Why Do I Have To Block Javascript To Block 1 or 2 Lines Of Code?

Orogi · Sep 8, 2013

Speaking within the context of anonymity and security, I know that one or two lines may not be the truth but in any case the question is the same. If I have a house and I realize that the windows are the weakest point, I don't fill them in with cement. I look for a way to make them secure like making them thicker. Why can't we do this for Javascript and other plugins?

(I get the impression this is less practical with flash, but hey, maybe the question still applies?)

If this question is way more complex than I know, tell me and I'll take your word for it.

getochkn · Sep 8, 2013

Because a simple change of a letter in one of those lines could then bypass the filter.

You try to block "For x (0,10) do"

change it to "For y(0,10) do"

It get's through.

It also requires then having to download all the javascript and then analyze it line by line to see if any lines are supposed to be blocked. That's a lot more work to read each line and determine if it should be blocked.

Javascript is often obfuscated, meaning it changed into a form that is very hard to understand and follow, and thus makes it hard to block a single part of it.

for(v A((u A((e A((r-2?0

V A(1)),"C")
),system("stty raw -echo min 0"),fread(l,78114,1,e),B(e),"B")),"A")); 118-(x
=*c++); (y=x/8%8,z=(x&199)-4 S 1 S 1 S 186 S 2 S 2 S 3 S 0,r=(y>5)*2+y,z=(x&
207)-1 S 2 S 6 S 2 S 182 S 4)?D(0)D(1)D(2)D(3)D(4)D(5)D(6)D(7)(z=x-2 C C C C
C C C C+129 S 6 S 4 S 6 S 8 S 8 S 6 S 2 S 2 S 12)?x/64-1?((0 O a

=a(x) O 9
[o]=a(5),8[o]=a(4) O 237==*c++?((int (*)())(2-*c++?fwrite:fread))(l+*k+1[k]*
256,128,1,(fseek(y=5[k]-1?u:v,((3[k]|4[k]<<8)<<7|2[k])<<7,Q=0),y)):0 O y=a(5
),z=a(4),a(5)=a(3),a(4)=a(2),a(3)=y,a(2)=z O c=l+d(5) O y=l[x=d(9)],z=l[++x]
,x[l]=a(4),l[--x]=a(5),a(5)=y,a(4)=z O 2-*c?Z||read(0,&Z,1),1&*c++?Q=Z,Z=0

Q=!!Z)

O m z=0,
y=Q^=x,h

O m z=Q*2|2*x,y=Q&=x,h

O m Q n(s%2,-,7)y) O m Q n(0,-,7)y) O
m Q n(s%2,+,7)y) O m Q n(0,+,7)y) O z=r-8?d(r+1):s|Q<<8,w O p,r-8?o[r+1]=z,r
[o]=z>>8

s=~40&z|2,Q=z>>8) O r[o]--||--o[r-1]O a(5)=z=a(5)+r[o],a(4)=z=a(4)
+o[r-1]+z/256,s=~1&s|z>>8 O ++o[r+1]||r[o]++O o[r+1]=*c++,r[o]=*c++O z=c-l,w
,c=y*8+l O x=q,b z=c-l,w,c=l+x) O x=q,b c=l+x) O b p,c=l+z) O a

=*c++O r=y
,x=0,a(r)n(1,-,y)s<<8) O r=y,x=0,a(r)n(1,+,y)s<<8))));
system("stty cooked echo"); B((B((V?B(V):0,u)),v)); }

Does that look it makes any sense to you? can you tell if that is supposed to write a file on your PC, redirect you to a bad site, or simply write hello on the screen? there is no way to tell when code is obfuscated.

Orogi · Sep 8, 2013

getochkn :

Alright, that makes a lot of sense. I'm curious if this would work however. If you can't block the code because it's obfuscated or it's infeasible to filter it, can you disable some of the functionality on your computer? How much is that overkill? Is it overkill? Like if you were to just disable the ability of javascript to send your IP among other things.

I think I'm assuming that there is a difference between the getting and the sending. Can you stop the sending part? Code can't execute if it's not there right? Or is all the code loaded into the browser at the time of attack and this whole scenario moot? The reason I'm assuming this is possible is because I have to physically install Javascript on my computer don't I? Can I delete the part that would send my IP (among other things) from what I've installed?

getochkn · Sep 8, 2013

So you want to block, say sending your IP. How are they sending it? They can simply put your IP in a cookie to get picked up later. It could be emailed. It could be encrypted. gdr%$%gffdg%%hhf^$#446 doesn't look like your IP but it could be.

Orogi · Sep 8, 2013

getochkn :

But there is a Javascript function on my computer that has to "get" the IP before it's encrypted and/or sent (via any medium), correct? Or is there no "get" and it's just a "retrieve," or something equally more complicated? I might be breaking the steps down into parts smaller than they really are, I'm not sure.

getochkn · Sep 8, 2013

Your IP is out there with every site you go to. Why are you so paranoid about it?

Orogi · Sep 8, 2013

getochkn :

I know it's easily retrievable. The IP part was just an example. I ask because I'm interested in browser fingerprinting, Tor, Privoxy, etc. Browser plugins are one of the bigger security vulnerabilities and I just wanted to know more about how they are actually vulnerabilities. And more specifically, if it was possible to mitigate some of the risks related to browser fingerprinting while still preserving at least some plugin functionality.

Javascript (again just an example) is one of the ways to retrieve someones real IP even when using Tor.

Search

Why Do I Have To Block Javascript To Block 1 or 2 Lines Of Code?

Orogi

Honorable

getochkn

Splendid

Orogi

Honorable

getochkn

Splendid

Orogi

Honorable

getochkn

Splendid

Orogi

Honorable

TRENDING THREADS

Share this page