search

maierfelix / Iroh

Dynamic code analysis tool - Exploit, record and analyze running JavaScript
https://maierfelix.github.io/Iroh/
MIT License
926 stars 45 forks source link

How to run Iroh against large JS libraries? #13

Open evanrolfe opened 5 years ago

evanrolfe commented 5 years ago

Hi, first of all this library is awesome, thanks for the contribution!

I would like to run Iroh against large js libraries like Jquery, React etc. however I am having trouble loading the entire library code into a string in order to pass it to Iroh.Stage(). For example, if you try and load the entire jquery 3.4.1 code into a string using like so:

const jqueryCode = `<JQUERY_CODE_GOES_HERE>`;
const stage = new Iroh.Stage(code);

Then it raises this error:

Uncaught SyntaxError: Octal escape sequences are not allowed in template strings.

I suppose I could do some find/replace operations on jquery.js and make the code able to be stored in a string but this is time consuming and I would like to be able to run Iroh against ANY javascript library. Do you have any ideas on how I can achieve this? Thanks, Evan.

sns-sem commented 5 years ago

One way around this is by creating a file with the code in it and reading it, or using a request library and fetching it.

const { data: jquery } = await axios.get(JQUERY_CDN_URL);
const stage = new Iroh.Stage(jquery);

While I'm not doing this for jQuery, I am doing this for a large library and I get the same error as you doing it the "normal" way.