https://kapravelos.com/projects/vv8

  * Home
  * Publications
  * Teaching
  * Advice
  * CV
  * Contact
  * 

VisibleV8

Overview

VisibleV8 (VV8) is a custom variant of the V8 JavaScript engine at
the heart of the Chromium browser, the Node.js application runtime,
and probably other titans of the modern software world. Maintained
and distributed as a minimally-invasive and maintainable patchset,
VV8 captures and logs the following activities in plaintext logs:

  * All JS function calls that cross the JS/hosting-application
    boundary (i.e., calls to what V8 internally dubs "API" functions,
    like window.alert in a browser)
  * Named (e.g., foo.bar) or keyed (e.g., foo["bar"]) property
    lookups for which the receiver (e.g., foo) refers to an object
    defined by the hosting application or the global object
  * Assignments to named or keyed property expressions involving
    receiver objects defined by the hosting application (or the
    global object)
  * Reflect.get and Reflect.set API access to properties on hosting
    application-defined objects

Log records directly or indirectly include the following context:

  * Source code of the immediately active/invoking script
  * Simple provenance details of active script (i.e., source URL or
    eval-ing script)
  * Character offset of function call/property access within active
    script
  * Receiver type information (i.e., constructor/prototype function
    name)
  * Property/function name
  * Value (for primitive values) or type information (for objects)
    passed to function calls as arguments or as the new property
    value for property assignments

Papers

 1. Hiding in Plain Site: Detecting JavaScript Obfuscation through
    Concealed Browser API Usage
    Shaown Sarker, Jordan Jueckstock, Alexandros Kapravelos
    Proceedings of the ACM Internet Measurement Conference (IMC),
    2020
    [PDF] [Bibtex]
    x

    @inproceedings{jsobf-imc20,
      title = {{Hiding in Plain Site: Detecting JavaScript Obfuscation through Concealed Browser API Usage}},
      author = {Sarker, Shaown and Jueckstock, Jordan and Kapravelos, Alexandros},
      booktitle = {{Proceedings of the ACM Internet Measurement Conference (IMC)}},
      month = oct,
      tag = {vv8},
      year = {2020}
    }

 2. VisibleV8: In-browser Monitoring of JavaScript in the Wild
    Jordan Jueckstock, Alexandros Kapravelos
    Proceedings of the ACM Internet Measurement Conference (IMC),
    2019
    [PDF] [Bibtex] [website] [slides] [talk] [code]
    x

    @inproceedings{vv8-imc19,
      title = {{VisibleV8: In-browser Monitoring of JavaScript in the Wild}},
      author = {Jueckstock, Jordan and Kapravelos, Alexandros},
      booktitle = {{Proceedings of the ACM Internet Measurement Conference (IMC)}},
      month = oct,
      howpublished = {/projects/vv8/},
      code = {{https://github.com/wspr-ncsu/visiblev8}},
      slides = {/presentations/vv8-imc19.pdf},
      talk = {https://vimeo.com/showcase/6531379/video/369121825#t=3500s},
      tag = {vv8},
      year = {2019}
    }

Availability

The VV8 patches, tests, build scripts, and documentation are all
available on GitHub.

(c) 2022 Kapravelos