-
We can view the source code of a webpage using Developer Tools (Ctrl+U to view page source); JS can be written internally between
<script>tags, or into separate '.js' file & referenced in HTML code. -
Obfuscation - technique used to make script more difficult to be read; usually done by obfuscation tools.
-
Code minification - having entire code in a single line, saved with extension
.min.js; we can use tools like javascript-minifier for this. -
For obfuscation, we can use tools such as BeautifyTools - this uses packing techniques, which usually convert all characters of code into a list/dictionary, and then refer to them using a function to rebuild original code.
-
obfuscator.io is another tool in which we can modify obfuscation settings such as encoding and rotation so that we don't get any remnants of the original code; other tools include JSF, jjencode and aaencode.
-
To beautify minified JS code, we can use tools like
Browser Dev Tools, Prettier and Beautifier. -
To deobfuscate packed code, we can use tools like UnPacker.
-
Encoding & decoding is another common method used as part of obfuscation/deobfuscation:
-
base64 -
echo <string> | base64to encode andecho <string> | base64 -dto decode -
hex -
echo <string> | xxd -pandecho <string> | xxd -p -rfor hex encoding & decoding -
rot13 (caesar) - use online tools like CyberChef
-