InformAction Forums

Hi all,

I'm a academic researcher interested in real-time analysis of js in FF. We're trying to block/pause script execution until after the analysis on the script is complete. While we know quite a bit about script analysis, we know less about how FF loads/executes scripts.

For instance, we hooked the debugger but, for various reasons, we'd like to analyze the script in the state it will be inserted into the html (e.g. with linebreaks/comments/etc). So, we can grab the script content from the DOM but only *after* the script has been executed.

Any advice on getting raw script (before js engine preprocesses it), blocking until analysis is complete and then allowing execution (webpage loading) to continue?

Thanks much,

Peter
p.s. New to the forum, let me know if I should post elsewhere...

Attach a packet-sniffer?

http://www.wireshark.org/ ? ... many others out there. Capture it before it even enters the machine.

I *think* that's what you want, rather than how NS actually blocks things, but please forgive me if I misunderstood.

And no worries about where to post. This was fine.

(For non-NoScript or Flashgot-related tech questions, we do have an "off-topic" forum, "Extras", and sub-forum, "Web Tech", which would be fine. But you may have further NoScript-related questions, so no reason to move it.)

I hate to contradict a dear friend, but a packet sniffer like WireShark is used for watching network traffic and data types and packets coming in and leaving, not really useful in analyzing the inner workings of the JS engine. For that you need something more like a DOM debugger attached that collects the activity, sort of like the debugger you would run in an IDE to watch the code work. I am pretty sure Giorgio uses it, most of the people doing code debugging, testing and benchmarking at Mozilla use them, but the problem is that most if not all, are NOT user friendly, highly technical and rarely graphical.

That all being said, if you use the method within Mozilla that NoScript uses, specially the ABE engine, then you can analyze the scripts before they are loaded, that's how Giorgio knows the page has scripts and what they are and blocks them or allows them accordingly. You can use the same method to capture, intercept and analyze.

nsITraceableChannel is your friend.
Also, http://www.softwareishard.com/blog/fire ... p-traffic/ (full path: http://www.softwareishard.com/blog/fire ... p-traffic/)

GµårÐïåñ wrote:I hate to contradict a dear friend, but a packet sniffer like WireShark is used for watching network traffic and data types and packets coming in and leaving,...

I was thinking of, say, the packets flowing between router (or modem) and machine, and ID-ing the JS related ones. But if that wasn't what the OP wanted, or isn't correct, of course no offense taken. (I don't use such tools myself.)

The second of Giorgio's links says:

The main purpose of the nsITraceableChannel interface is to register a stream listener (nsIStreamListener) into an HTTP channel and monitor all data in it.
In order to register the listener within every incoming HTTP channel we also need to observe http-on-examine-response event. This event is fired whenever a response is received from the server, but before any data are available.

This is what I had in mind: catch it on the HTTP port as the firewall does, either before or after the firewall does. Apparently I misinterpreted, and it needs to hit the browser first...

Thanks to both of you for correcting me.