You can by-pass ad-block detection
@MrGood8 how?!?!
I would like to have finer control over what js files get executed. Or even better, which js functions. I'd rather not visit the js debug menu for every site I visit, and also this is beyond Greasemonkey or NoScript's functionality. Any recommendation, @thibault ? or anyone else? Do I have to learn how to make a browser extension?
@CtripleA "What js files get executed"
I have to assume you mean JS Code and not "JS Files" because JS Files, technically, do not exist. They are simply text files with, or without, an extension that tells the OS and Humans what to do with it but a JS Engine doesn't care (and shouldn't).
Nitpick aside, I doubt very seriously that you will ever find anything remotely close to what you are describing. Sounds like you want to be able to load a website and then determine what, if any, JS Code gets executed? The extension would have to ask you, line by line, whether you wanted to execute that code or not. It scares me to even consider how many prompts you would get if you loaded a Facebook page of images and had to enable/disable every one of them.
Can you give a specific example of code you would want to disable? There are ways to accomplish that without a prompt, but, generally speaking, doing so will cause most of the other javascript on the page to not work and make the site useless.
Ex: You want to disable the window.open command (which is how most popup blockers work). You can have an extension insert the line window.open = new Function (return null;); at the beginning of the page and anytime the window.open command is called to open a new window, it will return null and not open the window.
If I have made an incorrect assumption, please correct me. Or, give a specific scenario you want to control. It may or may not be possible. Without specifics though, the only honest answer would have to "Maybe but very very highly unlikely".
I have to assume you mean JS Code and not "JS Files" because JS Files, technically, do not exist. They are simply text files with, or without, an extension that tells the OS and Humans what to do with it but a JS Engine doesn't care (and shouldn't).
Nitpick aside, I doubt very seriously that you will ever find anything remotely close to what you are describing. Sounds like you want to be able to load a website and then determine what, if any, JS Code gets executed? The extension would have to ask you, line by line, whether you wanted to execute that code or not. It scares me to even consider how many prompts you would get if you loaded a Facebook page of images and had to enable/disable every one of them.
Can you give a specific example of code you would want to disable? There are ways to accomplish that without a prompt, but, generally speaking, doing so will cause most of the other javascript on the page to not work and make the site useless.
Ex: You want to disable the window.open command (which is how most popup blockers work). You can have an extension insert the line window.open = new Function (return null;); at the beginning of the page and anytime the window.open command is called to open a new window, it will return null and not open the window.
If I have made an incorrect assumption, please correct me. Or, give a specific scenario you want to control. It may or may not be possible. Without specifics though, the only honest answer would have to "Maybe but very very highly unlikely".
@OneDummHikk
You're basically on point, but I wanna be able to choose the granularity wheter it's line by line, function by function, or file by file. And yeah I didn't consider that some functions/files will crash the JS engine if they didn't return anything.I'm fine with the prompts, to be honest, as long as I only have to encounter them once per website. And I get an initial prompt of how much JS code will be executed.
An example is the BlockAdblock script. Or the js crypto miners. Or a site that pretends to be static but actually logs your IP address, user agent, etc.
You're basically on point, but I wanna be able to choose the granularity wheter it's line by line, function by function, or file by file. And yeah I didn't consider that some functions/files will crash the JS engine if they didn't return anything.I'm fine with the prompts, to be honest, as long as I only have to encounter them once per website. And I get an initial prompt of how much JS code will be executed.
An example is the BlockAdblock script. Or the js crypto miners. Or a site that pretends to be static but actually logs your IP address, user agent, etc.
I highly doubt you will ever find one that will give you that much control simply due to the complexity of it. Without even getting into code between script tags, code in external files or even code in a Frame or IFrame, just code that is inside of an HTML tag such as onload="submitThatSecretFormOverThere()" all the way to an external file that uses document.write to write a new external script tag that loads a file that then attempts to dynamically load an external file that will then attempt to load yet another external file using an httpRequestObject() that will then attempt to use createNode to create a script tag that will load the actual file that it wanted to that that will then use an eval to execute some code.
Thats attempting to load 6 external files that the browser has absolutely no way of knowing whether it loaded or not. And then to get into whats inside the files, the functions, etc...
And then obfuscate the obfuscated code. Uggghhhh
It can become so convoluted so fast that it can induce a migraine even thinking about it.
Simple question. The browser has no way of knowing whether a file has completed loading yet. So, a page attempts to load an external file and in that file is a function. Nothing else, just the definition of a function. Any add-on would have no way of knowing whether to wait on more code in the file, or, to move on to the next line of code in the browser.
The simplest way would probably be to try to write an extension that would site between the browser and javascript engine and any time a call was made to the engine then you prompt the user "You want to execute this code?". The problem is that the engine is embedded in the browser. So, you would have to hack the browser to inject code into it so that your extension would work. Ummm, I don't think Microsoft, Google or Apple would let that extension last for very long.
If there are certain functions that you want to disable its simply a matter of having a proxy inject code into the incoming page to nullify that function name. Otherwise, it becomes a nightmare before you even get started.
As for IP Address, User Agent String and all that other garbage that some web designers think they just can't possibly survive without, they don't know what they are doing.
Every bit of that information is available to the server. Anything gotten from the client is suspect at best. If you want to maintain anonymity (a lot of people do) then look into a VPN (Virtual Private Network) which allows you to spoof that information.
The userAgent string provided by my Motorola Phone using the Google Chrome browser is the exact same string that Internet Explorer 8 reports. Yep, my Chrome browser will tell you that its IE8. So much for useful information, eh?
P.S. Just for giggles, assume you created an extension that asked you to approve or disapprove every line of code. You load a page and at prompt number 23453424345643634 it asks you whether to execute this code:
eval(decode(debug(unobfuscate('qerwituyhwq49886yowel'))))
would you allow it to execute or not? Yeah, convoluted would be an understatement :)
Thats attempting to load 6 external files that the browser has absolutely no way of knowing whether it loaded or not. And then to get into whats inside the files, the functions, etc...
And then obfuscate the obfuscated code. Uggghhhh
It can become so convoluted so fast that it can induce a migraine even thinking about it.
Simple question. The browser has no way of knowing whether a file has completed loading yet. So, a page attempts to load an external file and in that file is a function. Nothing else, just the definition of a function. Any add-on would have no way of knowing whether to wait on more code in the file, or, to move on to the next line of code in the browser.
The simplest way would probably be to try to write an extension that would site between the browser and javascript engine and any time a call was made to the engine then you prompt the user "You want to execute this code?". The problem is that the engine is embedded in the browser. So, you would have to hack the browser to inject code into it so that your extension would work. Ummm, I don't think Microsoft, Google or Apple would let that extension last for very long.
If there are certain functions that you want to disable its simply a matter of having a proxy inject code into the incoming page to nullify that function name. Otherwise, it becomes a nightmare before you even get started.
As for IP Address, User Agent String and all that other garbage that some web designers think they just can't possibly survive without, they don't know what they are doing.
Every bit of that information is available to the server. Anything gotten from the client is suspect at best. If you want to maintain anonymity (a lot of people do) then look into a VPN (Virtual Private Network) which allows you to spoof that information.
The userAgent string provided by my Motorola Phone using the Google Chrome browser is the exact same string that Internet Explorer 8 reports. Yep, my Chrome browser will tell you that its IE8. So much for useful information, eh?
P.S. Just for giggles, assume you created an extension that asked you to approve or disapprove every line of code. You load a page and at prompt number 23453424345643634 it asks you whether to execute this code:
eval(decode(debug(unobfuscate('qerwituyhwq49886yowel'))))
would you allow it to execute or not? Yeah, convoluted would be an understatement :)
Interesting info. Yes it's complicated as hell, but that's exactly why I want to learn more about it. How else did "experts" discover that Pirate Bay has cryptomining js code? Or that facebook records everything you do even if you're not logged in? Those "experts" didn't learn the needed skills in university, that I can tell you. They definitely had tools to sift through thousands of lines of js code. I imagine the default js debug tools by firefox & chrome are helpful but won't be enough.
Maybe it's time to switch to Chromium and learn some C++, or Python, or whatever they use. As you said, it might involve hacking the browser.
Maybe it's time to switch to Chromium and learn some C++, or Python, or whatever they use. As you said, it might involve hacking the browser.
I am aware of the crypto-mining of Pirate Bay, but, the claim "Or that facebook records everything you do even if you're not logged in?" would have to be proven to me as I don't believe it. Someone can have a lot of fun trying to convince me that a website I am not signed into can record what I am doing on my PC. The ads that Facebook shows you isn't proof of that. The ads are done by cookies and nothing more.
You use a proxy to intercept traffic between your device and the servers. Then you can work backwards and see what they are collecting. As a very long term JS Programmer(27+ years) I can assure you it isn't learned by sifting through thousands of lines of jibberish code that Facebook, Pirate Bay or anybody else puts out. 99% of the garbage that tries to get collected can be found out from the server without using Javascript (or any other potential client side language).
If you find a site that you think has malicious code there are easier ways to find it than trying to invent a web browser extension to try to find it.
You use a proxy to intercept traffic between your device and the servers. Then you can work backwards and see what they are collecting. As a very long term JS Programmer(27+ years) I can assure you it isn't learned by sifting through thousands of lines of jibberish code that Facebook, Pirate Bay or anybody else puts out. 99% of the garbage that tries to get collected can be found out from the server without using Javascript (or any other potential client side language).
If you find a site that you think has malicious code there are easier ways to find it than trying to invent a web browser extension to try to find it.
I use Mozilla Firefox there is extension (add on) called adblocker by-pass look for it. You will have to look in the browser add-on it may be what you need read the instructions
Do you know any good (open source) extension that allow you to autoset tour cookies preferences ?
This topic has been archived and can no longer be replied to.