Page 1 of 1

Get values inside Javascript functions at runtime

Posted: Mon Mar 23, 2009 11:09 am
by ppas
JavaScript Deobfuscator looks very useful. Where can I find the documentation about it?

The javascript code of the page I want to track (combined with Ajax queries) generates an URL, and I am interested in that URL. But Deobfuscator just displays the function code, I have no way of knowing the values generating inside the functions. For example, part of the code of the website is this:

Code: Select all

var B = JSON.stringify(v[F]);
        if (F === 1) {
            location.href = location.protocol + "//" + location.host + location.pathname + location.search + "#" + base64_url_encode(JSON.stringify(v[1]));
        }
        $.post(window.webpath + "/ajax/" + v[F].ajaxpage + ".php?" + C, {settings: B}, A, "json");
I would like to know which location.href is generated. For example, when I hover with my mouse over "location.href" inside Deobfuscator, I would like to see the actual value at run time. Because looking at just pure code is kind of useless for me.

Is Deobfuscator not the right tool to do this? Is there an other tool?

Posted: Mon Mar 23, 2009 1:22 pm
by Wladimir Palant
There is no more documentation for JS Deobfuscator than what you see on https://addons.mozilla.org/addon/10345 - it is just a tool to get a quick overview and mostly self-explaining.

I guess a full-fetched JavaScript debugger like Venkman would be a better tool to inspect variable values. I might at some point add the feature to display the values of function parameter - not really sure about that however because last time I tried I got lots of crashes.

Posted: Mon Mar 23, 2009 2:17 pm
by ppas
I tried JavaScript debugger Venkman in the first place, but it is too complicated for me. I have no idea where to look at when javascript gets executed on a site that I am browsing. Your JavaScript Deobfuscator on the countrary is extremely simple and easy to use. The only option that is missing is to be able to watch the values inside the functions.

Posted: Mon Mar 23, 2009 3:37 pm
by Wladimir Palant
Yes, Venkman user interface isn't great. The other extension with JS debugging functions is Firebug but I'm not sure how extensive its debugging capabilities are. I guess getting values of variables should be possible.

Posted: Mon Mar 23, 2009 4:53 pm
by ppas
Thanks, I can get more information with firebug. Still not found the info I was looking for, but getting closer...

Re:

Posted: Wed Mar 25, 2009 7:27 am
by smk
Yes, firebug is able to view variables, however *actually* debugging the real code could be quite dangerous, since all kinds of stuff could exist
I would say maybe hook some functions before you do this?
then you might type into firebug the variable with the 'safe' code running