• Friday , 29 May 2020

Reverse engineering obfuscated JavaScript – PopUnder Chrome 59

Code Canyon

In this video we figure out how to do a popunder in Chrome version 59, by using a trick. Hopefully Chrome fixes this, because I resent this kind of advertisement.

PoC: https://liveoverflow.com/poc/popunder.html

Twitter: https://twitter.com/LiveOverflow
Website: http://liveoverflow.com/
Subreddit: https://www.reddit.com/r/LiveOverflow/
Facebook: https://www.facebook.com/LiveOverflow/

Original source

3d Ocean

Related Posts


  1. Lopaki Siva
    March 28, 2018 at 00:08

    this guy sells a license for a js library that popunders chrome 🙁
    a debugger statement triggers a breakpoint, bastards
    cool i never knew about the pretty-print option
    whats up with the "minified file," description?
    etc host
    is there a "professional" way to write rubbish code? Like how do I do it myself?
    these calls are heavily obfuscated: window.open window.setTimeout createelement() and appendChild
    these api calls
    what is a deprecation warning?
    Notification api was definitely suspicious to me to!
    i tried to connect with my future self, my future self was in some sort of great pain
    there were no iframes inside
    whats going on with that chrome pdf viewer
    I need to learn more about proxy objects
    dynamically created iframe is simply a popup blocker bypass
    alert stops and blocks everything
    wow, that pdf was just a notification calling an alert
    I LOVE base64

  2. Lopaki Siva
    March 28, 2018 at 00:08

    edge_popunder how I hate you!

  3. knighToFdemonS
    March 28, 2018 at 00:08

    Could a re-definition of the window.open function prevent you from analyzing the code? I'm thinking of:
    – You are re-defining the critical functions
    – JS files get loaded
    – On loading the iframe the developer puts in a re-defining of the functions to standard (like window.open = window.open)
    Then your initial re-defining of those functions would be set to normal again before executing the crucial code soooo….in the end your method would not work. Am I right?

  4. Soulsteal Ninja
    March 28, 2018 at 00:08

    This video was awesome, I am a newbie to Js and code in general but not only did I learn a lot it was a cool idea no matter how nefarious it could be.

  5. AbsoluteGuardian
    March 28, 2018 at 00:08

    I'm glad I found this channel. I'd love to see you work with more obfuscated code.

  6. Mehmet Çağrı Arı
    March 28, 2018 at 00:08

    Wouldn't a simple js deobfuscator work? ;P

  7. Overgreen
    March 28, 2018 at 00:08

    So… why is your computer name redstar-os???

  8. deluxe sauce
    March 28, 2018 at 00:08

    Shit; I feel like im watching a rube goldberg machine.

  9. Nope
    March 28, 2018 at 00:08

    Just checked, and it no longer seems to work. Now it just opens the new window in another tab.

    March 28, 2018 at 00:08

    everytime I try to run php server on my local host after editing the hosts file I keep getting a 404 error

  11. HABELFOC _
    March 28, 2018 at 00:08

    This is how publisher make extra money. Implement this tricky to make user less noticeable.

  12. HABELFOC _
    March 28, 2018 at 00:08

    wow… what a tricky! awesome content keep it up! subbed!

  13. Asdayasman
    March 28, 2018 at 00:08

    Please normalise your audio – the outro music was WAY too loud compared to your voice.

  14. luca009 // l9
    March 28, 2018 at 00:08

    https://i.imgur.com/lr488yr.png << Easter Egg?

  15. slap_my_hand
    March 28, 2018 at 00:08

    This is the exact reason why i hate javascript.

  16. Henrry Pires
    March 28, 2018 at 00:08

    How did you manage to download the site and make it run on your machine?

  17. Ziii Mr.
    March 28, 2018 at 00:08

    Очень интересно. Спасибо!

  18. Brian Chandler
    March 28, 2018 at 00:08

    Enjoying vids like these and admire your thinking. I often learn some technique I never thought of trying. Keep'em up. 🙂

  19. Michael O'Leary
    March 28, 2018 at 00:08

    Popunder never should be a thing less your a spy or hacker high jacking users

  20. TkrZ
    March 28, 2018 at 00:08

    @LiveOverflow can you revisit this with his new, updated javascript please?

  21. xorinzor
    March 28, 2018 at 00:08

    And they wonder why people started using adblockers. Well, it's precisely because of these reasons lol.

    EDIT: Surely this could be easily fixed by not allowing JS to be executed in a PDF file? I can't really think of a single reason why you'd want to allow that anyway. Seems kinda like a Trojan Horse idea to me.

  22. Rufis
    March 28, 2018 at 00:08


  23. Giorgi Shalvashvili
    March 28, 2018 at 00:08

    i have i3wm, popunders are practically imposible for me

  24. szach gr
    March 28, 2018 at 00:08

    Do you have in yours plans make some video about JSMiner crypto attack. Similar like pop up but there are no ads but script start run mining some cryptocurrency on our computer 😀 for example coin-hive

  25. -
    March 28, 2018 at 00:08

    Just use Charles Proxy to modify the external site rather than creating a local copy

Leave A Comment

You must be logged in to post a comment.