2

Is there a way to detect a malicious JavaScript code within a webpage before the script runs on my computer ?

I want to develop a Python script that prevents from 8 JS malwares that I can embed on my website (for test). But if the malicious script runs on my computer then I do not find it useful for my Python script to detect it. I would love to know if there is a method that can allow me to detect the JS malware before it runs.

1 Answers1

1

That means you need some way to access the Javascript code after it got downloaded but before it got executed.

Depending on the web browser, there might be a browser-specific way to create an extension or plugin which is able to access the website content before the rendering engine does. Refer to the relevant documentations about your web browser for details.

A much more browser-independent solution would be to create a local proxy server and configure all your web browsers to use that proxy server to access the internet. That proxy could easily examine all html and javascript files for malicious code before relaying them to the client. There already are solutions which work that way, free or commercial.

One problem with this solution is that it is impossible for a proxy to scan any content transferred via HTTPS. With TLS, the content is encrypted between browser and server, and the proxy has no way to decrypt it. But there is also a workaround for that: SSLStrip is an example for a proxy server which handles the TLS en- and decryption itself. It then re-encrypts the connection between itself and the browser using a new certificate signed by itself. This, of course, requires that the proxy servers root certificate is added manually to the list of trusted certificate authorities of the browsers.

While TLS certificate spoofing can be used maliciously, this method isn't uncommon in corporate environments to be able to filter the web from content which might be malware or distract employees from their work in other ways (games, porn, etc.).

Philipp
  • 49,017
  • 8
  • 127
  • 158
  • Do not you think that the proxy would slow internet connexion for the client ? In my case, I want to develop the solution to this problem in Python –  Apr 25 '14 at 07:38
  • @begueradj Proxys are only slow when they are at the other end of the world and shared with thousands of users. When the proxy runs on the LAN or even on the local machine, it won't be much of a bottleneck. Sure, the proxy would have to download each file completely in order to be able to scan it, so it can not just stream the content to the browser, but you will have that problem in any case when you want to filter web traffic. – Philipp Apr 25 '14 at 07:56