In this video we figure out how to do a popunder in Chrome version 59, by using a trick. Hopefully Chrome fixes this, because I resent this kind of advertisement.
PoC: https://liveoverflow.com/poc/popunder.html
————————————–
Twitter: https://twitter.com/LiveOverflow
Website: http://liveoverflow.com/
Subreddit: https://www.reddit.com/r/LiveOverflow/
Facebook: https://www.facebook.com/LiveOverflow/
Original source
25 responses to “Reverse engineering obfuscated JavaScript – PopUnder Chrome 59”
this guy sells a license for a js library that popunders chrome 🙁
a debugger statement triggers a breakpoint, bastards
cool i never knew about the pretty-print option
whats up with the "minified file," description?
etc host
is there a "professional" way to write rubbish code? Like how do I do it myself?
these calls are heavily obfuscated: window.open window.setTimeout createelement() and appendChild
these api calls
what is a deprecation warning?
Notification api was definitely suspicious to me to!
i tried to connect with my future self, my future self was in some sort of great pain
there were no iframes inside
whats going on with that chrome pdf viewer
I need to learn more about proxy objects
dynamically created iframe is simply a popup blocker bypass
alert stops and blocks everything
wow, that pdf was just a notification calling an alert
productforums.google.com
I LOVE base64
edge_popunder how I hate you!
Could a re-definition of the window.open function prevent you from analyzing the code? I'm thinking of:
– You are re-defining the critical functions
– JS files get loaded
– On loading the iframe the developer puts in a re-defining of the functions to standard (like window.open = window.open)
Then your initial re-defining of those functions would be set to normal again before executing the crucial code soooo….in the end your method would not work. Am I right?
This video was awesome, I am a newbie to Js and code in general but not only did I learn a lot it was a cool idea no matter how nefarious it could be.
I'm glad I found this channel. I'd love to see you work with more obfuscated code.
Wouldn't a simple js deobfuscator work? ;P
So… why is your computer name redstar-os???
Shit; I feel like im watching a rube goldberg machine.
Just checked, and it no longer seems to work. Now it just opens the new window in another tab.
everytime I try to run php server on my local host after editing the hosts file I keep getting a 404 error
This is how publisher make extra money. Implement this tricky to make user less noticeable.
wow… what a tricky! awesome content keep it up! subbed!
Please normalise your audio – the outro music was WAY too loud compared to your voice.
https://i.imgur.com/lr488yr.png << Easter Egg?
This is the exact reason why i hate javascript.
How did you manage to download the site and make it run on your machine?
Очень интересно. Спасибо!
Enjoying vids like these and admire your thinking. I often learn some technique I never thought of trying. Keep'em up. 🙂
Popunder never should be a thing less your a spy or hacker high jacking users
@LiveOverflow can you revisit this with his new, updated javascript please?
And they wonder why people started using adblockers. Well, it's precisely because of these reasons lol.
EDIT: Surely this could be easily fixed by not allowing JS to be executed in a PDF file? I can't really think of a single reason why you'd want to allow that anyway. Seems kinda like a Trojan Horse idea to me.
cool
i have i3wm, popunders are practically imposible for me
Do you have in yours plans make some video about JSMiner crypto attack. Similar like pop up but there are no ads but script start run mining some cryptocurrency on our computer 😀 for example coin-hive
Just use Charles Proxy to modify the external site rather than creating a local copy