#12 – Starting our relationship with PhantomJS

Hey.

Today I’ll get back to my roots and talk about information technology or more specifically computer security. I wanted to get started to PhantomJS because I wanted a way to deobfuscate easily a JavaScript file since my only way to doing that is either doing it manually (with jsbeautifier + manual/replacing eval to console.log) or using an old firefox deobfuscator plugin not available on recent versions. I don’t know yet if I’ll need to change the core/edit the source of PhantomJS or if the tools I need to do that are already packed inside.

What is PhantomJS

Basically, I always saw PhantomJS (sometimes with CasperJS) as a sandboxed javascript emulator. I started to hear about it from CTF challenges that needed participants to exploit XSS vulnerabilities. Since people didn’t want to use real browsers, they needed a scriptable approach and that’s why they used PhantomJS.

Installation

You can use the pre-compiled binaries here. I decided to use the 2.1.1 sources and build it myself using the build.py packaged, because I didn’t manage to launch the pre-compiled binaries on my OS and didn’t want to fiddle too much with my system. The building time can take between 30mn to a few hours apparently. I’ll keep the installation building when I’ll try to learn what I can, I guess I’ll be able to work on it only for the next article.

Quick usage

The usage seems pretty straightforward:

phantomjs file.js

Will execute the javascript file as if it was executed inside a browser. You can create a web page object to load a page as if it was loaded inside a browser (code snippet taken from the quick start page):

var page = require('webpage').create();
page.open('http://example.com', function(status) {
 console.log("Status: " + status);
 if(status === "success") {
 page.render('example.png');
 }
 phantom.exit();
});

You can also use the evaluate() function to evaluate function in the context of the page. That could be useful for debug purpose or to return interesting information after the page execution. You could also use the onConsoleMessage callback to be able to see console.log messages. onResourceRequested and onResourceReceived can be used to track network requests and responses.

The graal

What we want to be able to accomplish our project easily is a function able to print the current action evaluated and I couldn’t find it easily using phantomjs. I might see next time if I can find that option or if I could code something to inject in JS to be able to see other js calls. I’ll maybe check the code source of the previous working deobfuscator plugin as well to see how it worked and maybe emulate something similar if needed.

Leave a Reply

Your email address will not be published.