本文介绍如何利用Node.js简化JavaScript代码分析过程,通过代码简化和变量设置,快速理解代码功能,避免阅读大量文本代码的困扰。实例展示了一个简化后的代码流程,包括将原始代码进行简化并使用Node.js执行,最终揭示了代码的功能,如潜在的恶意行为或功能实现。
I always find a need to check out some javascript, even when I know it's malicious I still have to know what it is doing. Doing it safely is always a good idea. Recently I found that Node.js works perfectly for this. This will document how to do this simply and easily.
I don't think this is groundbreaking or new but I am documenting it because it took me a while to find a good way to do Javascript analysis.
We start with our sample.
After laughing about the please use IE/Firefox I decided I don't like big blobs of text. This one is not bad but no real reason to not get into the habit of cleaning up the code.
Lets quickly look at the code and see if we can simplify it without changing the functionality.
So it looks like we can and this is what it will look like after a quick simplification.
We are now ready to start figuring out what this code does. We know it won't be much because the array is so small. For example some exploit kits are 17k items strong in the array.
Lets fire up node.
Then looking at our Javascript above we can go ahead and setup some variables. I simplified the naming because I like simple.
Once I had the variables setup I went into the main loop that happens to turn the array into a usable string in Javascript. Then execute "e" which was eval and is now console.log
We can now see some more useless code around the vars because they are not used. This simple email attachment would have redirected to Blackhole Exploit kit.
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
