Wednesday, November 22, 2017

Breakpoint on any string assignment if string contains a certain substring

By Hường Hana 1:00 AM , , Leave a Comment

Can I put a data breakpoint which triggers if any variable is assigned to a string containing a certain substring?

For example, I want to reverse-engineer how a URL containing &ctoken= is constructed. It's done with complicated JavaScript where the goal is to obfuscate it.

If I could tell the JS VM to monitor all string variables and break when a certain substring appears on any variable, this would help me a lot.

Is this possible?

2 Answers

Answers 1

Before I start - as of my knowledge this is not possible.

What you'd need (even before creating the debugging feature) is String the built-in native object - which is supplied by the ECMAScript implementation to your scope - but already proxied.

Some explanation:

http://www.ecma-international.org/publications/files/ECMA-ST/Ecma-262.pdf

Standard built‑in objects are defined in this specification. An ECMAScript implementation may specify and supply additional kinds of built‑in objects. A built‑in constructor is a built‑ in object that is also a constructor.

String is, therefore, an already created instance without a proxy - doing this

const newString = 'newStringValue'

will only add an object to the String Constant Pool and not notify a custom implemented subscriber.

more about the String Constant Pool: What is the difference between "text" and new String("text")?

Already implemented and exposed - for the built-in object String - would have to be something like (here in JS to make it understandable):

var proxiedString = new Proxy(String, {   defineProperty(target, propKey, propDesc) {     console.log('defined a new prop')   }, });  proxiedString.x = 'newPropValue'

the current built-in object String therefore would have to be the proxy already to which we could subscribe.

Answers 2

  1. You can use condition breakpoints at browser devTools, by right click with a menu.
  2. If you can write a js somewhere in a page, you can do this:

.

    if(window.location.pathname.indexOf("&ctoken=") > -1){         debugger;// browser will put breakpoint automaticaly here, if condition  is trully.        console.dir(window.location);     }
If You Enjoyed This, Take 5 Seconds To Share It

0 comments:

Post a Comment