Building a Browser for Reverse Engineers
4 hours ago
- #browser-fingerprinting
- #chrome-devtools-protocol
- #web-reverse-engineering
- The author discusses their passion for AST transforms, browser fingerprinting, and anti-bot circumvention.
- They describe their initial workflow as primitive, involving manual script analysis and bespoke deobfuscators.
- The author wanted to build a web reverse-engineering Swiss Army knife to automate and streamline their process.
- They started by creating a browser extension to hook into JavaScript functions like Array.prototype.push.
- The extension used Chrome's content scripts to inject hooks early in the page load process.
- They discovered that content scripts run in an isolated world, preventing direct interaction with page scripts.
- The author then explored the Chrome DevTools Protocol (CDP) to inject scripts before page scripts load.
- They built a proof-of-concept using Electron to demonstrate the effectiveness of CDP for hooking functions.
- The project evolved to include a user interface for monitoring hooked function calls, such as Canvas API methods.
- The author tested the tool on sites like TikTok and Cloudflare Turnstile, observing fingerprinting techniques.
- They encountered challenges with out-of-process iframes (OOPIFs) and developed a solution using CDP's Target.attachedToTarget event.
- The author identified leaks in their runtime patches, such as function.toString() revealing instrumentation.
- To address these leaks, they forked Chromium and created a custom CDP domain for stealthy function hooking.
- They added features like automatic deobfuscation, property overwriting, and fingerprint payload decryption.
- Future goals include abandoning Electron for a lighter solution, expanding hook coverage, and potentially open-sourcing the project.