Logo

dev-resources.site

for different kinds of informations.

JavaScript Magic Tricks: Debugger Interception

Published at
9/26/2023
Categories
javascript
debugger
programming
webdev
Author
wangliwen
Main Article
https://dev.to/wangliwen/javascript-magic-tricks-debugger-interception-2gp
Categories
4 categories in total
javascript
open
debugger
open
programming
open
webdev
open
Author
9 person written this
wangliwen
open
JavaScript Magic Tricks: Debugger Interception

JavaScript Magic Tricks: Debugger Interception

The debugger instruction is typically used for debugging in execution environments such as web browsers, and it can cause a break in JavaScript code. If you want to intercept the debugger statement, it is not easy to do so using common function replacements or using Proxy objects, for example:

window.debugger = (function() {
    var origDebug = console.debugger;
    return function() {
    // do something before debugger statement execution

    origDebug.apply(console, arguments);
    // do something after debugger statement execution
    };
})();
Enter fullscreen mode Exit fullscreen mode

Or:

var handler = {
  get: function(target, prop, receiver) {
    if (prop === 'debugger') {
      throw new Error("Debugger statement not allowed!");
    }
    return Reflect.get(target, prop, receiver);
  }
};
var obj = new Proxy({}, handler);
Enter fullscreen mode Exit fullscreen mode

Both of the above methods are ineffective in intercepting the debugger statement. Even the renowned artificial intelligence ChatGPT believes that the debugger cannot be intercepted, as shown in the screenshot below:

Image description

There are multiple ways to write a debugger statement in JavaScript, such as:

1、debugger;
2、Function("debugger").call();
3、eval("debugger");
4、setInterval(function(){debugger;},1000);
5、[].constructor.constructor('debugger')();
Enter fullscreen mode Exit fullscreen mode

The most primitive debugger, trying to intercept a specific word seems infeasible, but its usage frequency in reality is not high, and the later types of usage are more common. This is because debuggers are often used for anti-debugging purposes, such as when JShaman is used to obfuscate and encrypt JavaScript code, multiple different debugger directives can be added for anti-debugging purposes.

Image description

The last four usages shown above can be intercepted in the code.

Function("debugger").call()

Example of interception:

Function_backup = Function;
Function = function(a){
    if (a =='debugger'){
        console.log("拦截了debugger,中断不会发生1")
        return Function_backup("console.log()")
    }else{
        return Function_backup(a)
    }
}
Function("debugger").call();
Enter fullscreen mode Exit fullscreen mode

Execute result:

Image description

eval("debugger")

Example of interception:

eval_backup = eval;
eval = function(a){
if(a=='debugger'){
console.log("拦截了debugger,中断不会发生0")

        return ''
    }else{
        return eval_backup(a)
    }
}    
eval("debugger");
Enter fullscreen mode Exit fullscreen mode

Execute result:

Image description

setInterval(function(){debugger;},1000)

Example of interception:

var setInterval_backup = setInterval
setInterval = function(a,b){
    if(a.toString().indexOf('debugger') != -1){
        console.log("拦截了debugger,中断不会发生2")
        return null;
    }
    setInterval_backup(a, b)
}
setInterval(function(){
    debugger;
},1000);
Enter fullscreen mode Exit fullscreen mode

Execute result:

Image description

[].constructor.constructor('debugger')()

Example of interception:

var constructor_backup = [].constructor.constructor;
[].constructor.constructor = function(a){
    if(a=="debugger"){
        console.log("拦截了debugger,中断不会发生3");
    }else{
        constructor_backup(a);
    }
}

try {
    [].constructor.constructor('debugger')();
} catch (error) {
    console.error("Anti debugger");
}
Enter fullscreen mode Exit fullscreen mode

Execute result:

Image description

debugger Article's
30 articles in total
Favicon
A Comprehensive Guide to Debugging Go Code for Developers
Favicon
Top Java Debugging Tools for Efficient Application Development
Favicon
Mastering Debugging in C++: Techniques, Tools, and Best Practices for Developers
Favicon
Comprehensive Guide to Python Debugging Tools for Efficient Code Troubleshooting
Favicon
How to configure Delve (dlv) in VS Code
Favicon
Hover Console: Real-time JavaScript debugging directly on your webpage
Favicon
Debugging with breakpoints in ExUnit
Favicon
Precisamos falar sobre ipdb: Uma Jornada para um debugger mais Eficiente em Python
Favicon
Introduction to Debugging with React Developer Tools
Favicon
JavaScript Magic Tricks: Debugger Interception
Favicon
Streamlining Nodejs Error Debugging with Errsole Debugger: Node.js
Favicon
debugging in python for beginners
Favicon
Advance Free Debugger
Favicon
Setup ruby/debug with VSCode
Favicon
Integrating requestly mobile debugger in PostBook App
Favicon
HyperDbg: State-of-the-art native debugging tool
Favicon
Show properties of an object during the debug
Favicon
Debugging Swift in VS Code the old way
Favicon
Levelling up - 2: Use the debugger
Favicon
debug.gem blog: initial commit
Favicon
Become a Toolmaker
Favicon
3 steps to setup debugger for React Native app in WebStorm
Favicon
Kinx v0.19.3 Preview Released
Favicon
Debug Go with VIM
Favicon
Debugging As a Developer
Favicon
Ways to create a new Chrome instance without CORS [macOS]
Favicon
Stop Using Print and Die Statements
Favicon
Debugging Python applications (plus free cheat sheet)
Favicon
Dude, get a debugger!
Favicon
Introduction of LLDB

Featured ones:

Favicon
Open
abubakersiddique761
Favicon
Open
0x3d_site
Favicon
Open
0x2e_tech
Favicon
Open
0x4c-quest
Favicon
Open
gittech