Using Node.js for Javascript Analysis
2013-04-23 20:44
337 查看
I always find a need to check out some javascript, even when I know it's malicious I still have to know what it is doing. Doing it safely is always a good idea. Recently I found
that Node.js works perfectly for this. This will document how to do this simply and easily.
I don't think this is groundbreaking or new but I am documenting it because it took me a while to find a good way to do Javascript analysis.
We start with our sample.
After laughing about the please use IE/Firefox I decided I don't like big blobs of text. This one is not bad but no real reason to not get into the habit of cleaning up the code.
Lets quickly look at the code and see if we can simplify it without changing the functionality.
So it looks like we can and this is what it will look like after a quick simplification.
We are now ready to start figuring out what this code does. We know it won't be much because the array is so small. For example some exploit kits are 17k items strong in the array.
Lets fire up node.
Then looking at our Javascript above we can go ahead and setup some variables. I simplified the naming because I like simple.
Once I had the variables setup I went into the main loop that happens to turn the array into a usable string in Javascript. Then execute "e" which was eval and is now console.log
We can now see some more useless code around the vars because they are not used. This simple email attachment would have redirected to Blackhole Exploit kit.
that Node.js works perfectly for this. This will document how to do this simply and easily.
I don't think this is groundbreaking or new but I am documenting it because it took me a while to find a good way to do Javascript analysis.
We start with our sample.
After laughing about the please use IE/Firefox I decided I don't like big blobs of text. This one is not bad but no real reason to not get into the habit of cleaning up the code.
Lets quickly look at the code and see if we can simplify it without changing the functionality.
So it looks like we can and this is what it will look like after a quick simplification.
We are now ready to start figuring out what this code does. We know it won't be much because the array is so small. For example some exploit kits are 17k items strong in the array.
Lets fire up node.
Then looking at our Javascript above we can go ahead and setup some variables. I simplified the naming because I like simple.
Once I had the variables setup I went into the main loop that happens to turn the array into a usable string in Javascript. Then execute "e" which was eval and is now console.log
We can now see some more useless code around the vars because they are not used. This simple email attachment would have redirected to Blackhole Exploit kit.
相关文章推荐
- nowjs for Node - Directly call remote functions in Javascript
- 京JS 2013 - A two-day conference in Beijing for the JavaScript and Node.js community
- Build a JavaScript Compressor tool using NodeJS, ExpressJS, Jade, UglifyJS tutorial Read more: http
- Implement a simple iterator using javascript (node.js)
- Nodejs Error: ER_ACCESS_DENIED_ERROR: Access denied for user 'root'@'xx' (using password:YES)
- Build a JavaScript Compressor tool using NodeJS, ExpressJS, Jade, UglifyJS tutorial Read more: http
- [Node.js] Take Screenshots of Multiple Dimensions for Responsive Sites using Nightmare
- [译]JavaScript:用Node.js写Shell脚本
- Node.js / JavaScript后端开发指引
- Node.js所提供的JavaScript API整理和对比
- 1. WebStorm-The smartest JavaScript IDE 2. Node.js 3. egret
- Node.js入门之神秘的服务器端JavaScript
- JavaScript、jQuery、HTML5、Node.js实例大全-读书笔记2
- Node.js:用JavaScript写服务器端程序-介绍并写个MVC框架
- 使用 Node.js 开发基于 JavaScript 的 RESTful 应用
- spread extension for node.js
- Node.js liveinjs-gbk 模块 实践总结(一):javascript 的位运算.
- Windows下node.js+express安装配置教程、构建JavaScript的Web开发环境
- Arcgis for Javascript 出现“init.js->TypeError: f is not a function”
- JavaScript、jQuery、HTML5、Node.js实例大全-读书笔记1