Closed mbomb007 closed 7 months ago
Are you trying to deobfuscate TypeScript or JSX (e.g. React code)? If so it isn't supported via the website. You can try cloning the repo and enabling the Babel parser plugins that the error message mentions, but the deobfuscator isn't intended to support them so can't guarantee it will work.
No. It was HTML and JavaScript that I got from a malicious/spam email attachment
Does the website not support pasting full HTML? Spam emails often put attributes or other strings of the malicious attachment into HTML.
If it's not supported, it'd be great if the UI would show an error or something, rather than expecting users to open the console.
It doesn't support deobfuscating HTML, no. You can paste the content of any JS script tags into the deobfuscator though and it should work.
I will add better error handling to my to-do list.
Is there a nice way to deobfuscate JS that has different parts of its JS script placed as pieces of or inside of HTML elements? For example, to have a virtual DOM and watch as it is run? The best way I can think of is to unplug the computer from the network and open in a browser inside a VM, but the code will still be messy as can be and unreadable.
You could use a HTML parser and select the content of any JS script tags. If you wanted it to work for non-inline JS then you would have to also fetch the source before deobfuscating.
On both Firefox and Chrome-like, I get this error in my browser console when clicking "Deobfuscate".