So many bad payloads hide in comments , when you try to deobfuscate and analyse if there is alot of payload in comments JStillery put errors or sometimes completely ignore them
It would be nice to have an option to keep comments intact
For example :
var malicious_payload = (function () {/*
Bad code can be here
Must of the time they hide in 1000 comments each containing a single character
They get extracted and run using custom methods
*/}).toString().match(/[^]*\/\*([^]*)\*\/\}$/)[1];
alert(malicious_payload);
I saw a clever one he had this between code
/*! jQuery v3.4.1 | (c) JS Foundation and other contributors | jquery.org/license */
used a custom method to create a URL from jquery comment and load another payload
I was scratching my head for a long hour cause I couldn't find whats happening
To be fair it was hiding inside a asm which was getting converted to wasm and had 10 layers of crap and virtual dom all over the place
Anyway it would be nice if you keep the comment in, our detect such behavior
So many bad payloads hide in comments , when you try to deobfuscate and analyse if there is alot of payload in comments JStillery put errors or sometimes completely ignore them It would be nice to have an option to keep comments intact
For example :
I saw a clever one he had this between code
/*! jQuery v3.4.1 | (c) JS Foundation and other contributors | jquery.org/license */used a custom method to create a URL from jquery comment and load another payload I was scratching my head for a long hour cause I couldn't find whats happening To be fair it was hiding inside a asm which was getting converted to wasm and had 10 layers of crap and virtual dom all over the placeAnyway it would be nice if you keep the comment in, our detect such behavior