A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Eval Villain: Simplifying DOM XSS and JS Reversing - Dennis Goodlett BSides Cleveland 2019 (Hacking Illustrated Series InfoSec Tutorial Videos)

Eval Villain: Simplifying DOM XSS and JS Reversing
Dennis Goodlett

JavaScript cruft is growing faster than my ability to read. Since I can't read every line of code, I need tools to find important lines. Eval Villain is a web extension for Firefox that hooks native JavaScript functions *before* the page loads so that you will be notified every time a function is called. Eval Villain has discovered instances of DOM XSS that only appear in 1 of 100 page loads. It makes the reversing of malicious, second-stage encrypted JavaScript code trivial. I plan on walking through all the features of this tool using examples. To follow along, bring a computer that can run Firefox.

Formerly an award winning published professional magician, Dennis gave up his mediocre career as a mediocre street performer to join Hurricane Labs as a penetration tester in 2013. He has yet to be fired.


Back to BSides Cleveland 2019 video list

Printable version of this article

15 most recent posts on Irongeek.com:


    If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

    Copyright 2019, IronGeek
    Louisville / Kentuckiana Information Security Enthusiast