SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Member Lance(HAOH)'s Avatar
    Join Date
    Mar 2009
    Posts
    17
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Analyzing the actions ofJavascript and PHP code

    Hi. I am doing research on how to write a program which will analyze the actions of a set of JavaScript and PHP code.

    For example:

    If the set of code is "document.write("Hello World");", then my program must be able to tell that the code is trying to write a "Hello World" string to the browser.
    The program must be able to analyze what script has done, not only its visible output.

    I have no idea on how to start. Could someone please advise me?

    Thank you.
    Repay one's country with utmost loyalty

  2. #2
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,671
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    What the scripts are doing? Simply make a list of the actions you wish to detect and search the script's code to detect the functions which perform those actions. On the second level, what are those functions doing (echo or print_r or ... within PHP), e.g., your "Hello World" as the output of a stdout function.

    If you're not concerned with the "internal workings" of a script (database access, include statements, etc), then you could merely capture all output to a string and parse that string - but that's too simple for an educational project.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  3. #3
    SitePoint Member Lance(HAOH)'s Avatar
    Join Date
    Mar 2009
    Posts
    17
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi. Thanks for your advice. The aim that I hope to achieve in my program is to analyze the "internal workings" of a script so that I can determine if the script is trying to do something malicious. According to your post, you recommended me to make a list of actions that I wish to detect. But would this list be too large? Do I have to analyze single line of code to achieve my program's aim?

    Please advise me.
    Repay one's country with utmost loyalty

  4. #4
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Learn how to write a parser for Javascript and PHP then you will know how to do what you are asking. What you want is not something for a beginner, it requires detailed knowledge of the language and of the processors that run it. Deep level stuff.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  5. #5
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,671
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    Too true!

    Lance, you are trying to reinvent the wheel. You will never be able to duplicate applications like maldet which is both designed to identify and remove/quarantine malware AND is updated regularly. It can be run via CRON and will notify you of any malware (in JS or PHP or other signatures it has in its database).

    IMHO, you need to THINK Security from a webmaster's point-of-view where you use VERY strong passwords on everything (control panel login, FTP, telnet, etc), you only upload known "clean" files and you run your own script to check on those files to ensure that they've not been modified (or to report on those modified to you so you know whether you're the one who updated or you'd been hacked). I'd discussed that type of file some time ago and wrote an article for SitePoint on doing just that (hint: try the search button within SitePoint articles; it's only a few months since it was published).

    Finally, IF you are using CANNED applications (WordPress, Joomla, Drupal, ZenCart, OSCommerce, etc) as you MUST check daily and update ASAP in order to beat the "script kiddies" to the hacker websites where the latest exploits will be published. If you delay, you will be hacked (plan on it and make backups regularly).

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •