Wednesday, March 19, 2008

Cool Firefox / JavaScript Trick

Here's an easy trick for deobfuscating JavaScript within Firefox. Via BornGeek and Offensive Computing.

  1. Launch Firefox and browse to 'about:config'
  2. Create a new boolean config preference named browser.dom.window.dump.enabled and set it to 'true'
  3. Close Firefox. Now run "firefox.exe -console". A console window will open along with the browser window.
  4. Edit file containing obfuscated JavaScript and replace "document.write" with "dump"
  5. Open the file in Firefox.
    1. Disable NoScript, Firebug, or other scripting add-ons and reload the file if necessary.
  6. Switch to the JavaScript Console window. Now you can read the deobfuscated code.
You can do this with Rhino or SpiderMonkey, so it's nothing new. But the setup is really simple and easy to use, so if you've been avoiding the other tools available because they're hard to use, this may be what you've been waiting for.

No comments: