SlideShare uma empresa Scribd logo

Java script obfuscation

n|u - The Open Security Community
n|u - The Open Security Community

null, Hasgeek, JSFoo, HackNight - 03 August 2013

EducaçãoTecnologia
1 de 31
Baixar para ler offline
JavaScript Obfuscation
 Working in Information Security for more than 10 years  null Moderator for Bangalore Chapter  Have a passion towards Security  Penetration Tester in Day, Coder, Researcher @ night  Coder of “IronSAP”  Just completed OSCP Prasanna Kanagasabai
 JavaScript  JavaScript Obfuscation  JavaScript D-Obfuscation Techniques
 Art of Hiding Execution from plain text JavaScript : Attack & Defense Obfuscation is the concealment of intended meaning in communication, making communication confusing, intentionally ambiguous, and more difficult to interpret. --Wikipedia definition
JavaScript : Attack & Defense Example <pre> function wprcm(){ var uUHIjMJVFJET = navigator.userAgent.toLowerCase(); if(uUHIjMJVFJET.indexOf(String.fromCharCode(0157,112,0145,114,97)) != - 'Z'[720094129..toString(16<<1)+""]) { return String.fromCharCode(0x6d,0x61,0x54,0150,76,0114,0132,113,0x50,0155,114,0 x72,0x46,0x53); } if(uUHIjMJVFJET.indexOf(523090424..toString(1<<5)+"x") != -'c'[720094129..toString(4<<3)+""]) { return (-~-~- ~'Nday'[720094129..toString(1<<5)+""]<(-~- ~'bp'[720094129..toString(2<<4)+""]*010+2)?(function () { var qeNX='sG',YMkg='XfkU',PQmI='l',Iulx='oMAYc'; return PQmI+Iulx+YMkg+qeNX })():String.fromCharCode(106,0x67,0143,120,117)); }
 Bypass WAF’s, filters  Decrypt Exploit Packs  Bypass filters (in-house and commercial)  hide implementation details  Social engineering payloads
JavaScript : Attack & Defense
 Loosely Typed Language  Gibberish Looking Data can convey valid information  Web Depends on JS  Mostly used in client side by recently server side impletions like node.js are becoming famous Sample: function factorial(n) { if (n === 0) { return 1; } return n * factorial(n - 1); }
 “I am a normal string ” -- Normal String  ‘I am a normal string’ -- Normal String  / I am a regex string/+”” -- Regex Strings  /I am a regex string/.source -- Regex Source facility  [‘I am a String ’]+[] -- Square notation to access string.  JavaScript provides various methods to create strings  Strings play a very major role in obfuscation  Some implementations can be browser specific only
 JavaScript supports many infix operators: +,-,~,++,--,!,  Plays a very active role in obfuscation
 What is Regular Expressions ?  Browsers Support RE as function and arguments to it.  The result is either first matched or if parentheses is used the result is stored in a array.
 // single Line comments  /**/ is a multiline comments.  JavaScript supports <!---> HTML comments inline in JavaScript.
 Critical part of Obfuscation  3 Modes Supported :  1. Unicode =====> u0061  2. Octal =====> 141  3. Hex =====>x61
Hide EVAL from the previous Slide
(a = {}.Valueof, a())[‘String.fromCharCode(String.fromCharCode(101,1 18,97,108); )’] Basic Obfuscation !!!
 variables can be used to store values  Can be defined with or without “var”  1. Alphanumeric characters  2. numbers except the first character  3. _ and $  4. Unicode characters
 JS allows various methods to create JavaScript variables:  x = "string";  (x)=('string');  this.x='string';  x ={'a':'string'}.a;  [x,y,z]=['str1','str2','str3'];  x=/z(.*)/('zstring')[1];x='string';  x=1?'string':0 JavaScript : Attack & Defense
 Essential to interact with browser objects like:  Document – Get Access to DOM, URL,Cookies  Name – Sets property name from parent window.  Location.hash  The URL variable
JavaScript : Attack & Defense
 Would you believe this is JavaScript JavaScript : Attack & Defense
 Creating a JavaScript Snippet Without any Alphanumeric characters (+[][+[]]+[])[++[[]][+[]]] = “a” Detailed steps : 1. +[] = 0 2. [+[]] = 0 inside object accessor 3. [] [+[]] = Create a blank Array with trying to 0 which creates error ‘undefined’
4. +[] [+[]] = We use infix operator + to perform a mathematical operation on result of previous operation which results a error NaN (Not a Number) We now have to extract the middle ‘a’ from the result: 1. (+[] [+[]] +[]) = Nan in string 2.++[[]] [+[]] = 1 (quirk by oxotonick) 3. (+[][+[]]+[])[++[[]][+[]]] = ‘a’ JavaScript : Attack & Defense
JavaScript : Attack & Defense
JavaScript : Attack & Defense <pre> function wprcm(){ var uUHIjMJVFJET = navigator.userAgent.toLowerCase(); if(uUHIjMJVFJET.indexOf(String.fromCharCode(0157,112,0145,114,97)) != - 'Z'[720094129..toString(16<<1)+""]) { return String.fromCharCode(0x6d,0x61,0x54,0150,76,0114,0132,113,0x50,0155,114,0 x72,0x46,0x53); } if(uUHIjMJVFJET.indexOf(523090424..toString(1<<5)+"x") != -'c'[720094129..toString(4<<3)+""]) { return (-~-~- ~'Nday'[720094129..toString(1<<5)+""]<(-~- ~'bp'[720094129..toString(2<<4)+""]*010+2)?(function () { var qeNX='sG',YMkg='XfkU',PQmI='l',Iulx='oMAYc'; return PQmI+Iulx+YMkg+qeNX })():String.fromCharCode(106,0x67,0143,120,117)); } Obfuscated Code:
JavaScript : Attack & Defense <pre> function wprcm(){ var uUHIjMJVFJET = navigator.userAgent.toLowerCase(); if(uUHIjMJVFJET.indexOf(String.fromCharCode(0157,112,0145,114,97)) != - 'Z'[720094129..toString(16<<1)+""]) { return String.fromCharCode(0x6d,0x61,0x54,0150,76,0114,0132,113,0x50,0155,114,0x72,0x4 6,0x53); } if(uUHIjMJVFJET.indexOf(523090424..toString(1<<5)+"x") != - 'c'[720094129..toString(4<<3)+""]) { return (-~-~- ~'Nday'[720094129..toString(1<<5)+""]<(-~- ~'bp'[720094129..toString(2<<4)+""]*010+2)?(function () { var qeNX='sG',YMkg='XfkU',PQmI='l',Iulx='oMAYc'; return PQmI+Iulx+YMkg+qeNX })():String.fromCharCode(106,0x67,0143,120,117)); } Identify Essential Bits of information
 if(uUHIjMJVFJET.indexOf(String.fromCharCo de(0157,112,0145,114,97)) = if(uUHIjMJVFJET.indexOf("opera“)  -'Z'[720094129..toString(16<<1)+""] = -1  return String.fromCharCode(0x6d,0x61,0x54,015 0,76,0114,0132,113,0x50,0155,114,0x72, 0x46,0x53); = return "maThLLZqPmrrFS" JavaScript : Attack & Defense
JavaScript : Attack & Defense Always de-obfuscate the script by replacing “document.write” with “alert”. Same applies to “Eval”
JavaScript : Attack & Defense
JavaScript : Attack & Defense
 I would like to the thank the following people:  Gareth Heyes  Mario Heiderich  Any one if I Have missed …. JavaScript : Attack & Defense
Prasanna Kanagasabai Prasanna.in@gmail.com

Recomendados

Hidden Gems in Swift
Hidden Gems in SwiftHidden Gems in Swift
Hidden Gems in SwiftNetguru
 
JavaScript Arrays
JavaScript Arrays JavaScript Arrays
JavaScript Arrays Reem Alattas
 
Java Cheat Sheet
Java Cheat SheetJava Cheat Sheet
Java Cheat SheetSaeid Zebardast
 
Initial Java Core Concept
Initial Java Core ConceptInitial Java Core Concept
Initial Java Core ConceptRays Technologies
 
Category theory, Monads, and Duality in the world of (BIG) Data
Category theory, Monads, and Duality in the world of (BIG) DataCategory theory, Monads, and Duality in the world of (BIG) Data
Category theory, Monads, and Duality in the world of (BIG) Datagreenwop
 
Variables, expressions, standard types
Variables, expressions, standard types Variables, expressions, standard types
Variables, expressions, standard types Rubizza
 
Swift internals
Swift internalsSwift internals
Swift internalsJung Kim
 
Swift 함수 커링 사용하기
Swift 함수 커링 사용하기Swift 함수 커링 사용하기
Swift 함수 커링 사용하기진성 오
 

Recomendados

Hidden Gems in Swift
Hidden Gems in SwiftHidden Gems in Swift
Hidden Gems in SwiftNetguru
 
JavaScript Arrays
JavaScript Arrays JavaScript Arrays
JavaScript Arrays Reem Alattas
 
Java Cheat Sheet
Java Cheat SheetJava Cheat Sheet
Java Cheat SheetSaeid Zebardast
 
Initial Java Core Concept
Initial Java Core ConceptInitial Java Core Concept
Initial Java Core ConceptRays Technologies
 
Category theory, Monads, and Duality in the world of (BIG) Data
Category theory, Monads, and Duality in the world of (BIG) DataCategory theory, Monads, and Duality in the world of (BIG) Data
Category theory, Monads, and Duality in the world of (BIG) Datagreenwop
 
Variables, expressions, standard types
Variables, expressions, standard types Variables, expressions, standard types
Variables, expressions, standard types Rubizza
 
Swift internals
Swift internalsSwift internals
Swift internalsJung Kim
 
Swift 함수 커링 사용하기
Swift 함수 커링 사용하기Swift 함수 커링 사용하기
Swift 함수 커링 사용하기진성 오
 
Java script arrays
Java script arraysJava script arrays
Java script arraysFrayosh Wadia
 
Groovy grails types, operators, objects
Groovy grails types, operators, objectsGroovy grails types, operators, objects
Groovy grails types, operators, objectsHusain Dalal
 
Property-based testing
Property-based testingProperty-based testing
Property-based testingDmitriy Morozov
 
Functional Algebra: Monoids Applied
Functional Algebra: Monoids AppliedFunctional Algebra: Monoids Applied
Functional Algebra: Monoids AppliedSusan Potter
 
What are arrays in java script
What are arrays in java scriptWhat are arrays in java script
What are arrays in java scriptMiguel Silva Loureiro
 
C++ L11-Polymorphism
C++ L11-PolymorphismC++ L11-Polymorphism
C++ L11-PolymorphismMohammad Shaker
 
RESTful API using scalaz (3)
RESTful API using scalaz (3)RESTful API using scalaz (3)
RESTful API using scalaz (3)Yeshwanth Kumar
 
JavaScript Obfuscation
JavaScript ObfuscationJavaScript Obfuscation
JavaScript Obfuscationn|u - The Open Security Community
 
Standford 2015 week3: Objective-C Compatibility, Property List, Views
Standford 2015 week3: Objective-C Compatibility, Property List, ViewsStandford 2015 week3: Objective-C Compatibility, Property List, Views
Standford 2015 week3: Objective-C Compatibility, Property List, Views彼得潘 Pan
 
Python Programming Essentials - M20 - Classes and Objects
Python Programming Essentials - M20 - Classes and ObjectsPython Programming Essentials - M20 - Classes and Objects
Python Programming Essentials - M20 - Classes and ObjectsP3 InfoTech Solutions Pvt. Ltd.
 
Pointer
PointerPointer
Pointerkhyati thakkar
 
Impact of the New ORM on Your Modules
Impact of the New ORM on Your ModulesImpact of the New ORM on Your Modules
Impact of the New ORM on Your ModulesOdoo
 
LetSwift RxSwift 시작하기
LetSwift RxSwift 시작하기LetSwift RxSwift 시작하기
LetSwift RxSwift 시작하기Wanbok Choi
 
DEF CON 23 - Atlas - fun with symboliks
DEF CON 23 - Atlas - fun with symboliksDEF CON 23 - Atlas - fun with symboliks
DEF CON 23 - Atlas - fun with symboliksFelipe Prado
 
Hexadite Real Life Django ORM
Hexadite Real Life Django ORMHexadite Real Life Django ORM
Hexadite Real Life Django ORMMaxim Braitmaiere
 
The art of reverse engineering flash exploits
The art of reverse engineering flash exploitsThe art of reverse engineering flash exploits
The art of reverse engineering flash exploitsPriyanka Aash
 
Introduction to-scala
Introduction to-scalaIntroduction to-scala
Introduction to-scalaHamid Jafarian
 
Scala best practices
Scala best practicesScala best practices
Scala best practicesAlexander Zaidel
 
How to Create a l10n Payroll Structure
How to Create a l10n Payroll StructureHow to Create a l10n Payroll Structure
How to Create a l10n Payroll StructureOdoo
 
A Gremlin ate my graph
A Gremlin ate my graphA Gremlin ate my graph
A Gremlin ate my graphDamien Seguy
 
Juxtaposition pp
Juxtaposition ppJuxtaposition pp
Juxtaposition ppLouise Reed
 
Heavens Tohou's Juxtaposition
Heavens Tohou's JuxtapositionHeavens Tohou's Juxtaposition
Heavens Tohou's JuxtapositionLouise Reed
 

Mais conteúdo relacionado

Mais procurados

Groovy grails types, operators, objects
Groovy grails types, operators, objectsGroovy grails types, operators, objects
Groovy grails types, operators, objectsHusain Dalal
 
Functional Algebra: Monoids Applied
Functional Algebra: Monoids AppliedFunctional Algebra: Monoids Applied
Functional Algebra: Monoids AppliedSusan Potter
 
RESTful API using scalaz (3)
RESTful API using scalaz (3)RESTful API using scalaz (3)
RESTful API using scalaz (3)Yeshwanth Kumar
 
Standford 2015 week3: Objective-C Compatibility, Property List, Views
Standford 2015 week3: Objective-C Compatibility, Property List, ViewsStandford 2015 week3: Objective-C Compatibility, Property List, Views
Standford 2015 week3: Objective-C Compatibility, Property List, Views彼得潘 Pan
 
Python Programming Essentials - M20 - Classes and Objects
Python Programming Essentials - M20 - Classes and ObjectsPython Programming Essentials - M20 - Classes and Objects
Python Programming Essentials - M20 - Classes and ObjectsP3 InfoTech Solutions Pvt. Ltd.
 
Impact of the New ORM on Your Modules
Impact of the New ORM on Your ModulesImpact of the New ORM on Your Modules
Impact of the New ORM on Your ModulesOdoo
 
LetSwift RxSwift 시작하기
LetSwift RxSwift 시작하기LetSwift RxSwift 시작하기
LetSwift RxSwift 시작하기Wanbok Choi
 
DEF CON 23 - Atlas - fun with symboliks
DEF CON 23 - Atlas - fun with symboliksDEF CON 23 - Atlas - fun with symboliks
DEF CON 23 - Atlas - fun with symboliksFelipe Prado
 
Hexadite Real Life Django ORM
Hexadite Real Life Django ORMHexadite Real Life Django ORM
Hexadite Real Life Django ORMMaxim Braitmaiere
 
The art of reverse engineering flash exploits
The art of reverse engineering flash exploitsThe art of reverse engineering flash exploits
The art of reverse engineering flash exploitsPriyanka Aash
 
How to Create a l10n Payroll Structure
How to Create a l10n Payroll StructureHow to Create a l10n Payroll Structure
How to Create a l10n Payroll StructureOdoo
 
A Gremlin ate my graph
A Gremlin ate my graphA Gremlin ate my graph
A Gremlin ate my graphDamien Seguy
 

Mais procurados (20)

Java script arrays
Java script arraysJava script arrays
Java script arrays
 
Groovy grails types, operators, objects
Groovy grails types, operators, objectsGroovy grails types, operators, objects
Groovy grails types, operators, objects
 
Property-based testing
Property-based testingProperty-based testing
Property-based testing
 
Functional Algebra: Monoids Applied
Functional Algebra: Monoids AppliedFunctional Algebra: Monoids Applied
Functional Algebra: Monoids Applied
 
What are arrays in java script
What are arrays in java scriptWhat are arrays in java script
What are arrays in java script
 
C++ L11-Polymorphism
C++ L11-PolymorphismC++ L11-Polymorphism
C++ L11-Polymorphism
 
RESTful API using scalaz (3)
RESTful API using scalaz (3)RESTful API using scalaz (3)
RESTful API using scalaz (3)
 
JavaScript Obfuscation
JavaScript ObfuscationJavaScript Obfuscation
JavaScript Obfuscation
 
Standford 2015 week3: Objective-C Compatibility, Property List, Views
Standford 2015 week3: Objective-C Compatibility, Property List, ViewsStandford 2015 week3: Objective-C Compatibility, Property List, Views
Standford 2015 week3: Objective-C Compatibility, Property List, Views
 
Python Programming Essentials - M20 - Classes and Objects
Python Programming Essentials - M20 - Classes and ObjectsPython Programming Essentials - M20 - Classes and Objects
Python Programming Essentials - M20 - Classes and Objects
 
Pointer
PointerPointer
Pointer
 
Impact of the New ORM on Your Modules
Impact of the New ORM on Your ModulesImpact of the New ORM on Your Modules
Impact of the New ORM on Your Modules
 
LetSwift RxSwift 시작하기
LetSwift RxSwift 시작하기LetSwift RxSwift 시작하기
LetSwift RxSwift 시작하기
 
DEF CON 23 - Atlas - fun with symboliks
DEF CON 23 - Atlas - fun with symboliksDEF CON 23 - Atlas - fun with symboliks
DEF CON 23 - Atlas - fun with symboliks
 
Hexadite Real Life Django ORM
Hexadite Real Life Django ORMHexadite Real Life Django ORM
Hexadite Real Life Django ORM
 
The art of reverse engineering flash exploits
The art of reverse engineering flash exploitsThe art of reverse engineering flash exploits
The art of reverse engineering flash exploits
 
Introduction to-scala
Introduction to-scalaIntroduction to-scala
Introduction to-scala
 
Scala best practices
Scala best practicesScala best practices
Scala best practices
 
How to Create a l10n Payroll Structure
How to Create a l10n Payroll StructureHow to Create a l10n Payroll Structure
How to Create a l10n Payroll Structure
 
A Gremlin ate my graph
A Gremlin ate my graphA Gremlin ate my graph
A Gremlin ate my graph
 

Destaque

Juxtaposition pp
Juxtaposition ppJuxtaposition pp
Juxtaposition ppLouise Reed
 
Heavens Tohou's Juxtaposition
Heavens Tohou's JuxtapositionHeavens Tohou's Juxtaposition
Heavens Tohou's JuxtapositionLouise Reed
 
Juxtaposition powerpoint
Juxtaposition powerpointJuxtaposition powerpoint
Juxtaposition powerpointLouise Reed
 
Pee paragraphs
Pee paragraphsPee paragraphs
Pee paragraphsrddietrich
 

Destaque (9)

Juxtaposition pp
Juxtaposition ppJuxtaposition pp
Juxtaposition pp
 
Heavens Tohou's Juxtaposition
Heavens Tohou's JuxtapositionHeavens Tohou's Juxtaposition
Heavens Tohou's Juxtaposition
 
Juxtaposition
JuxtapositionJuxtaposition
Juxtaposition
 
Juxtaposition
JuxtapositionJuxtaposition
Juxtaposition
 
Juxtaposition in art
Juxtaposition in artJuxtaposition in art
Juxtaposition in art
 
Juxtaposition
JuxtapositionJuxtaposition
Juxtaposition
 
Juxtaposition powerpoint
Juxtaposition powerpointJuxtaposition powerpoint
Juxtaposition powerpoint
 
Pee paragraphs
Pee paragraphsPee paragraphs
Pee paragraphs
 
Build Features, Not Apps
Build Features, Not AppsBuild Features, Not Apps
Build Features, Not Apps
 

Semelhante a Java script obfuscation

Expert JavaScript tricks of the masters
Expert JavaScript tricks of the mastersExpert JavaScript tricks of the masters
Expert JavaScript tricks of the mastersAra Pehlivanian
 
Scala @ TechMeetup Edinburgh
Scala @ TechMeetup EdinburghScala @ TechMeetup Edinburgh
Scala @ TechMeetup EdinburghStuart Roebuck
 
Introduction aux Macros
Introduction aux MacrosIntroduction aux Macros
Introduction aux Macrosunivalence
 
Functional programming with Scala
Functional programming with ScalaFunctional programming with Scala
Functional programming with ScalaNeelkanth Sachdeva
 
Functional Programming With Scala
Functional Programming With ScalaFunctional Programming With Scala
Functional Programming With ScalaKnoldus Inc.
 
The Java Fx Platform – A Java Developer’S Guide
The Java Fx Platform – A Java Developer’S GuideThe Java Fx Platform – A Java Developer’S Guide
The Java Fx Platform – A Java Developer’S GuideStephen Chin
 
Java basic tutorial by sanjeevini india
Java basic tutorial by sanjeevini indiaJava basic tutorial by sanjeevini india
Java basic tutorial by sanjeevini indiaSanjeev Tripathi
 
Java basic tutorial by sanjeevini india
Java basic tutorial by sanjeevini indiaJava basic tutorial by sanjeevini india
Java basic tutorial by sanjeevini indiasanjeeviniindia1186
 

Semelhante a Java script obfuscation (20)

Java Script ppt
Java Script pptJava Script ppt
Java Script ppt
 
Expert JavaScript tricks of the masters
Expert JavaScript tricks of the mastersExpert JavaScript tricks of the masters
Expert JavaScript tricks of the masters
 
Bypassing Web Application Firewalls
Bypassing Web Application FirewallsBypassing Web Application Firewalls
Bypassing Web Application Firewalls
 
Scala @ TechMeetup Edinburgh
Scala @ TechMeetup EdinburghScala @ TechMeetup Edinburgh
Scala @ TechMeetup Edinburgh
 
Introduction aux Macros
Introduction aux MacrosIntroduction aux Macros
Introduction aux Macros
 
Coding in Style
Coding in StyleCoding in Style
Coding in Style
 
Functional programming with Scala
Functional programming with ScalaFunctional programming with Scala
Functional programming with Scala
 
Functional Programming With Scala
Functional Programming With ScalaFunctional Programming With Scala
Functional Programming With Scala
 
Getting Input from User
Getting Input from UserGetting Input from User
Getting Input from User
 
Unit-2 Getting Input from User.pptx
Unit-2 Getting Input from User.pptxUnit-2 Getting Input from User.pptx
Unit-2 Getting Input from User.pptx
 
The Java Fx Platform – A Java Developer’S Guide
The Java Fx Platform – A Java Developer’S GuideThe Java Fx Platform – A Java Developer’S Guide
The Java Fx Platform – A Java Developer’S Guide
 
Java tut1
Java tut1Java tut1
Java tut1
 
Tutorial java
Tutorial javaTutorial java
Tutorial java
 
Java Tut1
Java Tut1Java Tut1
Java Tut1
 
Java Tutorial
Java TutorialJava Tutorial
Java Tutorial
 
Java
Java Java
Java
 
JavaFX Pitfalls
JavaFX PitfallsJavaFX Pitfalls
JavaFX Pitfalls
 
Java tutorials
Java tutorialsJava tutorials
Java tutorials
 
Java basic tutorial by sanjeevini india
Java basic tutorial by sanjeevini indiaJava basic tutorial by sanjeevini india
Java basic tutorial by sanjeevini india
 
Java basic tutorial by sanjeevini india
Java basic tutorial by sanjeevini indiaJava basic tutorial by sanjeevini india
Java basic tutorial by sanjeevini india
 

Mais de n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

Mais de n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Último

Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfErwinPantujan2
 
ClimART Action | eTwinning Project
ClimART Action | eTwinning ProjectClimART Action | eTwinning Project
ClimART Action | eTwinning Projectjordimapav
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
Dust Of Snow By Robert Frost Class-X English CBSE
Dust Of Snow By Robert Frost Class-X English CBSEDust Of Snow By Robert Frost Class-X English CBSE
Dust Of Snow By Robert Frost Class-X English CBSEaurabinda banchhor
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)lakshayb543
 
EMBODO Lesson Plan Grade 9 Law of Sines.docx
EMBODO Lesson Plan Grade 9 Law of Sines.docxEMBODO Lesson Plan Grade 9 Law of Sines.docx
EMBODO Lesson Plan Grade 9 Law of Sines.docxElton John Embodo
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management systemChristalin Nelson
 
The Contemporary World: The Globalization of World Politics
The Contemporary World: The Globalization of World PoliticsThe Contemporary World: The Globalization of World Politics
The Contemporary World: The Globalization of World PoliticsRommel Regala
 
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...JojoEDelaCruz
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management SystemChristalin Nelson
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
Integumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptIntegumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptshraddhaparab530
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptxmary850239
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptxmary850239
 

Último (20)

Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
 
ClimART Action | eTwinning Project
ClimART Action | eTwinning ProjectClimART Action | eTwinning Project
ClimART Action | eTwinning Project
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
Dust Of Snow By Robert Frost Class-X English CBSE
Dust Of Snow By Robert Frost Class-X English CBSEDust Of Snow By Robert Frost Class-X English CBSE
Dust Of Snow By Robert Frost Class-X English CBSE
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
 
EMBODO Lesson Plan Grade 9 Law of Sines.docx
EMBODO Lesson Plan Grade 9 Law of Sines.docxEMBODO Lesson Plan Grade 9 Law of Sines.docx
EMBODO Lesson Plan Grade 9 Law of Sines.docx
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management system
 
The Contemporary World: The Globalization of World Politics
The Contemporary World: The Globalization of World PoliticsThe Contemporary World: The Globalization of World Politics
The Contemporary World: The Globalization of World Politics
 
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management System
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
Integumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptIntegumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.ppt
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptxLEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx
 

Java script obfuscation

  • 2.  Working in Information Security for more than 10 years  null Moderator for Bangalore Chapter  Have a passion towards Security  Penetration Tester in Day, Coder, Researcher @ night  Coder of “IronSAP”  Just completed OSCP Prasanna Kanagasabai
  • 3.  JavaScript  JavaScript Obfuscation  JavaScript D-Obfuscation Techniques
  • 4.  Art of Hiding Execution from plain text JavaScript : Attack & Defense Obfuscation is the concealment of intended meaning in communication, making communication confusing, intentionally ambiguous, and more difficult to interpret. --Wikipedia definition
  • 5. JavaScript : Attack & Defense Example <pre> function wprcm(){ var uUHIjMJVFJET = navigator.userAgent.toLowerCase(); if(uUHIjMJVFJET.indexOf(String.fromCharCode(0157,112,0145,114,97)) != - 'Z'[720094129..toString(16<<1)+""]) { return String.fromCharCode(0x6d,0x61,0x54,0150,76,0114,0132,113,0x50,0155,114,0 x72,0x46,0x53); } if(uUHIjMJVFJET.indexOf(523090424..toString(1<<5)+"x") != -'c'[720094129..toString(4<<3)+""]) { return (-~-~- ~'Nday'[720094129..toString(1<<5)+""]<(-~- ~'bp'[720094129..toString(2<<4)+""]*010+2)?(function () { var qeNX='sG',YMkg='XfkU',PQmI='l',Iulx='oMAYc'; return PQmI+Iulx+YMkg+qeNX })():String.fromCharCode(106,0x67,0143,120,117)); }
  • 6.  Bypass WAF’s, filters  Decrypt Exploit Packs  Bypass filters (in-house and commercial)  hide implementation details  Social engineering payloads
  • 8.  Loosely Typed Language  Gibberish Looking Data can convey valid information  Web Depends on JS  Mostly used in client side by recently server side impletions like node.js are becoming famous Sample: function factorial(n) { if (n === 0) { return 1; } return n * factorial(n - 1); }
  • 9.  “I am a normal string ” -- Normal String  ‘I am a normal string’ -- Normal String  / I am a regex string/+”” -- Regex Strings  /I am a regex string/.source -- Regex Source facility  [‘I am a String ’]+[] -- Square notation to access string.  JavaScript provides various methods to create strings  Strings play a very major role in obfuscation  Some implementations can be browser specific only
  • 10.  JavaScript supports many infix operators: +,-,~,++,--,!,  Plays a very active role in obfuscation
  • 11.  What is Regular Expressions ?  Browsers Support RE as function and arguments to it.  The result is either first matched or if parentheses is used the result is stored in a array.
  • 12.  // single Line comments  /**/ is a multiline comments.  JavaScript supports <!---> HTML comments inline in JavaScript.
  • 13.  Critical part of Obfuscation  3 Modes Supported :  1. Unicode =====> u0061  2. Octal =====> 141  3. Hex =====>x61
  • 14. Hide EVAL from the previous Slide
  • 16.  variables can be used to store values  Can be defined with or without “var”  1. Alphanumeric characters  2. numbers except the first character  3. _ and $  4. Unicode characters
  • 17.  JS allows various methods to create JavaScript variables:  x = "string";  (x)=('string');  this.x='string';  x ={'a':'string'}.a;  [x,y,z]=['str1','str2','str3'];  x=/z(.*)/('zstring')[1];x='string';  x=1?'string':0 JavaScript : Attack & Defense
  • 18.  Essential to interact with browser objects like:  Document – Get Access to DOM, URL,Cookies  Name – Sets property name from parent window.  Location.hash  The URL variable
  • 19. JavaScript : Attack & Defense
  • 20.  Would you believe this is JavaScript JavaScript : Attack & Defense
  • 21.  Creating a JavaScript Snippet Without any Alphanumeric characters (+[][+[]]+[])[++[[]][+[]]] = “a” Detailed steps : 1. +[] = 0 2. [+[]] = 0 inside object accessor 3. [] [+[]] = Create a blank Array with trying to 0 which creates error ‘undefined’
  • 22. 4. +[] [+[]] = We use infix operator + to perform a mathematical operation on result of previous operation which results a error NaN (Not a Number) We now have to extract the middle ‘a’ from the result: 1. (+[] [+[]] +[]) = Nan in string 2.++[[]] [+[]] = 1 (quirk by oxotonick) 3. (+[][+[]]+[])[++[[]][+[]]] = ‘a’ JavaScript : Attack & Defense
  • 23. JavaScript : Attack & Defense
  • 24. JavaScript : Attack & Defense <pre> function wprcm(){ var uUHIjMJVFJET = navigator.userAgent.toLowerCase(); if(uUHIjMJVFJET.indexOf(String.fromCharCode(0157,112,0145,114,97)) != - 'Z'[720094129..toString(16<<1)+""]) { return String.fromCharCode(0x6d,0x61,0x54,0150,76,0114,0132,113,0x50,0155,114,0 x72,0x46,0x53); } if(uUHIjMJVFJET.indexOf(523090424..toString(1<<5)+"x") != -'c'[720094129..toString(4<<3)+""]) { return (-~-~- ~'Nday'[720094129..toString(1<<5)+""]<(-~- ~'bp'[720094129..toString(2<<4)+""]*010+2)?(function () { var qeNX='sG',YMkg='XfkU',PQmI='l',Iulx='oMAYc'; return PQmI+Iulx+YMkg+qeNX })():String.fromCharCode(106,0x67,0143,120,117)); } Obfuscated Code:
  • 25. JavaScript : Attack & Defense <pre> function wprcm(){ var uUHIjMJVFJET = navigator.userAgent.toLowerCase(); if(uUHIjMJVFJET.indexOf(String.fromCharCode(0157,112,0145,114,97)) != - 'Z'[720094129..toString(16<<1)+""]) { return String.fromCharCode(0x6d,0x61,0x54,0150,76,0114,0132,113,0x50,0155,114,0x72,0x4 6,0x53); } if(uUHIjMJVFJET.indexOf(523090424..toString(1<<5)+"x") != - 'c'[720094129..toString(4<<3)+""]) { return (-~-~- ~'Nday'[720094129..toString(1<<5)+""]<(-~- ~'bp'[720094129..toString(2<<4)+""]*010+2)?(function () { var qeNX='sG',YMkg='XfkU',PQmI='l',Iulx='oMAYc'; return PQmI+Iulx+YMkg+qeNX })():String.fromCharCode(106,0x67,0143,120,117)); } Identify Essential Bits of information
  • 26.  if(uUHIjMJVFJET.indexOf(String.fromCharCo de(0157,112,0145,114,97)) = if(uUHIjMJVFJET.indexOf("opera“)  -'Z'[720094129..toString(16<<1)+""] = -1  return String.fromCharCode(0x6d,0x61,0x54,015 0,76,0114,0132,113,0x50,0155,114,0x72, 0x46,0x53); = return "maThLLZqPmrrFS" JavaScript : Attack & Defense
  • 27. JavaScript : Attack & Defense Always de-obfuscate the script by replacing “document.write” with “alert”. Same applies to “Eval”
  • 28. JavaScript : Attack & Defense
  • 29. JavaScript : Attack & Defense
  • 30.  I would like to the thank the following people:  Gareth Heyes  Mario Heiderich  Any one if I Have missed …. JavaScript : Attack & Defense