[HN Gopher] Show HN: I'm building a browser for reverse engineers
___________________________________________________________________
Show HN: I'm building a browser for reverse engineers
Author : nullpt_rs
Score : 108 points
Date : 2025-10-06 15:32 UTC (1 days ago)
(HTM) web link (nullpt.rs)
(TXT) w3m dump (nullpt.rs)
| tducret wrote:
| Very interesting, thanks!
|
| For the fingerprinting part, can you explain the difference with
| the JShelter browser extension (https://jshelter.org/)?
|
| I checked as you did in your demo video with
| https://demo.fingerprint.com/playground (using JShelter in
| Firefox). It produces a fingerprint detector report, like so :
|
| { "fpd_evaluation_statistics": [ {
| "title": "Navigator.prototype.plugins", "type":
| "resource", "resource": "get",
| "group": "BrowserProperties", "weight": 0,
| "accesses": 0 }, {
| "title": "MediaDevices.prototype.enumerateDevices",
| "type": "resource", "resource": "call",
| "group": "BrowserProperties", "weight": 1,
| "accesses": 2 }, [...]
|
| }
|
| However, it appears there is no way to display what was actually
| produced by the browser.
|
| Was this the reason you had to build your own browser? Or is it
| possible to extend JShelter to do the same?
| nullpt_rs wrote:
| Ooh nice, I haven't seen this project! I actually tried
| attempting this as an extension at first but wasn't able to
| override page window functions. I'm curious to know how they
| accomplished this. (edit: I see that I missed the
| chrome.scripting API _facepalm_ )
|
| Thank you for sharing :)
|
| FWIW I still think a custom browser approach has some benefits
| (stealth and executing in out of process iframes. could be
| wrong on the second part, haven't actually tested!)
| leptons wrote:
| Most of my job is reverse engineering a major website builder
| company's code so we can leverage their undocumented features.
| It's often a difficult job but your project could make it easier.
| I'm sure there are others out there that will find this useful.
| tbrockman wrote:
| Not to comment on the rest of article or the author's goals, but
| it's absolutely possible to use a content script (dynamically
| injected into the `main` world, as opposed to the default
| `isolated`, for example: https://github.com/tbrockman/browser-
| extension-for-opentelem...) and Proxy's
| (https://developer.mozilla.org/en-US/docs/Web/JavaScript/Refe...)
| to hook (most? if not all) Javascript being executed in the
| webpage transparently.
|
| Which for some functionality would have been a bit more portable
| and involved less effort.
| nullpt_rs wrote:
| Thanks for sharing some examples! Someone shared a similar
| project in the other thread. I didn't realize this at the time
| of writing haha.
|
| FWIW I still think modifying the browser has some positives wrt
| stealth and hooking out of process frames (could be wrong on
| the second part, haven't actually tested!)
|
| Still good to know though will leave a note in the article :-)
| tbrockman wrote:
| Yeah, there's a pretty overwhelming amount of browser APIs
| and functionality which isn't always (well-)documented to
| learn about. If I recall correctly Proxies wouldn't be
| detectable (seems to be supported by
| https://exploringjs.com/es6/ch_proxies.html#sec_detect-
| proxi...) so long as your injected content script runs first
| (otherwise other code could presumably override the Proxy
| constructor). You should also be able to hook any embedded
| frames by setting `target: { ..., allFrames: true }`.
| 2bird3 wrote:
| To note, there are undocumented detections to even Proxys,
| for example using `in` operator in v8 (such as `proxiedFunc
| in 1` for some proxied function). Really cool to see a
| project like this.
| Retr0id wrote:
| I have a project (in my rather long project backlog) that
| involves hooking JS APIs to download youtube videos. I'm
| worried that if my extension (or a similar extension) gained
| enough popularity, youtube would start inspecting the relevant
| JS objects to see if they'd been replaced with proxy instances.
|
| Aside from playing a hooking/patching game of cat and mouse, I
| don't think this is fully solvable without modifying the
| browser engine itself - then you can hook things in a way
| that's completely transparent to the JS in webpages.
| coolelectronics wrote:
| could be very useful for my work, nice to see
| Matheus28 wrote:
| You can just use Proxy to get around toString shenanigans and
| prevent any detection whatsoever.
| nullpt_rs wrote:
| Someone mentioned this as well in another comment. Turns out
| most of this could've been done as an extension after all :-)
|
| edit: actually, wouldn't you still need to override the global
| you'd like to instrument? At that point, the toString of the
| modified function would leak your hook.
|
| see:
| https://gist.github.com/voidstar0/179990efe918d1028b72f292cf...
|
| Regardless, I do have some interesting ideas that should
| hopefully make my pain of compiling Chromium for 3 hours worth
| it though :p
|
| Cheat Engine for site scripts? Who knows. Mostly just using
| this as an opportunity to learn some browser internals so id
| say it still paid off :)
| coolelectronics wrote:
| Your example proxies the console object, the intended way in
| this case is to make a proxy from the log function itself and
| use the apply hook
|
| toString will be called on the Proxy and not your hook so it
| won't reveal anything
| nullpt_rs wrote:
| D'oh! You are correct :-) Good catch and thanks for
| teaching me something!
| tylerlh wrote:
| Very cool, thanks for sharing. I would love to see this show up
| as an OSS project. I know a few people who would likely enjoy
| being able to contribute if that's something you'd be looking
| for.
| horseradish7k wrote:
| feature request: allow setting breakpoints without having
| obfuscator debugger statement loops get in the way
| kundi wrote:
| Interesting tool. Would love to contribute
| codeulike wrote:
| resworb nwo ym detnaw syawla ev'i dna reenigne esrever a m'I
| dotancohen wrote:
| This isn't rot13.
|
| EDIT: Oh, it took me a minute!
___________________________________________________________________
(page generated 2025-10-07 23:00 UTC)