this post was submitted on 08 Aug 2023
66 points (100.0% liked)

Firefox

17955 readers
279 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS
 

I'm trying to take a look at a scamming website, but it's using the debugger spamming to make reverse engineering difficult. Is there a way to just disable the debugger keyword? I don't really like to give the websites control over whatever I want to view.

all 14 comments
sorted by: hot top controversial new old
[–] [email protected] 11 points 1 year ago (1 children)

Try the icon next to the cog, right hand, middle of the screen. It should disable all breakpoints

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (2 children)

That icon did skip over the debugger keyword, but it didn't solve my issue because it still prevented me from viewing that website's source. Now the websites just becomes super laggy. I'm assuming that there's a forever loop that does nothing running in the background now that the debugger keyword constantly gets skipped over.

Can there be a solution where I can replace debugger to something that can cause the thread to sleep for like half a second?

[–] [email protected] 5 points 1 year ago

oh that forever loop caused my browser to crash

[–] [email protected] 1 points 1 year ago

How about a browser extention which replaces the debugger keyword in all downloaded js source with void 0 or something?

[–] [email protected] 7 points 1 year ago (1 children)

Someone made a build that replaces it here: https://github.com/Sec-ant/anti-anti-debugging-debugger-firefox

There is also a userscript but I haven't tested how well it works: https://greasyfork.org/en/scripts/440060-anti-anti-debugger

Some searches of the addon store come up with similar anti debugger extensions, again not tested.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

I used the greasymonkey script with tampermonkey without any modification. And it seems like that script magically worked even though the code doesn't look like it applies to all of the cases. Thanks, this helped a lot.

Update: After further testing, the script doesn't really help a lot, because it broke all the JavaScript used on that website all together, which explains why the debugger stopped spamming. Disabling all the JavaScript is not what I want; I want to be able to use the browser tools to trace certain functions.

[–] [email protected] 6 points 1 year ago (1 children)

would it help to curl down the source html and scripts? I'm no professional at dealing with malicious code, but i would definitely recommend doing it inside a clean VM or docker container or something

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago) (1 children)

curl the source down works, but it makes things more complicated. The source code is obfuscated making it incredibly hard to read. This is where using the web debugging tools shine. If I want to figure out which code is trigger what, I can just look at the call stack. I also wanted to look at the internet traffic to see how things work from there. I could intercept all the HTTP requests but that wouldn't give things like the call stack. I think it would be much easier if there's a way stopping the debugger spamming trick.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

ah ok makes sense. maybe after curling you can delete the debuggers/infinite loops in the scripts and then load all that locally into the browser for the tools? will just need to change the script sources go be your local copies

[–] [email protected] 3 points 1 year ago

Could get a plugin to disable JS on that page until you source and disable the code

[–] [email protected] 3 points 1 year ago (1 children)

You can at least disable it per-occurance by right clicking the line number and telling it not to break on that line

[–] [email protected] 5 points 1 year ago

that doesn't work because the debugger spam spawns a new console/thread or whatever; making a "new file" every time the spam started. There's no fixed line number to skip over.

[–] [email protected] 2 points 1 year ago (1 children)

Did you find a way to do it?

The last time I ran into this problem I did manage to find a way to disable the debugger spam, but I don't remember how I did it.