JS obfuscation - interaction with user

[mol40]

Hi, i am very new to js and am trying to add interactivity to the script.e.g. give the user a choice if they want to go to the malware analyzer or not.

I am using the greasemonkey add - on.

I am using the search command to look for text which obfuscated. the eval is used to hide code.

// ==UserScript==


// @name Hello World

// @namespace

http://diveintomark.org/projects/greasemonkey/

// @description example script to alert "Hello world!" on every page

// @exclude

http://mail.yahoo.com/*

//@exclude

http://www.yahoo.com/*

// @exclude

http://www.diveintogreasemonkey.org/*

// ==/UserScript==


var thehead = document.getElementsByTagName('script')[0];

var testString = thehead.innerHTML;

if(testString.search("eval") > 0)
{


alert("This page may contain invalid obfuscated javascript, you will now be redirected to a malware analyser");

redirect();

}

function redirect()
{

settimeout("location.href = '

http://wepawet.cs.ucsb.edu/index.php',1000);

}

 

[ggriffit]

mol40, bear in mind that your script would redirect on the following valid URLs :

http://www.evaluation.com

http://news.bbc.co.uk/uk_evaluates_war.html

What is the actual issue you are having with your script ?

Greg Griffiths
Livelink Certified Developer & ECM Global Star Champion 2005 & 2006

http://www.greggriffiths.org/livelink/

 

[mol40]

Nothing with it the code but I lack knowledge on how to add interactivity e.g. an alert or prompt box to ask user if they want to go to the site. I have been playing around with both the alert box and the prompt am failing. If you know the best direction to go or good websites that would be great..

 

[ggriffit]

once you have sorted out the bug I mentioned in my previous post, I think the following may work - although I am a JS Developer and not a GreaseMonkey guy, so there may be some difference :

if ( Confirm("This page may contain invalid obfuscated javascript, you will now be redirected to a malware analyser"))
{
    redirect();
}

Greg Griffiths
Livelink Certified Developer & ECM Global Star Champion 2005 & 2006

http://www.greggriffiths.org/livelink/

 

[mol40]

Hi, thanks for the code, below is what I have done:

var thehead = document.getElementsByTagName('script')[0];

var testString = thehead.innerHTML;

if(testString.search("eval") > 0)
{


confirm("This page may contain invalid obfuscated javascript, you will now be redirected to a malware analyser");

confirm ("do you wish to go to this website");
window.location.href = '

http://wepawet.cs.ucsb.edu/index.php'

}


It goes to the website, but when I say cancel, it still goes to the website. Thanks for your help.

Regarding the bugs, the code will look for code in script tags, not anything outside of that and just in the head tag. As said I am new to JS.

Thanks.

 

[ggriffit]

Try the following :

var thehead = document.getElementsByTagName('script')[0];

var testString = thehead.innerHTML;

if(testString.search("eval") > 0)
{
  if ( confirm("This page may contain invalid obfuscated javascript, you will now be redirected to a malware analyser \n Do you wish to go to this website") )
  {
    window.location.href = '[URL unfurl="true"]http://wepawet.cs.ucsb.edu/index.php'[/URL]
  }
}

the CONFIRM needs to be inside the IF statement.

You will still need to address the fact that "eval" is a valid term in a URL as noted above.

Greg Griffiths
Livelink Certified Developer & ECM Global Star Champion 2005 & 2006

http://www.greggriffiths.org/livelink/

 

[mol40]

Thank you for that.

Regards,

Eileen