Why Do I Have To Block Javascript To Block 1 or 2 Lines Of Code?

Orogi

Honorable
Aug 25, 2013
4
0
10,510
0
Speaking within the context of anonymity and security, I know that one or two lines may not be the truth but in any case the question is the same. If I have a house and I realize that the windows are the weakest point, I don't fill them in with cement. I look for a way to make them secure like making them thicker. Why can't we do this for Javascript and other plugins?

(I get the impression this is less practical with flash, but hey, maybe the question still applies?)

If this question is way more complex than I know, tell me and I'll take your word for it.
 

getochkn

Splendid
Moderator
Because a simple change of a letter in one of those lines could then bypass the filter.

You try to block "For x (0,10) do"

change it to "For y(0,10) do"

It get's through.


It also requires then having to download all the javascript and then analyze it line by line to see if any lines are supposed to be blocked. That's a lot more work to read each line and determine if it should be blocked.

Javascript is often obfuscated, meaning it changed into a form that is very hard to understand and follow, and thus makes it hard to block a single part of it.

for(v A((u A((e A((r-2?0:(V A(1)),"C")
),system("stty raw -echo min 0"),fread(l,78114,1,e),B(e),"B")),"A")); 118-(x
=*c++); (y=x/8%8,z=(x&199)-4 S 1 S 1 S 186 S 2 S 2 S 3 S 0,r=(y>5)*2+y,z=(x&
207)-1 S 2 S 6 S 2 S 182 S 4)?D(0)D(1)D(2)D(3)D(4)D(5)D(6)D(7)(z=x-2 C C C C
C C C C+129 S 6 S 4 S 6 S 8 S 8 S 6 S 2 S 2 S 12)?x/64-1?((0 O a(y)=a(x) O 9
[o]=a(5),8[o]=a(4) O 237==*c++?((int (*)())(2-*c++?fwrite:fread))(l+*k+1[k]*
256,128,1,(fseek(y=5[k]-1?u:v,((3[k]|4[k]<<8)<<7|2[k])<<7,Q=0),y)):0 O y=a(5
),z=a(4),a(5)=a(3),a(4)=a(2),a(3)=y,a(2)=z O c=l+d(5) O y=l[x=d(9)],z=l[++x]
,x[l]=a(4),l[--x]=a(5),a(5)=y,a(4)=z O 2-*c?Z||read(0,&Z,1),1&*c++?Q=Z,Z=0:(
Q=!!Z):(c++,Q=r=V?fgetc(V):-1,s=s&~1|r<0) O++c,write(1,&7[o],1) O z=c+2-l,w,
c=l+q O p,c=l+z O c=l+q O s^=1 O Q=q[l] O s|=1 O q[l]=Q O Q=~Q O a(5)=l[x=q]
,a(4)=l[++x] O s|=s&16|9<Q%16?Q+=6,16:0,z=s|=1&s|Q>159?Q+=96,1:0,y=Q,h(s<<8)
O l[x=q]=a(5),l[++x]=a(4) O x=Q%2,Q=Q/2+s%2*128,s=s&~1|x O Q=l[d(3)]O x=Q /
128,Q=Q*2+s%2,s=s&~1|x O l[d(3)]=Q O s=s&~1|1&Q,Q=Q/2|Q<<7 O Q=l[d(1)]O s=~1
&s|Q>>7,Q=Q*2|Q>>7 O l[d(1)]=Q O m y n(0,-,7)y) O m z=0,y=Q|=x,h(y) O m z=0,
y=Q^=x,h(y) O m z=Q*2|2*x,y=Q&=x,h(y) O m Q n(s%2,-,7)y) O m Q n(0,-,7)y) O
m Q n(s%2,+,7)y) O m Q n(0,+,7)y) O z=r-8?d(r+1):s|Q<<8,w O p,r-8?o[r+1]=z,r
[o]=z>>8:(s=~40&z|2,Q=z>>8) O r[o]--||--o[r-1]O a(5)=z=a(5)+r[o],a(4)=z=a(4)
+o[r-1]+z/256,s=~1&s|z>>8 O ++o[r+1]||r[o]++O o[r+1]=*c++,r[o]=*c++O z=c-l,w
,c=y*8+l O x=q,b z=c-l,w,c=l+x) O x=q,b c=l+x) O b p,c=l+z) O a(y)=*c++O r=y
,x=0,a(r)n(1,-,y)s<<8) O r=y,x=0,a(r)n(1,+,y)s<<8))));
system("stty cooked echo"); B((B((V?B(V):0,u)),v)); }

Does that look it makes any sense to you? can you tell if that is supposed to write a file on your PC, redirect you to a bad site, or simply write hello on the screen? there is no way to tell when code is obfuscated.
 

Orogi

Honorable
Aug 25, 2013
4
0
10,510
0


Alright, that makes a lot of sense. I'm curious if this would work however. If you can't block the code because it's obfuscated or it's infeasible to filter it, can you disable some of the functionality on your computer? How much is that overkill? Is it overkill? Like if you were to just disable the ability of javascript to send your IP among other things.

I think I'm assuming that there is a difference between the getting and the sending. Can you stop the sending part? Code can't execute if it's not there right? Or is all the code loaded into the browser at the time of attack and this whole scenario moot? The reason I'm assuming this is possible is because I have to physically install Javascript on my computer don't I? Can I delete the part that would send my IP (among other things) from what I've installed?
 

getochkn

Splendid
Moderator
So you want to block, say sending your IP. How are they sending it? They can simply put your IP in a cookie to get picked up later. It could be emailed. It could be encrypted. gdr%$%gffdg%%hhf^$#446 doesn't look like your IP but it could be.
 

Orogi

Honorable
Aug 25, 2013
4
0
10,510
0


But there is a Javascript function on my computer that has to "get" the IP before it's encrypted and/or sent (via any medium), correct? Or is there no "get" and it's just a "retrieve," or something equally more complicated? I might be breaking the steps down into parts smaller than they really are, I'm not sure.
 

Orogi

Honorable
Aug 25, 2013
4
0
10,510
0


I know it's easily retrievable. The IP part was just an example. I ask because I'm interested in browser fingerprinting, Tor, Privoxy, etc. Browser plugins are one of the bigger security vulnerabilities and I just wanted to know more about how they are actually vulnerabilities. And more specifically, if it was possible to mitigate some of the risks related to browser fingerprinting while still preserving at least some plugin functionality.

Javascript (again just an example) is one of the ways to retrieve someones real IP even when using Tor.
 
Thread starter Similar threads Forum Replies Date
R Apps General Discussion 11
C Apps General Discussion 2
C Apps General Discussion 3
henrytcasey Apps General Discussion 1
S Apps General Discussion 3
J Apps General Discussion 1
C Apps General Discussion 1
Mighty Apps General Discussion 9
A Apps General Discussion 8
A Apps General Discussion 1
J Apps General Discussion 1
O Apps General Discussion 1
G Apps General Discussion 0
R Apps General Discussion 4
kol12 Apps General Discussion 7
J Apps General Discussion 6
Durwesh Naeem Apps General Discussion 2
P Apps General Discussion 2
R Apps General Discussion 1
jappe66 Apps General Discussion 4

ASK THE COMMUNITY