So there’s a well known technique for getting Object prototypes that are not from the current window which results in a fresh prototype. You use iframes to copy the required prototype from the iframe.contentWindow BUT…It doesn’t work in all browsers and it’s pretty silly having to copy each object manually, why not just use the [...]
JSReg has grown up a bit since I released the first version. You can now use it to monitor malicious javascript. I have a very basic example of this in Hackvertor, at the moment Hackvertor doesn’t support callbacks so it’s a bit of a hack but you will get the idea.
I use __defineSetter__ to [...]
Big thanks!
I’ve done lots of updates to JSReg with some fantastic help from kangax, sirdarckcat, Thornmaker and mario.
Mario found some cool parsing bugs, sirdarckcat helped with some exploits that assigned to window and also provided some awesome code ideas and bugs. Thornmaker found ternarys cause problems with my object detection. I’d also like [...]
This is the first time I’ve looked at the Firefox source, really! I wanted to find all the hidden properties Firefox has in Javascript. It was first pointed out to me by DoctorDan on the slackers forums when he found that the RegExp literal had a -1 value for the source in Firefox 2. [...]
I’ve been slowly developing JSReg over the last few months and I’ve dropped lots of code and redone it many times. This latest version is a code rewriter and will sandbox most javascript properties and the goal is to produce a complete locked down version (which can be improved upon later).
So far it’s going well, [...]
This is my cup of tea, a whole new way to prevent XSS and related attacks. I’ve been looking at the specification and I like the core of the policy preventing external scripts, eval etc. But reading it I started to think of ways around it because it’s fun
Meta tag
The meta tag seems [...]
I found this while writing Astalanumerator. Safari allows you to overwrite top and parent with native code and maybe other stuff (I haven’t tried). This allows you to define something on domain A and call it on domain B using the top and parent. I’d email Apple about it but the last time I reported [...]
A quick update to Astalanumerator, it is now much better. No crashes and a completely new interface. I use a tree menu to traverse objects which can go on forever if you wish. It uses two display windows now, one displays the tree menu and the other displays extra details about the object when clicking.
In [...]
No new PHPIDS vectors for a while? So I thought I’d write a new one as I had 5 minutes spare while drinking my coffee. I used a new technique (as far as I’m aware) to make things easier A very old feature in IE is to allow events to be declared as vbscript [...]
I wanted to map all properties in javascript and inspect them regardless if they were objects or not. IE doesn’t support for(i in..) for native properties like constructor etc. So I decided to write a cross platform enumerator that could map everything. I decided to call it “Astalanumerator” as a silly reference to terminator combined [...]