Open doctor8296 opened 3 weeks ago
Great find, will add this for 2.0
NodeJS reveals a trace when trying this
@MichaelXF this is interesting behaviour. Probably have to research how different JavaScript engines react to that. But in most cases I am talking about browsers. For node you can try add more functions inside, if it will help.
@MichaelXF It seems you cannot trick node.js with such a construction. However you can come up with analog for node.js:
(async function f() { setTimeout(f); setTimeout(f); })()
I less like this approach since it is uses redefinable constructions such as setTimeout
Also the main point was to trick and confuse browser debuggers, so I have no idea will it be any useful for node.
In your current implementation, you're using an infinite loop, such as
while (true)
orfor(;;)0
, to halt script execution. While this approach works, it quickly reveals the source of the blockage when using standard debugging tools or breakpoints and for an experienced developer it will be pretty easy to prevent or cancel this.However, I've discovered a more advanced and less detectable method by leveraging an immediately invoked asynchronous function, like this:
(just stucks)
What's remarkable is that, when using this method, it becomes extremely difficult to trace where the execution is getting stuck, as debugging tools—at least in Chromium and Firefox—fail to provide any clear indication. Additionally, by embedding a redirect inside this function, such as:
window.location.href = "https://example.com/script-is-blocked";
the behavior becomes even harder to track or bypass.It's important to note that the function must be asynchronous for this technique to work effectively.