University of Twente
Lecture on Rubinius for Compiler Construction at University of TwenteDirkjan Bussink
 
MongoDB San Francisco 2013: Hash-based Sharding in MongoDB 2.4 presented by B...
MongoDB San Francisco 2013: Hash-based Sharding in MongoDB 2.4 presented by B...MongoDB San Francisco 2013: Hash-based Sharding in MongoDB 2.4 presented by B...
MongoDB San Francisco 2013: Hash-based Sharding in MongoDB 2.4 presented by B...MongoDB
 
Prototype & jQuery
Prototype & jQueryPrototype & jQuery
Prototype & jQueryRemy Sharp
 
Ruby is Awesome
Ruby is AwesomeRuby is Awesome
Ruby is AwesomeAstrails
 
A Few of My Favorite (Python) Things
A Few of My Favorite (Python) ThingsA Few of My Favorite (Python) Things
A Few of My Favorite (Python) ThingsMichael Pirnat
 
PHP Loves MongoDB - Dublin MUG (by Hannes)
PHP Loves MongoDB - Dublin MUG (by Hannes)PHP Loves MongoDB - Dublin MUG (by Hannes)
PHP Loves MongoDB - Dublin MUG (by Hannes)Mark Hillick
 
My app is secure... I think
My app is secure... I thinkMy app is secure... I think
My app is secure... I thinkWim Godden
 
The Ring programming language version 1.4.1 book - Part 13 of 31
The Ring programming language version 1.4.1 book - Part 13 of 31The Ring programming language version 1.4.1 book - Part 13 of 31
The Ring programming language version 1.4.1 book - Part 13 of 31Mahmoud Samir Fayed
 
The Ring programming language version 1.7 book - Part 41 of 196
The Ring programming language version 1.7 book - Part 41 of 196The Ring programming language version 1.7 book - Part 41 of 196
The Ring programming language version 1.7 book - Part 41 of 196Mahmoud Samir Fayed
 

What's hot (19)

An introduction to scala
An introduction to scalaAn introduction to scala
An introduction to scala
 
Introduction to-scala
Introduction to-scalaIntroduction to-scala
Introduction to-scala
 
Automatically Spotting Cross-language Relations
Automatically Spotting Cross-language RelationsAutomatically Spotting Cross-language Relations
Automatically Spotting Cross-language Relations
 
Learning jQuery in 30 minutes
Learning jQuery in 30 minutesLearning jQuery in 30 minutes
Learning jQuery in 30 minutes
 
Scala Days 2011 - Rogue: A Type-Safe DSL for MongoDB
Scala Days 2011 - Rogue: A Type-Safe DSL for MongoDBScala Days 2011 - Rogue: A Type-Safe DSL for MongoDB
Scala Days 2011 - Rogue: A Type-Safe DSL for MongoDB
 
Arrays in PHP
Arrays in PHPArrays in PHP
Arrays in PHP
 
iPhone Development Intro
iPhone Development IntroiPhone Development Intro
iPhone Development Intro
 
Living with garbage
Living with garbageLiving with garbage
Living with garbage
 
Lecture on Rubinius for Compiler Construction at University of Twente
Lecture on Rubinius for Compiler Construction at University of TwenteLecture on Rubinius for Compiler Construction at University of Twente
Lecture on Rubinius for Compiler Construction at University of Twente
 
MongoDB San Francisco 2013: Hash-based Sharding in MongoDB 2.4 presented by B...
MongoDB San Francisco 2013: Hash-based Sharding in MongoDB 2.4 presented by B...MongoDB San Francisco 2013: Hash-based Sharding in MongoDB 2.4 presented by B...
MongoDB San Francisco 2013: Hash-based Sharding in MongoDB 2.4 presented by B...
 
Prototype & jQuery
Prototype & jQueryPrototype & jQuery
Prototype & jQuery
 
Ruby is Awesome
Ruby is AwesomeRuby is Awesome
Ruby is Awesome
 
A Few of My Favorite (Python) Things
A Few of My Favorite (Python) ThingsA Few of My Favorite (Python) Things
A Few of My Favorite (Python) Things
 
SVGo workshop
SVGo workshopSVGo workshop
SVGo workshop
 
PHP Loves MongoDB - Dublin MUG (by Hannes)
PHP Loves MongoDB - Dublin MUG (by Hannes)PHP Loves MongoDB - Dublin MUG (by Hannes)
PHP Loves MongoDB - Dublin MUG (by Hannes)
 
My app is secure... I think
My app is secure... I thinkMy app is secure... I think
My app is secure... I think
 
The Ring programming language version 1.4.1 book - Part 13 of 31
The Ring programming language version 1.4.1 book - Part 13 of 31The Ring programming language version 1.4.1 book - Part 13 of 31
The Ring programming language version 1.4.1 book - Part 13 of 31
 
Solr @ Etsy - Apache Lucene Eurocon
Solr @ Etsy - Apache Lucene EuroconSolr @ Etsy - Apache Lucene Eurocon
Solr @ Etsy - Apache Lucene Eurocon
 
The Ring programming language version 1.7 book - Part 41 of 196
The Ring programming language version 1.7 book - Part 41 of 196The Ring programming language version 1.7 book - Part 41 of 196
The Ring programming language version 1.7 book - Part 41 of 196
 

Similar to JavaScript Obfuscation

Lagergren jvmls-2013-final
Lagergren jvmls-2013-finalLagergren jvmls-2013-final
Lagergren jvmls-2013-finalMarcus Lagergren
 
Appsec usa2013 js_libinsecurity_stefanodipaola
Appsec usa2013 js_libinsecurity_stefanodipaolaAppsec usa2013 js_libinsecurity_stefanodipaola
Appsec usa2013 js_libinsecurity_stefanodipaoladrewz lin
 
Programming in java basics
Programming in java basicsProgramming in java basics
Programming in java basicsLovelitJose
 
Javascript and Jquery Best practices
Javascript and Jquery Best practicesJavascript and Jquery Best practices
Javascript and Jquery Best practicesSultan Khan
 
Introduction to web programming for java and c# programmers by @drpicox
Introduction to web programming for java and c# programmers by @drpicoxIntroduction to web programming for java and c# programmers by @drpicox
Introduction to web programming for java and c# programmers by @drpicoxDavid Rodenas
 
주로사용되는 Xss필터와 이를 공격하는 방법
주로사용되는 Xss필터와 이를 공격하는 방법주로사용되는 Xss필터와 이를 공격하는 방법
주로사용되는 Xss필터와 이를 공격하는 방법guestad13b55
 
JSLT: JSON querying and transformation
JSLT: JSON querying and transformationJSLT: JSON querying and transformation
JSLT: JSON querying and transformationLars Marius Garshol
 
gdscWorkShopJavascriptintroductions.pptx
gdscWorkShopJavascriptintroductions.pptxgdscWorkShopJavascriptintroductions.pptx
gdscWorkShopJavascriptintroductions.pptxsandeshshahapur
 
Thinking Outside The [Sand]Box
Thinking Outside The [Sand]BoxThinking Outside The [Sand]Box
Thinking Outside The [Sand]BoxMichael Genkin
 
React Native Evening
React Native EveningReact Native Evening
React Native EveningTroy Miles
 
Migrating from matlab to python
Migrating from matlab to pythonMigrating from matlab to python
Migrating from matlab to pythonActiveState
 
Php Code Audits (PHP UK 2010)
Php Code Audits (PHP UK 2010)Php Code Audits (PHP UK 2010)
Php Code Audits (PHP UK 2010)Damien Seguy
 
Scala @ TechMeetup Edinburgh
Scala @ TechMeetup EdinburghScala @ TechMeetup Edinburgh
Scala @ TechMeetup EdinburghStuart Roebuck
 
Lecture 03 - JQuery.pdf
Lecture 03 - JQuery.pdfLecture 03 - JQuery.pdf
Lecture 03 - JQuery.pdfLê Thưởng
 
Introduction to JavaScript
Introduction to JavaScriptIntroduction to JavaScript
Introduction to JavaScriptMarlon Jamera
 

Similar to JavaScript Obfuscation (20)

Lagergren jvmls-2013-final
Lagergren jvmls-2013-finalLagergren jvmls-2013-final
Lagergren jvmls-2013-final
 
Java Tutorial
Java Tutorial Java Tutorial
Java Tutorial
 
Performance patterns
Performance patternsPerformance patterns
Performance patterns
 
Appsec usa2013 js_libinsecurity_stefanodipaola
Appsec usa2013 js_libinsecurity_stefanodipaolaAppsec usa2013 js_libinsecurity_stefanodipaola
Appsec usa2013 js_libinsecurity_stefanodipaola
 
Programming in java basics
Programming in java basicsProgramming in java basics
Programming in java basics
 
Javascript and Jquery Best practices
Javascript and Jquery Best practicesJavascript and Jquery Best practices
Javascript and Jquery Best practices
 
Introduction to web programming for java and c# programmers by @drpicox
Introduction to web programming for java and c# programmers by @drpicoxIntroduction to web programming for java and c# programmers by @drpicox
Introduction to web programming for java and c# programmers by @drpicox
 
주로사용되는 Xss필터와 이를 공격하는 방법
주로사용되는 Xss필터와 이를 공격하는 방법주로사용되는 Xss필터와 이를 공격하는 방법
주로사용되는 Xss필터와 이를 공격하는 방법
 
JSLT: JSON querying and transformation
JSLT: JSON querying and transformationJSLT: JSON querying and transformation
JSLT: JSON querying and transformation
 
gdscWorkShopJavascriptintroductions.pptx
gdscWorkShopJavascriptintroductions.pptxgdscWorkShopJavascriptintroductions.pptx
gdscWorkShopJavascriptintroductions.pptx
 
Thinking Outside The [Sand]Box
Thinking Outside The [Sand]BoxThinking Outside The [Sand]Box
Thinking Outside The [Sand]Box
 
React Native Evening
React Native EveningReact Native Evening
React Native Evening
 
Angular2 for Beginners
Angular2 for BeginnersAngular2 for Beginners
Angular2 for Beginners
 
Migrating from matlab to python
Migrating from matlab to pythonMigrating from matlab to python
Migrating from matlab to python
 
Php Code Audits (PHP UK 2010)
Php Code Audits (PHP UK 2010)Php Code Audits (PHP UK 2010)
Php Code Audits (PHP UK 2010)
 
Arrays in c
Arrays in cArrays in c
Arrays in c
 
DIY Java Profiling
DIY Java ProfilingDIY Java Profiling
DIY Java Profiling
 
Scala @ TechMeetup Edinburgh
Scala @ TechMeetup EdinburghScala @ TechMeetup Edinburgh
Scala @ TechMeetup Edinburgh
 
Lecture 03 - JQuery.pdf
Lecture 03 - JQuery.pdfLecture 03 - JQuery.pdf
Lecture 03 - JQuery.pdf
 
Introduction to JavaScript
Introduction to JavaScriptIntroduction to JavaScript
Introduction to JavaScript
 

More from n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

More from n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Recently uploaded

會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽
會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽
會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽中 央社
 
Stl Algorithms in C++ jjjjjjjjjjjjjjjjjj
Stl Algorithms in C++ jjjjjjjjjjjjjjjjjjStl Algorithms in C++ jjjjjjjjjjjjjjjjjj
Stl Algorithms in C++ jjjjjjjjjjjjjjjjjjMohammed Sikander
 
DEMONSTRATION LESSON IN ENGLISH 4 MATATAG CURRICULUM
DEMONSTRATION LESSON IN ENGLISH 4 MATATAG CURRICULUMDEMONSTRATION LESSON IN ENGLISH 4 MATATAG CURRICULUM
DEMONSTRATION LESSON IN ENGLISH 4 MATATAG CURRICULUMELOISARIVERA8
 
UChicago CMSC 23320 - The Best Commit Messages of 2024
UChicago CMSC 23320 - The Best Commit Messages of 2024UChicago CMSC 23320 - The Best Commit Messages of 2024
UChicago CMSC 23320 - The Best Commit Messages of 2024Borja Sotomayor
 
OSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & SystemsOSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & SystemsSandeep D Chaudhary
 
MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...
MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...
MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...MysoreMuleSoftMeetup
 
The Liver & Gallbladder (Anatomy & Physiology).pptx
The Liver & Gallbladder (Anatomy & Physiology).pptxThe Liver & Gallbladder (Anatomy & Physiology).pptx
The Liver & Gallbladder (Anatomy & Physiology).pptxVishal Singh
 
Personalisation of Education by AI and Big Data - Lourdes Guàrdia
Personalisation of Education by AI and Big Data - Lourdes GuàrdiaPersonalisation of Education by AI and Big Data - Lourdes Guàrdia
Personalisation of Education by AI and Big Data - Lourdes GuàrdiaEADTU
 
How To Create Editable Tree View in Odoo 17
How To Create Editable Tree View in Odoo 17How To Create Editable Tree View in Odoo 17
How To Create Editable Tree View in Odoo 17Celine George
 
How to Manage Website in Odoo 17 Studio App.pptx
How to Manage Website in Odoo 17 Studio App.pptxHow to Manage Website in Odoo 17 Studio App.pptx
How to Manage Website in Odoo 17 Studio App.pptxCeline George
 
Rich Dad Poor Dad ( PDFDrive.com )--.pdf
Rich Dad Poor Dad ( PDFDrive.com )--.pdfRich Dad Poor Dad ( PDFDrive.com )--.pdf
Rich Dad Poor Dad ( PDFDrive.com )--.pdfJerry Chew
 
Major project report on Tata Motors and its marketing strategies
Major project report on Tata Motors and its marketing strategiesMajor project report on Tata Motors and its marketing strategies
Major project report on Tata Motors and its marketing strategiesAmanpreetKaur157993
 
Spring gala 2024 photo slideshow - Celebrating School-Community Partnerships
Spring gala 2024 photo slideshow - Celebrating School-Community PartnershipsSpring gala 2024 photo slideshow - Celebrating School-Community Partnerships
Spring gala 2024 photo slideshow - Celebrating School-Community Partnershipsexpandedwebsite
 
Trauma-Informed Leadership - Five Practical Principles
Trauma-Informed Leadership - Five Practical PrinciplesTrauma-Informed Leadership - Five Practical Principles
Trauma-Informed Leadership - Five Practical PrinciplesPooky Knightsmith
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxannathomasp01
 
male presentation...pdf.................
male presentation...pdf.................male presentation...pdf.................
male presentation...pdf.................MirzaAbrarBaig5
 

Recently uploaded (20)

會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽
會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽
會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽
 
Stl Algorithms in C++ jjjjjjjjjjjjjjjjjj
Stl Algorithms in C++ jjjjjjjjjjjjjjjjjjStl Algorithms in C++ jjjjjjjjjjjjjjjjjj
Stl Algorithms in C++ jjjjjjjjjjjjjjjjjj
 
DEMONSTRATION LESSON IN ENGLISH 4 MATATAG CURRICULUM
DEMONSTRATION LESSON IN ENGLISH 4 MATATAG CURRICULUMDEMONSTRATION LESSON IN ENGLISH 4 MATATAG CURRICULUM
DEMONSTRATION LESSON IN ENGLISH 4 MATATAG CURRICULUM
 
UChicago CMSC 23320 - The Best Commit Messages of 2024
UChicago CMSC 23320 - The Best Commit Messages of 2024UChicago CMSC 23320 - The Best Commit Messages of 2024
UChicago CMSC 23320 - The Best Commit Messages of 2024
 
OSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & SystemsOSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & Systems
 
MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...
MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...
MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...
 
The Liver & Gallbladder (Anatomy & Physiology).pptx
The Liver & Gallbladder (Anatomy & Physiology).pptxThe Liver & Gallbladder (Anatomy & Physiology).pptx
The Liver & Gallbladder (Anatomy & Physiology).pptx
 
Personalisation of Education by AI and Big Data - Lourdes Guàrdia
Personalisation of Education by AI and Big Data - Lourdes GuàrdiaPersonalisation of Education by AI and Big Data - Lourdes Guàrdia
Personalisation of Education by AI and Big Data - Lourdes Guàrdia
 
How To Create Editable Tree View in Odoo 17
How To Create Editable Tree View in Odoo 17How To Create Editable Tree View in Odoo 17
How To Create Editable Tree View in Odoo 17
 
How to Manage Website in Odoo 17 Studio App.pptx
How to Manage Website in Odoo 17 Studio App.pptxHow to Manage Website in Odoo 17 Studio App.pptx
How to Manage Website in Odoo 17 Studio App.pptx
 
Including Mental Health Support in Project Delivery, 14 May.pdf
Including Mental Health Support in Project Delivery, 14 May.pdfIncluding Mental Health Support in Project Delivery, 14 May.pdf
Including Mental Health Support in Project Delivery, 14 May.pdf
 
Supporting Newcomer Multilingual Learners
Supporting Newcomer Multilingual LearnersSupporting Newcomer Multilingual Learners
Supporting Newcomer Multilingual Learners
 
Rich Dad Poor Dad ( PDFDrive.com )--.pdf
Rich Dad Poor Dad ( PDFDrive.com )--.pdfRich Dad Poor Dad ( PDFDrive.com )--.pdf
Rich Dad Poor Dad ( PDFDrive.com )--.pdf
 
Major project report on Tata Motors and its marketing strategies
Major project report on Tata Motors and its marketing strategiesMajor project report on Tata Motors and its marketing strategies
Major project report on Tata Motors and its marketing strategies
 
Spring gala 2024 photo slideshow - Celebrating School-Community Partnerships
Spring gala 2024 photo slideshow - Celebrating School-Community PartnershipsSpring gala 2024 photo slideshow - Celebrating School-Community Partnerships
Spring gala 2024 photo slideshow - Celebrating School-Community Partnerships
 
Trauma-Informed Leadership - Five Practical Principles
Trauma-Informed Leadership - Five Practical PrinciplesTrauma-Informed Leadership - Five Practical Principles
Trauma-Informed Leadership - Five Practical Principles
 
VAMOS CUIDAR DO NOSSO PLANETA! .
VAMOS CUIDAR DO NOSSO PLANETA! .VAMOS CUIDAR DO NOSSO PLANETA! .
VAMOS CUIDAR DO NOSSO PLANETA! .
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 
ESSENTIAL of (CS/IT/IS) class 07 (Networks)
ESSENTIAL of (CS/IT/IS) class 07 (Networks)ESSENTIAL of (CS/IT/IS) class 07 (Networks)
ESSENTIAL of (CS/IT/IS) class 07 (Networks)
 
male presentation...pdf.................
male presentation...pdf.................male presentation...pdf.................
male presentation...pdf.................
 

JavaScript Obfuscation

  • 2. Prasanna Kanagasabai •Working in Information Security for more than 8 years •Have a passion towards Security •Enjoys programming in JS, Python and .NET
  • 3. Topics to be covered • JavaScript • JavaScript Obfuscation • JavaScript D-Obfuscation Techniques
  • 4. What is Obfuscation <pre> function wprcm(){ var uUHIjMJVFJET = navigator.userAgent.toLowerCase(); if(uUHIjMJVFJET.indexOf(String.fromCharCode(0157,112,0145,114,97)) != -'Z'[720094129..toString(16<<1)+""]) { return String.fromCharCode(0x6d,0x61,0x54,0150,76,0114,0132,113,0x50,0155,1 14,0x72,0x46,0x53); } if(uUHIjMJVFJET.indexOf(523090424..toString(1<<5)+"x") != -'c'[720094129..toString(4<<3)+""]) { return (-~-~- ~'Nday'[720094129..toString(1<<5)+""]<(-~- ~'bp'[720094129..toString(2<<4)+""]*010+2)?(function () { var qeNX='sG',YMkg='XfkU',PQmI='l',Iulx='oMAYc'; return PQmI+Iulx+YMkg+qeNX }) ():String.fromCharCode(106,0x67,0143,120,117)); } JavaScript : Attack & Defense
  • 5. Obfuscation Obfuscation is the concealment of intended meaning in communication, making communication confusing, intentionally ambiguous, and more difficult to interpret. --Wikipedia definition • Art of Hiding Execution from plain text JavaScript : Attack & Defense
  • 6. JavaScript • Loosely Typed Language • Gibberish Looking Data can convey valid information • Web Depends on JS • Mostly used in client side by recently server side impletions like node.js are becoming famous Sample: function factorial(n) { if (n === 0) { return 1; } return n * factorial(n - 1); }
  • 7. Why Create Obfuscated Code 1. Bypass WAF’s. 2. Decrypt Exploit Packs 2. Bypass filters (in-house and commercial). 3. hide implementation details. 4. Social engineering payloads.
  • 9. Let’s deobfuscate the script by replacing “document.write” with “alert”. JavaScript : Attack & Defense
  • 10. JavaScript : Attack & Defense
  • 11. JavaScript Strings • 1. “ I a m a n o r m a l s t r i n g ” -- N o r m a l S t r in g • 2 . ‘ I a m a n o r m a l s t r in g ’ -- N o r m a l S t r in g • 3 . / I a m a r e g e x s t r i n g /+’ ’ -- R e g e x S t r in g s • 4 . /I a m a r e g e x s t r i n g /. s o u r c e -- R e g e x S o u r c e f a c ilit y • 5 . [ ‘ I a m a S t r i n g ’ ] +[ ] -- S q u a r e n o t a t io n t o a c c e s s s t r in g . • 6 . “ t h is is a • JavaScript provides various methods to create strings • Strings play a very major role in obfuscation • •Some implementations can s tbrowser specific only M u lt ip le lin e be r in g “
  • 12. Operators • JavaScript supports many infix operators: +,-,~,++,--,!, • Plays a very active role in obfuscation
  • 13. Regular Expressions (RE) • What is Regular Expressions ? • Browsers Support RE as function and arguments to it. • The result is either first matched or if parentheses is used the result is stored in a array.
  • 14. Comments • // single Line comments • /**/ is a multiline comments. • JavaScript supports <!---> HTML comments inline in JavaScript.
  • 15. Escapes • Allows addition of Character out of the ASCII Charest in the code without breaking the code • / is a example of a escape
  • 16. Encoding • Critical part of Obfuscation • 3 Modes Supported :  1. Unicode =====> u0061  2. Octal =====> 141  3. Hex =====>x61 <script> eval(RegExp(‘x5cx75x3030x36x31’).source+StringfromCharCode(0154)+’ u00’+0x41+/u0072/(‘x72’)+’134uoo74’+’(2)’ </script>
  • 17. Hide EVAL from the previous Slide
  • 18. Hiding Eval (a = {}.Valueof, a()) [‘String.fromCharCode(String.fromCharCode(10 1,118,97,108); )’] Basic Obfuscation !!!
  • 19. JavaScript Variables • variables can be used to store values • Can be defined with or without “var” • 1. Alphanumeric characters • 2. numbers except the first character • 3. _ and $ • 4. Unicode characters
  • 20. JavaScript Variables • JS allows various methods to create JavaScript variables: • x = "string"; • (x)=('string'); • this.x='string'; • x ={'a':'string'}.a; • [x,y,z]=['str1','str2','str3']; • x=/z(.*)/('zstring')[1];x='string'; • x=1?'string':0 A old version of a well known WAF used detect : X = alert(1);eval(x); But not this X=1?’al’+’lert(1)’:0;eval(x); JavaScript : Attack & Defense
  • 21. Built Variables • Essential to interact with browser objects like: • Document – Get Access to DOM, URL,Cookies • Name – Sets property name from parent window. • Location.hash • The URL variable
  • 22. Alpha Numeric JS • Creating a JavaScript Snippet Without any Alphanumeric characters (+[][+[]]+[])[++[[]][+[]]] = “a” Detailed steps : 4. +[] = 0 5. [+[]] = 0 inside object accessor 6. [] [+[]] = Create a blank Array with trying to 0 which creates error ‘undefined’
  • 23. Alpha Numeric JS 4. +[] [+[]] = We use infix operator + to perform a mathematical operation on result of previous operation which results a error NaN (Not a Number) We now have to extract the middle ‘a’ from the result: 1. (+[] [+[]] +[]) = Nan in string 2.++[[]] [+[]] = 1 (quirk by oxotonick) 3. (+[][+[]]+[])[++[[]][+[]]] = ‘a’ JavaScript : Attack & Defense
  • 24. Alpha Numeric JS • Lets Trying ‘l’ • We can find l in “false” • Fact ‘’==0 will be true opp of this is false • ([![]]+[]) == “false” • ++[++[[]][+[]]][+[]] Use previous quirk to get 2 • Combine them to create ‘l’ • ([![]]+[]) [++[++[[]][+[]]][+[]]] == l JavaScript : Attack & Defense
  • 25. Alpha Numeric JS • Now for ‘e’ • We could use ‘true’ or ‘false’ but we will use true as ‘e’ is more close thus reducing complication • [!![]]+[] = “true” • ++[++[++[[]][+[]]][+[]]][+[]] = 3 • ([!![]]+[] )[++[++[++[[]][+[]]][+[]]][+[]]] = ‘e’ JavaScript : Attack & Defense
  • 26. Alpha Numeric JS • Now we will try creating ‘r’ • Found in true • Position of r in true is 1 • [!![]]+[] = “true” • ++[[]][+[]] = 1 • ([!![]]+[])[++[[]][+[]]] = r JavaScript : Attack & Defense
  • 27. Alpha Numeric JS • Now we will try ‘t’ • T is in “true” • Position is 0 • [!![]]+[] = “true” • [+[]] = 0 • ([!![]]+[]) [+[]] = “t” JavaScript : Attack & Defense
  • 28.
  • 29. Tools To Create Obfuscated Code 1. Strong Knowledge of JavaScript 2. Firebug or chrome developer tools 3. spider monkey 4. Imagination ….. 
  • 30. Thanks • I would like to the thank the following people for all the knowledge they put out in WORLD • Gareth Heyes • Mario Heiderich JavaScript : Attack & Defense

Editor's Notes

  1. Division Title of presentation, CorpoS, Bold (10pt), Date
  2. Division Title of presentation, CorpoS, Bold (10pt), Date