Analyzing JavaScript Samples

1. Introduction to JavaScript Analysis:

  • Tools Used:

    • Popular Browsers: Microsoft Edge, Google Chrome, Mozilla Firefox.

    • Developer Tools: Integrated within browsers to debug or inspect webpages.

    • Visual Studio Code: Another tool to analyze JavaScript code.

  • JavaScript File Locations:

    • Embedded in HTML source code.

    • As standalone .js files.

  • HTML Requirement:

    • JavaScript debugging often requires embedding the script in an HTML file since browsers standardly read HTML.

2. Practical Analysis - JavaScript Files:

  • Samples to Analyze: (say)

    • re_basicjs.js

    • re_texrjs.html

  • Preparation:

    • Restored VM image, copied and extracted course files, and ran fakeness.

3. Analyzing re_basicjs.js:

  • Initial Inspection:

    • Use Notepad++ to inspect the JavaScript sample.

    • Rotten Tomatoes Function:

      • Appears to perform string character replacements.

      • Used with variables str1 and str2, which are joined into a variable named flag.

  • Loading the JavaScript File in a Browser:

    • Step 1: Write an HTML loader file in Notepad++ to load re_basicjs.js.

    • Step 2: Save the file as loader.html.

    • Step 3: Open loader.html in Firefox by dragging and dropping it into the browser.

4. Debugging with Firefox Developer Tools:

  • Opening Developer Tools:

    • Press F12 to open Developer Tools in Firefox.

  • Locating the JavaScript File:

    • Go to the Debugger tab, expand the file tree under the Main Thread section.

    • Locate re_basicjs.js.

  • Setting a Breakpoint:

    • Place a breakpoint on line 14, where str1 is assigned.

  • Reloading the Page:

    • Press F5 to reload the page and trigger the breakpoint.

  • Using Debugging Tools:

    • Step Over (F10): Skip over function calls.

    • Step In (F11): Step into function calls for detailed analysis.

  • Watching Variables:

    • Add the flag variable to the Watch Expressions window to track its value as the script executes.

    • Alternatively, hover the mouse pointer over the flag variable to reveal its content.

5. Key Takeaways:

  • Combining Tools:

    • Use text editors like Notepad++ for initial inspection and browser Developer Tools for dynamic debugging.

  • HTML Integration:

    • Essential to house JavaScript within HTML for effective debugging in browsers.

  • Debugging Strategies:

    • Breakpoints and watch expressions are crucial for understanding the flow and outcomes of JavaScript variables and functions.

  • Practical Approach:

    • Skipping complex functions like Rotten Tomatoes can save time when the main objective is to reveal key variable contents, like the flag in this case.

PreviousAnalyzing PowerShell ScriptsNextAnalyzing JavaScript in HTML

Last updated